Ubuntu 6586 Published by

Several security vulnerabilities in Ubuntu Linux have been addressed, including rack, kernel, ca-certificates, OpenJPEG, APR, cups-filters, libppd, cups-browsed, CUPS, libcupsfilters, and ConfigObj:

[USN-7036-1] Rack vulnerabilities
[USN-7021-3] Linux kernel vulnerabilities
[USN-7020-3] Linux kernel vulnerabilities
[USN-7034-2] ca-certificates update
[USN-7003-4] Linux kernel vulnerabilities
[USN-7037-1] OpenJPEG vulnerability
[USN-7038-1] APR vulnerability
[USN-7039-1] Linux kernel vulnerabilities
[USN-7043-1] cups-filters vulnerabilities
[USN-7045-1] libppd vulnerability
[USN-7042-1] cups-browsed vulnerability
[USN-7041-1] CUPS vulnerability
[USN-7044-1] libcupsfilters vulnerability
[USN-7040-1] ConfigObj vulnerability




[USN-7036-1] Rack vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7036-1
September 26, 2024

ruby-rack vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Rack.

Software Description:
- ruby-rack: modular Ruby webserver interface

Details:

It was discovered that Rack was not properly parsing data when processing
multipart POST requests. If a user or automated system were tricked into
sending a specially crafted multipart POST request to an application using
Rack, a remote attacker could possibly use this issue to cause a denial of
service. (CVE-2022-30122)

It was discovered that Rack was not properly escaping untrusted data when
performing logging operations, which could cause shell escaped sequences
to be written to a terminal. If a user or automated system were tricked
into sending a specially crafted request to an application using Rack, a
remote attacker could possibly use this issue to execute arbitrary code in
the machine running the application. (CVE-2022-30123)

It was discovered that Rack did not properly structure regular expressions
in some of its parsing components, which could result in uncontrolled
resource consumption if an application using Rack received specially
crafted input. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-44570, CVE-2022-44571)

It was discovered that Rack did not properly structure regular expressions
in its multipart parsing component, which could result in uncontrolled
resource consumption if an application using Rack to parse multipart posts
received specially crafted input. A remote attacker could possibly use
this issue to cause a denial of service. (CVE-2022-44572)

It was discovered that Rack incorrectly handled Multipart MIME parsing.
A remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2023-27530)

It was discovered that Rack incorrectly handled certain regular
expressions. A remote attacker could possibly use this issue to cause
Rack to consume resources, leading to a denial of service.
(CVE-2023-27539)

It was discovered that Rack incorrectly parsed certain media types. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-25126)

It was discovered that Rack incorrectly handled certain Range headers. A
remote attacker could possibly use this issue to cause Rack to create
large responses, leading to a denial of service. (CVE-2024-26141)

It was discovered that Rack incorrectly handled certain crafted headers. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-26146)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  ruby-rack                       2.1.4-5ubuntu1.1

After a standard system update you need to restart any applications using
Rack to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7036-1
  CVE-2022-30122, CVE-2022-30123, CVE-2022-44570, CVE-2022-44571,
  CVE-2022-44572, CVE-2023-27530, CVE-2023-27539, CVE-2024-25126,
  CVE-2024-26141, CVE-2024-26146,
https://bugs.launchpad.net/ubuntu/+source/ruby-rack/+bug/2078711

Package Information:
  https://launchpad.net/ubuntu/+source/ruby-rack/2.1.4-5ubuntu1.1



[USN-7021-3] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7021-3
September 26, 2024

linux-lowlatency, linux-lowlatency-hwe-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lowlatency: Linux low latency kernel
- linux-lowlatency-hwe-5.15: Linux low latency kernel

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- BTRFS file system;
- F2FS file system;
- GFS2 file system;
- BPF subsystem;
- Netfilter;
- RxRPC session sockets;
- Integrity Measurement Architecture(IMA) framework;
(CVE-2024-39494, CVE-2024-38570, CVE-2024-27012, CVE-2024-39496,
CVE-2024-42160, CVE-2024-41009, CVE-2024-42228, CVE-2024-26677)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-122-lowlatency 5.15.0-122.132
linux-image-5.15.0-122-lowlatency-64k 5.15.0-122.132
linux-image-lowlatency 5.15.0.122.111
linux-image-lowlatency-64k 5.15.0.122.111

