[USN-7049-3] PHP vulnerabilities
[USN-7267-2] libsndfile vulnerability
[USN-7289-4] Linux kernel vulnerabilities
[USN-7308-1] Linux kernel vulnerabilities
[USN-7294-2] Linux kernel vulnerabilities
[USN-7207-2] Git vulnerabilities
[USN-7049-3] PHP vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7049-3
February 26, 2025
php5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description:
- php5: HTML-embedded scripting language interpreter
Details:
USN-7049-1 fixed vulnerabilities in PHP. This update
provides the corresponding updates for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that PHP incorrectly handled parsing multipart form
data.A remote attacker could possibly use this issue to inject payloads
and cause PHP to ignore legitimate data. (CVE-2024-8925)
It was discovered that PHP incorrectly handled the cgi.force_redirect
configuration option due to environment variable collisions. In certain
configurations, an attacker could possibly use this issue bypass
force_redirect restrictions. (CVE-2024-8927)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.29+esm16
Available with Ubuntu Pro
php5 5.5.9+dfsg-1ubuntu4.29+esm16
Available with Ubuntu Pro
php5-cgi 5.5.9+dfsg-1ubuntu4.29+esm16
Available with Ubuntu Pro
php5-cli 5.5.9+dfsg-1ubuntu4.29+esm16
Available with Ubuntu Pro
php5-fpm 5.5.9+dfsg-1ubuntu4.29+esm16
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7049-3
https://ubuntu.com/security/notices/USN-7049-2
https://ubuntu.com/security/notices/USN-7049-1
CVE-2024-8925, CVE-2024-8927
[USN-7267-2] libsndfile vulnerability
==========================================================================
Ubuntu Security Notice USN-7267-2
February 25, 2025
libsndfile vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
Summary:
libsndfile could be made to crash if it opened a specially crafted file.
Software Description:
- libsndfile: Library for reading/writing audio files
Details:
USN-7267-1 fixed a vulnerability in libsndfile. This update provides
the corresponding updates for Ubuntu 24.04 LTS and Ubuntu 24.10.
Original advisory details:
It was discovered that libsndfile incorrectly handled certain malformed
OggVorbis files. An attacker could possibly use this issue to cause
libsndfile to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libsndfile1 1.2.2-1ubuntu5.24.10.1
sndfile-programs 1.2.2-1ubuntu5.24.10.1
Ubuntu 24.04 LTS
libsndfile1 1.2.2-1ubuntu5.24.04.1
sndfile-programs 1.2.2-1ubuntu5.24.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7267-2
https://ubuntu.com/security/notices/USN-7267-1
CVE-2024-50612
Package Information:
https://launchpad.net/ubuntu/+source/libsndfile/1.2.2-1ubuntu5.24.10.1
https://launchpad.net/ubuntu/+source/libsndfile/1.2.2-1ubuntu5.24.04.1
[USN-7289-4] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7289-4
February 27, 2025
linux-intel-iotg, linux-intel-iotg-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-intel-iotg: Linux kernel for Intel IoT platforms
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Connector System Software Interface driver;
- BTRFS file system;
- File systems infrastructure;
- Network file system (NFS) client;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- User-space API (UAPI);
- io_uring subsystem;
- BPF subsystem;
- Timer substystem drivers;
- Tracing infrastructure;
- Closures library;
- Memory management;
