[USN-7102-1] MySQL vulnerabilities
[USN-7105-1] .NET vulnerabilities
[USN-7103-1] Ghostscript vulnerabilities
[USN-7101-1] Pydantic vulnerability
[USN-7102-1] MySQL vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7102-1
November 12, 2024
mysql-8.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-8.0: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS, and Ubuntu 24.10.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html
https://www.oracle.com/security-alerts/cpuoct2024.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
mysql-server-8.0 8.0.40-0ubuntu0.24.10.1
Ubuntu 24.04 LTS
mysql-server-8.0 8.0.40-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
mysql-server-8.0 8.0.40-0ubuntu0.22.04.1
Ubuntu 20.04 LTS
mysql-server-8.0 8.0.40-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-7102-1
CVE-2024-21193, CVE-2024-21194, CVE-2024-21196, CVE-2024-21197,
CVE-2024-21198, CVE-2024-21199, CVE-2024-21201, CVE-2024-21212,
CVE-2024-21213, CVE-2024-21219, CVE-2024-21230, CVE-2024-21231,
CVE-2024-21236, CVE-2024-21237, CVE-2024-21239, CVE-2024-21241
Package Information:
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.40-0ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.40-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.40-0ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.40-0ubuntu0.20.04.1
[USN-7105-1] .NET vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7105-1
November 12, 2024
dotnet9 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
Summary:
Several security issues were fixed in .NET.
Software Description:
- dotnet9: .NET CLI tools and runtime
Details:
It was discovered that the NrbfDecoder component in .NET did not properly
handle an instance of a type confusion vulnerability. An authenticated
attacker could possibly use this issue to gain the privileges of another
user and execute arbitrary code. (CVE-2024-43498)
It was discovered that the NrbfDecoder component in .NET did not properly
perform input validation. An unauthenticated remote attacker could possibly
use this issue to cause a denial of service. (CVE-2024-43499)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
aspnetcore-runtime-9.0 9.0.0-rtm-0ubuntu1~24.10.1
dotnet-host-9.0 9.0.0-rtm-0ubuntu1~24.10.1
dotnet-hostfxr-9.0 9.0.0-rtm-0ubuntu1~24.10.1
dotnet-runtime-9.0 9.0.0-rtm-0ubuntu1~24.10.1
dotnet-sdk-9.0 9.0.100-rtm-0ubuntu1~24.10.1
dotnet-sdk-aot-9.0 9.0.100-rtm-0ubuntu1~24.10.1
dotnet9 9.0.100-9.0.0-0ubuntu1~24.10.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7105-1
CVE-2024-43498, CVE-2024-43499
Package Information:
https://launchpad.net/ubuntu/+source/dotnet9/9.0.100-9.0.0-0ubuntu1~24.10.1
[USN-7103-1] Ghostscript vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7103-1
November 12, 2024
ghostscript vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Ghostscript.
Software Description:
- ghostscript: PostScript and PDF interpreter
Details:
It was discovered that Ghostscript incorrectly handled parsing certain PS
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2024-46951, CVE-2024-46953, CVE-2024-46955, CVE-2024-46956)
It was discovered that Ghostscript incorrectly handled parsing certain PDF
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10.
(CVE-2024-46952)
It was discovered that Ghostscript incorrectly handled parsing certain PS
files. An attacker could use this issue to cause Ghostscript to crash,
resulting in a denial of service, or possibly bypass file path validation.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10.
(CVE-2024-46954)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
ghostscript 10.03.1~dfsg1-0ubuntu2.1
libgs10 10.03.1~dfsg1-0ubuntu2.1
Ubuntu 24.04 LTS
ghostscript 10.02.1~dfsg1-0ubuntu7.4
libgs10 10.02.1~dfsg1-0ubuntu7.4
Ubuntu 22.04 LTS
ghostscript 9.55.0~dfsg1-0ubuntu5.10
libgs9 9.55.0~dfsg1-0ubuntu5.10
Ubuntu 20.04 LTS
ghostscript 9.50~dfsg-5ubuntu4.14
libgs9 9.50~dfsg-5ubuntu4.14
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7103-1
CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954,
CVE-2024-46955, CVE-2024-46956
Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/10.03.1~dfsg1-0ubuntu2.1
https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.4
https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.10
https://launchpad.net/ubuntu/+source/ghostscript/9.50~dfsg-5ubuntu4.14
[USN-7101-1] Pydantic vulnerability
==========================================================================
Ubuntu Security Notice USN-7101-1
November 12, 2024
pydantic vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Pydantic could be made to crash if it received specially crafted
input.
Software Description:
- pydantic: Data validation using Python type hints.
Details:
It was discovered that Pydantic incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause a
denial of service via a crafted email string.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
python3-pydantic 1.8.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
python3-pydantic 1.2-1ubuntu0.1~esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7101-1
( https://ubuntu.com/security/notices/USN-7101-1)
CVE-2024-3772