Ubuntu 20.04 LTS
linux-image-5.15.0-122-lowlatency 5.15.0-122.132~20.04.1
linux-image-5.15.0-122-lowlatency-64k 5.15.0-122.132~20.04.1
linux-image-lowlatency-64k-hwe-20.04 5.15.0.122.132~20.04.1
linux-image-lowlatency-hwe-20.04 5.15.0.122.132~20.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7021-3
https://ubuntu.com/security/notices/USN-7021-2
https://ubuntu.com/security/notices/USN-7021-1
CVE-2024-26677, CVE-2024-27012, CVE-2024-38570, CVE-2024-39494,
CVE-2024-39496, CVE-2024-41009, CVE-2024-42160, CVE-2024-42228

Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-122.132
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-5.15/5.15.0-122.132~20.04.1



[USN-7020-3] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7020-3
September 26, 2024

linux-raspi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- SCSI drivers;
- F2FS file system;
- BPF subsystem;
- IPv4 networking;
(CVE-2024-42160, CVE-2024-42159, CVE-2024-42224, CVE-2024-41009,
CVE-2024-42154, CVE-2024-42228)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1012-raspi 6.8.0-1012.13
linux-image-raspi 6.8.0-1012.13

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7020-3
https://ubuntu.com/security/notices/USN-7020-2
https://ubuntu.com/security/notices/USN-7020-1
CVE-2024-41009, CVE-2024-42154, CVE-2024-42159, CVE-2024-42160,
CVE-2024-42224, CVE-2024-42228

Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1012.13



[USN-7034-2] ca-certificates update


==========================================================================
Ubuntu Security Notice USN-7034-2
September 26, 2024

ca-certificates update
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

The CA certificates in the ca-certificates package were updated.

Software Description:
- ca-certificates: Common CA certificates

Details:

USN-7034-1 updated ca-certificates. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

The ca-certificates package contained outdated CA certificates.
This update refreshes the included certificates to those contained
in the 2.64 version of the Mozilla certificate authority bundle.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
ca-certificates 202402031ubuntu0.18.04.1+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
ca-certificates 202402031~16.04.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7034-2
https://ubuntu.com/security/notices/USN-7034-1
https://launchpad.net/bugs/2081875



[USN-7003-4] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7003-4
September 26, 2024

linux-raspi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems

Details:

It was discovered that the JFS file system contained an out-of-bounds read
vulnerability when printing xattr debug information. A local attacker could
use this to cause a denial of service (system crash). (CVE-2024-40902)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- MIPS architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- GPIO subsystem;
- GPU drivers;
- Greybus drivers;
- HID subsystem;
- I2C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- VMware VMCI Driver;
- Network drivers;
- Pin controllers subsystem;
- S/390 drivers;
- SCSI drivers;
- USB subsystem;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- NILFS2 file system;
- IOMMU subsystem;
- Sun RPC protocol;
- Netfilter;
- Memory management;
- B.A.T.M.A.N. meshing protocol;
- CAN network layer;
- Ceph Core library;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- MAC80211 subsystem;
- NET/ROM layer;
- Network traffic control;
- SoC Audio for Freescale CPUs drivers;
(CVE-2024-41034, CVE-2024-40984, CVE-2024-40987, CVE-2024-42119,
CVE-2024-42224, CVE-2024-42101, CVE-2024-42096, CVE-2024-41095,
CVE-2024-42087, CVE-2024-42104, CVE-2024-42148, CVE-2024-39495,
CVE-2024-40980, CVE-2024-42223, CVE-2024-40961, CVE-2024-40988,
CVE-2024-42127, CVE-2024-42090, CVE-2024-42236, CVE-2024-40995,
CVE-2024-41007, CVE-2024-40968, CVE-2024-40901, CVE-2024-42097,
CVE-2024-41041, CVE-2024-36974, CVE-2024-42115, CVE-2024-40978,
CVE-2024-38619, CVE-2024-41049, CVE-2024-41035, CVE-2024-41044,
CVE-2024-42154, CVE-2024-39499, CVE-2024-42070, CVE-2024-40959,
CVE-2024-39487, CVE-2024-42157, CVE-2024-40916, CVE-2024-42076,
CVE-2024-41087, CVE-2024-42094, CVE-2024-42124, CVE-2024-40905,
CVE-2024-42145, CVE-2024-40963, CVE-2024-36894, CVE-2024-40942,
CVE-2024-42092, CVE-2024-42153, CVE-2024-41089, CVE-2024-40912,
CVE-2023-52887, CVE-2024-40934, CVE-2024-41006, CVE-2024-39501,
CVE-2024-42084, CVE-2024-39506, CVE-2024-39509, CVE-2024-40943,
CVE-2024-42106, CVE-2024-42093, CVE-2024-40902, CVE-2024-42086,
CVE-2024-40958, CVE-2024-39502, CVE-2024-42232, CVE-2024-42089,
CVE-2024-37078, CVE-2024-39469, CVE-2024-41046, CVE-2024-42102,
CVE-2024-40974, CVE-2024-39505, CVE-2024-40960, CVE-2024-42105,
CVE-2024-40932, CVE-2024-40904, CVE-2024-40981, CVE-2024-39503,
CVE-2024-41097, CVE-2024-40941, CVE-2024-36978, CVE-2023-52803,
CVE-2024-40945)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1116-raspi 5.4.0-1116.128
linux-image-raspi 5.4.0.1116.146
linux-image-raspi-hwe-18.04 5.4.0.1116.146
linux-image-raspi2 5.4.0.1116.146
linux-image-raspi2-hwe-18.04 5.4.0.1116.146