- Amateur Radio drivers;
- Bluetooth subsystem;
- Networking core;
- IPv4 networking;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- XFRM subsystem;
- Key management;
- FireWire sound drivers;
- HD-audio driver;
- QCOM ASoC drivers;
- STMicroelectronics SoC drivers;
- KVM core;
(CVE-2024-50082, CVE-2024-50134, CVE-2024-50142, CVE-2023-52913,
CVE-2024-50205, CVE-2024-50127, CVE-2024-50208, CVE-2024-50143,
CVE-2024-50163, CVE-2024-53059, CVE-2024-50282, CVE-2024-50279,
CVE-2024-50296, CVE-2024-50295, CVE-2024-50010, CVE-2024-53088,
CVE-2024-50128, CVE-2024-50290, CVE-2024-50099, CVE-2024-50234,
CVE-2024-50154, CVE-2024-53052, CVE-2024-50116, CVE-2024-50168,
CVE-2024-50086, CVE-2024-50267, CVE-2024-50156, CVE-2024-50110,
CVE-2024-50103, CVE-2024-50192, CVE-2024-40953, CVE-2024-50085,
CVE-2024-50247, CVE-2024-50257, CVE-2024-50237, CVE-2024-50185,
CVE-2024-50198, CVE-2024-50229, CVE-2024-50171, CVE-2024-50259,
CVE-2024-50209, CVE-2024-50233, CVE-2024-35887, CVE-2024-50251,
CVE-2024-50141, CVE-2024-53061, CVE-2024-50232, CVE-2024-50167,
CVE-2024-50201, CVE-2024-50193, CVE-2024-50269, CVE-2024-39497,
CVE-2024-50036, CVE-2024-50299, CVE-2024-50072, CVE-2024-53101,
CVE-2024-50262, CVE-2024-50194, CVE-2024-50202, CVE-2024-50101,
CVE-2024-50151, CVE-2024-41080, CVE-2024-42291, CVE-2024-50245,
CVE-2024-50278, CVE-2024-50195, CVE-2024-50265, CVE-2024-50074,
CVE-2024-53063, CVE-2024-50131, CVE-2024-53058, CVE-2024-50160,
CVE-2024-50287, CVE-2024-40965, CVE-2024-50273, CVE-2024-50268,
CVE-2024-50302, CVE-2024-50218, CVE-2024-50199, CVE-2024-50196,
CVE-2024-50083, CVE-2024-50244, CVE-2024-50117, CVE-2024-50058,
CVE-2024-53055, CVE-2024-50182, CVE-2024-53097, CVE-2024-50236,
CVE-2024-50162, CVE-2024-50301, CVE-2024-50249, CVE-2024-50292,
CVE-2024-50150, CVE-2024-50153, CVE-2024-50115, CVE-2024-26718,
CVE-2024-53104, CVE-2024-42252, CVE-2024-53066, CVE-2024-50148,
CVE-2024-53042, CVE-2024-50230, CVE-2024-41066)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1073-intel-iotg 5.15.0-1073.79
linux-image-intel-iotg 5.15.0.1073.73
Ubuntu 20.04 LTS
linux-image-5.15.0-1073-intel-iotg 5.15.0-1073.79~20.04.2
linux-image-intel 5.15.0.1073.79~20.04.2
linux-image-intel-iotg 5.15.0.1073.79~20.04.2
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7289-4
https://ubuntu.com/security/notices/USN-7289-3
https://ubuntu.com/security/notices/USN-7289-2
https://ubuntu.com/security/notices/USN-7289-1
CVE-2023-52913, CVE-2024-26718, CVE-2024-35887, CVE-2024-39497,
CVE-2024-40953, CVE-2024-40965, CVE-2024-41066, CVE-2024-41080,
CVE-2024-42252, CVE-2024-42291, CVE-2024-50010, CVE-2024-50036,
CVE-2024-50058, CVE-2024-50072, CVE-2024-50074, CVE-2024-50082,
CVE-2024-50083, CVE-2024-50085, CVE-2024-50086, CVE-2024-50099,
CVE-2024-50101, CVE-2024-50103, CVE-2024-50110, CVE-2024-50115,
CVE-2024-50116, CVE-2024-50117, CVE-2024-50127, CVE-2024-50128,
CVE-2024-50131, CVE-2024-50134, CVE-2024-50141, CVE-2024-50142,
CVE-2024-50143, CVE-2024-50148, CVE-2024-50150, CVE-2024-50151,
CVE-2024-50153, CVE-2024-50154, CVE-2024-50156, CVE-2024-50160,
CVE-2024-50162, CVE-2024-50163, CVE-2024-50167, CVE-2024-50168,
CVE-2024-50171, CVE-2024-50182, CVE-2024-50185, CVE-2024-50192,
CVE-2024-50193, CVE-2024-50194, CVE-2024-50195, CVE-2024-50196,
CVE-2024-50198, CVE-2024-50199, CVE-2024-50201, CVE-2024-50202,
CVE-2024-50205, CVE-2024-50208, CVE-2024-50209, CVE-2024-50218,
