[USN-7434-1] Perl vulnerability
[USN-7437-1] CImg library vulnerabilities
[USN-7436-1] WebKitGTK vulnerabilities
[USN-7435-1] Protocol Buffers vulnerability
[USN-7434-1] Perl vulnerability
==========================================================================
Ubuntu Security Notice USN-7434-1
April 14, 2025
perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Perl could be made to crash or run programs if it processed specially
crafted data.
Software Description:
- perl: Practical Extraction and Report Language
Details:
It was discovered that Perl incorrectly handled transliterating non-ASCII
bytes. A remote attacker could use this issue to cause Perl to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
perl 5.38.2-5ubuntu0.1
Ubuntu 24.04 LTS
perl 5.38.2-3.2ubuntu0.1
Ubuntu 22.04 LTS
perl 5.34.0-3ubuntu1.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7434-1
CVE-2024-56406
Package Information:
https://launchpad.net/ubuntu/+source/perl/5.38.2-5ubuntu0.1
https://launchpad.net/ubuntu/+source/perl/5.38.2-3.2ubuntu0.1
https://launchpad.net/ubuntu/+source/perl/5.34.0-3ubuntu1.4
[USN-7437-1] CImg library vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7437-1
April 15, 2025
cimg vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in CImg.
Software Description:
- cimg: powerful image processing library
Details:
It was discovered that the CImg library did not properly check the size
of images before loading them. An attacker could possibly use this issue
to cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
(CVE-2022-1325)
It was discovered that the CImg library did not correctly handle certain
memory operations, which could lead to a buffer overflow. An attacker
could possibly use this issue to execute arbitrary code or cause a denial
of service. (CVE-2024-26540)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
cimg-dev 3.2.1+dfsg-1ubuntu0.24.10.1
Ubuntu 24.04 LTS
cimg-dev 3.2.1+dfsg-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
cimg-dev 2.9.4+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
cimg-dev 1.7.9+dfsg-2ubuntu0.18.04.2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7437-1
CVE-2022-1325, CVE-2024-26540
Package Information:
https://launchpad.net/ubuntu/+source/cimg/3.2.1+dfsg-1ubuntu0.24.10.1
[USN-7436-1] WebKitGTK vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7436-1
April 14, 2025
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libjavascriptcoregtk-4.1-0 2.48.1-0ubuntu0.24.10.1
libjavascriptcoregtk-6.0-1 2.48.1-0ubuntu0.24.10.1
libwebkit2gtk-4.1-0 2.48.1-0ubuntu0.24.10.1
libwebkitgtk-6.0-4 2.48.1-0ubuntu0.24.10.1
Ubuntu 24.04 LTS
libjavascriptcoregtk-4.1-0 2.48.1-0ubuntu0.24.04.1
libjavascriptcoregtk-6.0-1 2.48.1-0ubuntu0.24.04.1
libwebkit2gtk-4.1-0 2.48.1-0ubuntu0.24.04.1
libwebkitgtk-6.0-4 2.48.1-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
libjavascriptcoregtk-4.0-18 2.48.1-0ubuntu0.22.04.1
libjavascriptcoregtk-4.1-0 2.48.1-0ubuntu0.22.04.1
libjavascriptcoregtk-6.0-1 2.48.1-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.48.1-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.48.1-0ubuntu0.22.04.1
libwebkitgtk-6.0-4 2.48.1-0ubuntu0.22.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7436-1
CVE-2024-54551, CVE-2025-24208, CVE-2025-24209, CVE-2025-24213,
CVE-2025-24216, CVE-2025-24264, CVE-2025-30427
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.48.1-0ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.48.1-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.48.1-0ubuntu0.22.04.1
[USN-7435-1] Protocol Buffers vulnerability
==========================================================================
Ubuntu Security Notice USN-7435-1
April 14, 2025
protobuf vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Protocol Buffers could be made to crash if it received specially crafted
input.
Software Description:
- protobuf: protocol buffers data serialization library
Details:
It was discovered that Protocol Buffers incorrectly handled memory when
receiving malicious input using the Java bindings. An attacker could
possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libprotobuf-java 3.21.12-9ubuntu1.1
Ubuntu 24.04 LTS
libprotobuf-java 3.21.12-8.2ubuntu0.1
Ubuntu 22.04 LTS
libprotobuf-java 3.12.4-1ubuntu7.22.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7435-1
CVE-2024-7254
Package Information:
https://launchpad.net/ubuntu/+source/protobuf/3.21.12-9ubuntu1.1
https://launchpad.net/ubuntu/+source/protobuf/3.21.12-8.2ubuntu0.1
https://launchpad.net/ubuntu/+source/protobuf/3.12.4-1ubuntu7.22.04.2
