Ubuntu 6586 Published by

Ubuntu Linux has received updates focused on security, addressing vulnerabilities in MySQL, .NET, Ghostscript, and Pydantic:

[USN-7102-1] MySQL vulnerabilities
[USN-7105-1] .NET vulnerabilities
[USN-7103-1] Ghostscript vulnerabilities
[USN-7101-1] Pydantic vulnerability




[USN-7102-1] MySQL vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7102-1
November 12, 2024

mysql-8.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in MySQL.

Software Description:
- mysql-8.0: MySQL database

Details:

Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.

MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS, and Ubuntu 24.10.

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:

https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html
https://www.oracle.com/security-alerts/cpuoct2024.html

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
mysql-server-8.0 8.0.40-0ubuntu0.24.10.1

Ubuntu 24.04 LTS
mysql-server-8.0 8.0.40-0ubuntu0.24.04.1

Ubuntu 22.04 LTS
mysql-server-8.0 8.0.40-0ubuntu0.22.04.1

Ubuntu 20.04 LTS
mysql-server-8.0 8.0.40-0ubuntu0.20.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-7102-1
CVE-2024-21193, CVE-2024-21194, CVE-2024-21196, CVE-2024-21197,
CVE-2024-21198, CVE-2024-21199, CVE-2024-21201, CVE-2024-21212,
CVE-2024-21213, CVE-2024-21219, CVE-2024-21230, CVE-2024-21231,
CVE-2024-21236, CVE-2024-21237, CVE-2024-21239, CVE-2024-21241

Package Information:
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.40-0ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.40-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.40-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.40-0ubuntu0.20.04.1



[USN-7105-1] .NET vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7105-1
November 12, 2024

dotnet9 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10

Summary:

Several security issues were fixed in .NET.

Software Description:
- dotnet9: .NET CLI tools and runtime

Details:

It was discovered that the NrbfDecoder component in .NET did not properly
handle an instance of a type confusion vulnerability. An authenticated
attacker could possibly use this issue to gain the privileges of another
user and execute arbitrary code. (CVE-2024-43498)

It was discovered that the NrbfDecoder component in .NET did not properly
perform input validation. An unauthenticated remote attacker could possibly
use this issue to cause a denial of service. (CVE-2024-43499)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  aspnetcore-runtime-9.0          9.0.0-rtm-0ubuntu1~24.10.1
  dotnet-host-9.0                 9.0.0-rtm-0ubuntu1~24.10.1
  dotnet-hostfxr-9.0              9.0.0-rtm-0ubuntu1~24.10.1
  dotnet-runtime-9.0              9.0.0-rtm-0ubuntu1~24.10.1
  dotnet-sdk-9.0                  9.0.100-rtm-0ubuntu1~24.10.1
  dotnet-sdk-aot-9.0              9.0.100-rtm-0ubuntu1~24.10.1
  dotnet9                         9.0.100-9.0.0-0ubuntu1~24.10.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7105-1
  CVE-2024-43498, CVE-2024-43499

Package Information:
https://launchpad.net/ubuntu/+source/dotnet9/9.0.100-9.0.0-0ubuntu1~24.10.1



[USN-7103-1] Ghostscript vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7103-1
November 12, 2024

ghostscript vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Ghostscript.

Software Description:
- ghostscript: PostScript and PDF interpreter

Details:

It was discovered that Ghostscript incorrectly handled parsing certain PS
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2024-46951, CVE-2024-46953, CVE-2024-46955, CVE-2024-46956)

It was discovered that Ghostscript incorrectly handled parsing certain PDF
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.
(CVE-2024-46952)

It was discovered that Ghostscript incorrectly handled parsing certain PS
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly bypass file path validation.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10.
(CVE-2024-46954)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
ghostscript 10.03.1~dfsg1-0ubuntu2.1
libgs10 10.03.1~dfsg1-0ubuntu2.1

Ubuntu 24.04 LTS
ghostscript 10.02.1~dfsg1-0ubuntu7.4
libgs10 10.02.1~dfsg1-0ubuntu7.4

Ubuntu 22.04 LTS
ghostscript 9.55.0~dfsg1-0ubuntu5.10
libgs9 9.55.0~dfsg1-0ubuntu5.10

Ubuntu 20.04 LTS
ghostscript 9.50~dfsg-5ubuntu4.14
libgs9 9.50~dfsg-5ubuntu4.14

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7103-1
CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954,
CVE-2024-46955, CVE-2024-46956

Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/10.03.1~dfsg1-0ubuntu2.1
https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.4
https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.10
https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.14



[USN-7101-1] Pydantic vulnerability


==========================================================================

Ubuntu Security Notice USN-7101-1
November 12, 2024

pydantic vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Pydantic could be made to crash if it received specially crafted
input.

Software Description:
- pydantic: Data validation using Python type hints.

Details:

It was discovered that Pydantic incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause a
denial of service via a crafted email string.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  python3-pydantic                1.8.2-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 20.04 LTS
  python3-pydantic                1.2-1ubuntu0.1~esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7101-1
( https://ubuntu.com/security/notices/USN-7101-1)
  CVE-2024-3772