CVE-2024-50229, CVE-2024-50230, CVE-2024-50232, CVE-2024-50233,
CVE-2024-50234, CVE-2024-50236, CVE-2024-50237, CVE-2024-50244,
CVE-2024-50245, CVE-2024-50247, CVE-2024-50249, CVE-2024-50251,
CVE-2024-50257, CVE-2024-50259, CVE-2024-50262, CVE-2024-50265,
CVE-2024-50267, CVE-2024-50268, CVE-2024-50269, CVE-2024-50273,
CVE-2024-50278, CVE-2024-50279, CVE-2024-50282, CVE-2024-50287,
CVE-2024-50290, CVE-2024-50292, CVE-2024-50295, CVE-2024-50296,
CVE-2024-50299, CVE-2024-50301, CVE-2024-50302, CVE-2024-53042,
CVE-2024-53052, CVE-2024-53055, CVE-2024-53058, CVE-2024-53059,
CVE-2024-53061, CVE-2024-53063, CVE-2024-53066, CVE-2024-53088,
CVE-2024-53097, CVE-2024-53101, CVE-2024-53104
Package Information:
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1073.79
https://launchpad.net/ubuntu/+source/linux-intel-iotg-5.15/5.15.0-1073.79~20.04.2
[USN-7308-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7308-1
February 27, 2025
linux-aws vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Block layer subsystem;
- ACPI drivers;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- IIO ADC drivers;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- STMicroelectronics network drivers;
- Parport drivers;
- Pin controllers subsystem;
- Direct Digital Synthesis drivers;
- TCM subsystem;
- TTY drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- USB Type-C Connector System Software Interface driver;
- BTRFS file system;
- File systems infrastructure;
- Network file system (NFS) client;
- NILFS2 file system;
- NTFS3 file system;
- SMB network file system;
- User-space API (UAPI);
- io_uring subsystem;
- BPF subsystem;
- Timer substystem drivers;
- Tracing infrastructure;
- Closures library;
- Memory management;
- Amateur Radio drivers;
- Bluetooth subsystem;
- Networking core;
- IPv4 networking;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- VMware vSockets driver;
- XFRM subsystem;
- Key management;
- FireWire sound drivers;
- HD-audio driver;
- QCOM ASoC drivers;
- STMicroelectronics SoC drivers;
- KVM core;
(CVE-2024-50141, CVE-2024-53101, CVE-2024-50301, CVE-2024-50082,
CVE-2024-39497, CVE-2024-50245, CVE-2024-50302, CVE-2024-35887,
CVE-2024-50205, CVE-2024-50153, CVE-2024-50154, CVE-2024-50279,
CVE-2024-50074, CVE-2024-50168, CVE-2024-50128, CVE-2024-53141,
CVE-2024-50290, CVE-2024-50292, CVE-2024-50218, CVE-2024-50193,
CVE-2024-50209, CVE-2024-53088, CVE-2024-50058, CVE-2024-50116,
CVE-2024-50199, CVE-2024-50083, CVE-2024-50265, CVE-2024-53058,
CVE-2024-50244, CVE-2024-50195, CVE-2024-41066, CVE-2024-50151,
CVE-2024-50229, CVE-2024-42291, CVE-2024-40965, CVE-2024-50160,
CVE-2024-53097, CVE-2024-50134, CVE-2024-53164, CVE-2024-50295,
CVE-2024-50267, CVE-2024-50251, CVE-2024-50198, CVE-2024-53042,
CVE-2024-40953, CVE-2024-50167, CVE-2024-50010, CVE-2024-42252,
CVE-2024-53055, CVE-2024-50259, CVE-2024-50110, CVE-2024-50208,
CVE-2024-50249, CVE-2024-50148, CVE-2024-50269, CVE-2024-50182,
CVE-2024-50115, CVE-2024-50287, CVE-2024-50142, CVE-2024-53103,
CVE-2024-50099, CVE-2024-50234, CVE-2024-50282, CVE-2024-50185,
CVE-2024-50247, CVE-2024-50257, CVE-2024-50036, CVE-2024-50268,
CVE-2024-50127, CVE-2024-50230, CVE-2024-50278, CVE-2024-50273,
CVE-2024-26718, CVE-2024-50086, CVE-2024-50262, CVE-2024-50236,
CVE-2024-50117, CVE-2024-50237, CVE-2024-53104, CVE-2024-50194,
CVE-2024-50192, CVE-2024-53061, CVE-2024-53052, CVE-2024-50202,
CVE-2024-41080, CVE-2024-50143, CVE-2023-52913, CVE-2024-50296,
CVE-2024-50085, CVE-2024-50196, CVE-2024-50072, CVE-2024-50171,
CVE-2024-50103, CVE-2024-50101, CVE-2024-50156, CVE-2024-50201,
CVE-2024-50233, CVE-2024-53059, CVE-2024-53066, CVE-2024-53063,
CVE-2024-50150, CVE-2024-50131, CVE-2024-50163, CVE-2024-50162,
CVE-2024-50299, CVE-2024-50232)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1078-aws 5.15.0-1078.85
linux-image-aws-lts-22.04 5.15.0.1078.80
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7308-1
CVE-2023-52913, CVE-2024-26718, CVE-2024-35887, CVE-2024-39497,
CVE-2024-40953, CVE-2024-40965, CVE-2024-41066, CVE-2024-41080,
CVE-2024-42252, CVE-2024-42291, CVE-2024-50010, CVE-2024-50036,
CVE-2024-50058, CVE-2024-50072, CVE-2024-50074, CVE-2024-50082,
CVE-2024-50083, CVE-2024-50085, CVE-2024-50086, CVE-2024-50099,
CVE-2024-50101, CVE-2024-50103, CVE-2024-50110, CVE-2024-50115,
CVE-2024-50116, CVE-2024-50117, CVE-2024-50127, CVE-2024-50128,
CVE-2024-50131, CVE-2024-50134, CVE-2024-50141, CVE-2024-50142,
CVE-2024-50143, CVE-2024-50148, CVE-2024-50150, CVE-2024-50151,
CVE-2024-50153, CVE-2024-50154, CVE-2024-50156, CVE-2024-50160,
CVE-2024-50162, CVE-2024-50163, CVE-2024-50167, CVE-2024-50168,
CVE-2024-50171, CVE-2024-50182, CVE-2024-50185, CVE-2024-50192,
CVE-2024-50193, CVE-2024-50194, CVE-2024-50195, CVE-2024-50196,
CVE-2024-50198, CVE-2024-50199, CVE-2024-50201, CVE-2024-50202,
CVE-2024-50205, CVE-2024-50208, CVE-2024-50209, CVE-2024-50218,
CVE-2024-50229, CVE-2024-50230, CVE-2024-50232, CVE-2024-50233,
CVE-2024-50234, CVE-2024-50236, CVE-2024-50237, CVE-2024-50244,
CVE-2024-50245, CVE-2024-50247, CVE-2024-50249, CVE-2024-50251,
CVE-2024-50257, CVE-2024-50259, CVE-2024-50262, CVE-2024-50265,
CVE-2024-50267, CVE-2024-50268, CVE-2024-50269, CVE-2024-50273,
CVE-2024-50278, CVE-2024-50279, CVE-2024-50282, CVE-2024-50287,
CVE-2024-50290, CVE-2024-50292, CVE-2024-50295, CVE-2024-50296,
CVE-2024-50299, CVE-2024-50301, CVE-2024-50302, CVE-2024-53042,
CVE-2024-53052, CVE-2024-53055, CVE-2024-53058, CVE-2024-53059,
CVE-2024-53061, CVE-2024-53063, CVE-2024-53066, CVE-2024-53088,
CVE-2024-53097, CVE-2024-53101, CVE-2024-53103, CVE-2024-53104,
CVE-2024-53141, CVE-2024-53164
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/5.15.0-1078.85
[USN-7294-2] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7294-2
February 27, 2025
linux-aws, linux-oracle, linux-oracle-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-oracle-5.4: Linux kernel for Oracle Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- ACPI drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- TPM device driver;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Mailbox framework;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- NTB driver;
- Virtio pmem driver;
- Parport drivers;
- PCI subsystem;
- SPI subsystem;
- Direct Digital Synthesis drivers;
- USB Device Class drivers;
- USB Dual Role (OTG-ready) Controller drivers;
- USB Serial drivers;
- USB Type-C support driver;
- Framebuffer layer;
- BTRFS file system;
- Ceph distributed file system;
- Ext4 file system;
- F2FS file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- SMB network file system;
- Network traffic control;
- Network sockets;
- TCP network protocol;
- BPF subsystem;
- Perf events;
- Arbitrary resource management;
- Timer substystem drivers;
- Tracing infrastructure;
- Closures library;
- Memory management;
- Amateur Radio drivers;
- Bluetooth subsystem;
- Ethernet bridge;
- CAN network layer;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Netfilter;
- Netlink;
- SCTP protocol;
- TIPC protocol;
- Wireless networking;
- XFRM subsystem;
- Key management;
- FireWire sound drivers;
- AudioScience HPI driver;
- Amlogic Meson SoC drivers;
- KVM core;
(CVE-2024-53063, CVE-2024-50236, CVE-2024-47699, CVE-2024-50044,
CVE-2024-49877, CVE-2024-47692, CVE-2024-50116, CVE-2024-47679,
CVE-2024-50134, CVE-2024-50045, CVE-2024-50301, CVE-2024-40965,
CVE-2024-47684, CVE-2024-49944, CVE-2024-43863, CVE-2024-50059,
CVE-2024-50007, CVE-2024-49973, CVE-2024-50251, CVE-2024-47674,
CVE-2024-49982, CVE-2024-50143, CVE-2024-49883, CVE-2024-49851,
CVE-2024-44931, CVE-2024-49949, CVE-2024-47747, CVE-2024-46853,
CVE-2024-50233, CVE-2024-49924, CVE-2024-50033, CVE-2024-50024,
CVE-2024-49995, CVE-2024-47737, CVE-2024-50194, CVE-2024-47712,
CVE-2024-50273, CVE-2024-50229, CVE-2024-49896, CVE-2024-50199,
CVE-2024-50202, CVE-2024-49868, CVE-2024-50035, CVE-2024-50184,
CVE-2024-49882, CVE-2024-49962, CVE-2024-50299, CVE-2024-35887,
CVE-2024-50287, CVE-2024-50265, CVE-2024-50148, CVE-2024-47757,
CVE-2024-47742, CVE-2024-49902, CVE-2024-50302, CVE-2024-50096,
CVE-2024-49952, CVE-2024-50099, CVE-2024-49963, CVE-2024-49900,
CVE-2024-46731, CVE-2024-50131, CVE-2024-47723, CVE-2024-50237,
CVE-2024-50269, CVE-2024-50142, CVE-2024-49867, CVE-2024-49985,
CVE-2024-47670, CVE-2024-50008, CVE-2024-49938, CVE-2024-49878,
CVE-2024-49955, CVE-2024-53104, CVE-2024-49894, CVE-2024-50039,
CVE-2024-50279, CVE-2024-50006, CVE-2024-40953, CVE-2024-50180,
CVE-2024-49860, CVE-2024-50117, CVE-2024-47701, CVE-2024-47698,
CVE-2024-50171, CVE-2024-50151, CVE-2024-50082, CVE-2024-50290,
CVE-2024-49975, CVE-2024-49903, CVE-2024-38544, CVE-2024-50218,
CVE-2024-49948, CVE-2024-50282, CVE-2024-49965, CVE-2024-49959,
CVE-2024-42252, CVE-2024-47749, CVE-2024-47756, CVE-2024-47672,
CVE-2024-50127, CVE-2024-46854, CVE-2024-50230, CVE-2024-41066,
CVE-2024-49957, CVE-2024-47713, CVE-2023-52458, CVE-2024-50167,
CVE-2024-49997, CVE-2024-47685, CVE-2024-49879, CVE-2024-53059,
CVE-2024-53101, CVE-2024-49958, CVE-2024-47710, CVE-2024-47706,
CVE-2024-50074, CVE-2024-50296, CVE-2024-49892, CVE-2024-46849,
CVE-2024-50205, CVE-2024-50168, CVE-2024-50267, CVE-2024-50262,
CVE-2024-47709, CVE-2024-50195, CVE-2024-35896, CVE-2024-47696,
CVE-2024-47740, CVE-2024-40911, CVE-2024-49966, CVE-2021-47469,
CVE-2024-49981, CVE-2024-50234, CVE-2024-50179, CVE-2024-47697,
CVE-2024-50150, CVE-2023-52917, CVE-2024-50040, CVE-2024-53061,
CVE-2024-50278, CVE-2024-47671, CVE-2024-53066, CVE-2024-41016)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1138-oracle 5.4.0-1138.147
linux-image-5.4.0-1140-aws 5.4.0-1140.150
linux-image-aws-lts-20.04 5.4.0.1140.137
linux-image-oracle-lts-20.04 5.4.0.1138.131
Ubuntu 18.04 LTS
linux-image-5.4.0-1138-oracle 5.4.0-1138.147~18.04.1
Available with Ubuntu Pro
linux-image-oracle 5.4.0.1138.147~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7294-2
https://ubuntu.com/security/notices/USN-7294-1
CVE-2021-47469, CVE-2023-52458, CVE-2023-52917, CVE-2024-35887,
CVE-2024-35896, CVE-2024-38544, CVE-2024-40911, CVE-2024-40953,
CVE-2024-40965, CVE-2024-41016, CVE-2024-41066, CVE-2024-42252,
CVE-2024-43863, CVE-2024-44931, CVE-2024-46731, CVE-2024-46849,
CVE-2024-46853, CVE-2024-46854, CVE-2024-47670, CVE-2024-47671,
CVE-2024-47672, CVE-2024-47674, CVE-2024-47679, CVE-2024-47684,
CVE-2024-47685, CVE-2024-47692, CVE-2024-47696, CVE-2024-47697,
CVE-2024-47698, CVE-2024-47699, CVE-2024-47701, CVE-2024-47706,
CVE-2024-47709, CVE-2024-47710, CVE-2024-47712, CVE-2024-47713,
CVE-2024-47723, CVE-2024-47737, CVE-2024-47740, CVE-2024-47742,
CVE-2024-47747, CVE-2024-47749, CVE-2024-47756, CVE-2024-47757,
CVE-2024-49851, CVE-2024-49860, CVE-2024-49867, CVE-2024-49868,
CVE-2024-49877, CVE-2024-49878, CVE-2024-49879, CVE-2024-49882,
CVE-2024-49883, CVE-2024-49892, CVE-2024-49894, CVE-2024-49896,
CVE-2024-49900, CVE-2024-49902, CVE-2024-49903, CVE-2024-49924,
CVE-2024-49938, CVE-2024-49944, CVE-2024-49948, CVE-2024-49949,
CVE-2024-49952, CVE-2024-49955, CVE-2024-49957, CVE-2024-49958,
CVE-2024-49959, CVE-2024-49962, CVE-2024-49963, CVE-2024-49965,
CVE-2024-49966, CVE-2024-49973, CVE-2024-49975, CVE-2024-49981,
CVE-2024-49982, CVE-2024-49985, CVE-2024-49995, CVE-2024-49997,
CVE-2024-50006, CVE-2024-50007, CVE-2024-50008, CVE-2024-50024,
CVE-2024-50033, CVE-2024-50035, CVE-2024-50039, CVE-2024-50040,
CVE-2024-50044, CVE-2024-50045, CVE-2024-50059, CVE-2024-50074,
CVE-2024-50082, CVE-2024-50096, CVE-2024-50099, CVE-2024-50116,
CVE-2024-50117, CVE-2024-50127, CVE-2024-50131, CVE-2024-50134,
CVE-2024-50142, CVE-2024-50143, CVE-2024-50148, CVE-2024-50150,
CVE-2024-50151, CVE-2024-50167, CVE-2024-50168, CVE-2024-50171,
CVE-2024-50179, CVE-2024-50180, CVE-2024-50184, CVE-2024-50194,
CVE-2024-50195, CVE-2024-50199, CVE-2024-50202, CVE-2024-50205,
CVE-2024-50218, CVE-2024-50229, CVE-2024-50230, CVE-2024-50233,
CVE-2024-50234, CVE-2024-50236, CVE-2024-50237, CVE-2024-50251,
CVE-2024-50262, CVE-2024-50265, CVE-2024-50267, CVE-2024-50269,
CVE-2024-50273, CVE-2024-50278, CVE-2024-50279, CVE-2024-50282,
CVE-2024-50287, CVE-2024-50290, CVE-2024-50296, CVE-2024-50299,
CVE-2024-50301, CVE-2024-50302, CVE-2024-53059, CVE-2024-53061,
CVE-2024-53063, CVE-2024-53066, CVE-2024-53101, CVE-2024-53104
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/5.4.0-1140.150
https://launchpad.net/ubuntu/+source/linux-oracle/5.4.0-1138.147
[USN-7207-2] Git vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7207-2
February 27, 2025
git vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Git.
Software Description:
- git: fast, scalable, distributed revision control system
Details:
USN-7207-1 fixed vulnerabilities in Git. This update provides the
corresponding updates for Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Git incorrectly handled certain URLs when
asking for credentials. An attacker could possibly use this
issue to mislead the user into typing passwords for trusted
sites that would then be sent to untrusted sites instead.
(CVE-2024-50349)
It was discovered that git incorrectly handled line endings when
using credential helpers. (CVE-2024-52006)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
git 1:2.25.1-1ubuntu3.14
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7207-2
https://ubuntu.com/security/notices/USN-7207-1
CVE-2024-50349, CVE-2024-52006
Package Information:
https://launchpad.net/ubuntu/+source/git/1:2.25.1-1ubuntu3.14