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7003-4
https://ubuntu.com/security/notices/USN-7003-3
https://ubuntu.com/security/notices/USN-7003-2
https://ubuntu.com/security/notices/USN-7003-1
CVE-2023-52803, CVE-2023-52887, CVE-2024-36894, CVE-2024-36974,
CVE-2024-36978, CVE-2024-37078, CVE-2024-38619, CVE-2024-39469,
CVE-2024-39487, CVE-2024-39495, CVE-2024-39499, CVE-2024-39501,
CVE-2024-39502, CVE-2024-39503, CVE-2024-39505, CVE-2024-39506,
CVE-2024-39509, CVE-2024-40901, CVE-2024-40902, CVE-2024-40904,
CVE-2024-40905, CVE-2024-40912, CVE-2024-40916, CVE-2024-40932,
CVE-2024-40934, CVE-2024-40941, CVE-2024-40942, CVE-2024-40943,
CVE-2024-40945, CVE-2024-40958, CVE-2024-40959, CVE-2024-40960,
CVE-2024-40961, CVE-2024-40963, CVE-2024-40968, CVE-2024-40974,
CVE-2024-40978, CVE-2024-40980, CVE-2024-40981, CVE-2024-40984,
CVE-2024-40987, CVE-2024-40988, CVE-2024-40995, CVE-2024-41006,
CVE-2024-41007, CVE-2024-41034, CVE-2024-41035, CVE-2024-41041,
CVE-2024-41044, CVE-2024-41046, CVE-2024-41049, CVE-2024-41087,
CVE-2024-41089, CVE-2024-41095, CVE-2024-41097, CVE-2024-42070,
CVE-2024-42076, CVE-2024-42084, CVE-2024-42086, CVE-2024-42087,
CVE-2024-42089, CVE-2024-42090, CVE-2024-42092, CVE-2024-42093,
CVE-2024-42094, CVE-2024-42096, CVE-2024-42097, CVE-2024-42101,
CVE-2024-42102, CVE-2024-42104, CVE-2024-42105, CVE-2024-42106,
CVE-2024-42115, CVE-2024-42119, CVE-2024-42124, CVE-2024-42127,
CVE-2024-42145, CVE-2024-42148, CVE-2024-42153, CVE-2024-42154,
CVE-2024-42157, CVE-2024-42223, CVE-2024-42224, CVE-2024-42232,
CVE-2024-42236

Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/5.4.0-1116.128



[USN-7037-1] OpenJPEG vulnerability


==========================================================================
Ubuntu Security Notice USN-7037-1
September 26, 2024

openjpeg2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

OpenJPEG could be made to crash if it opened a specially crafted file.

Software Description:
- openjpeg2: JPEG 2000 image compression/decompression library

Details:

It was discovered that OpenJPEG could enter a large loop and continuously
print warning messages when given specially crafted input. An attacker
could potentially use this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libopenjp2-7                    2.5.0-2ubuntu0.1
  libopenjpip7                    2.5.0-2ubuntu0.1

Ubuntu 22.04 LTS
  libopenjp2-7                    2.4.0-6ubuntu0.1
  libopenjp3d7                    2.4.0-6ubuntu0.1
  libopenjpip7                    2.4.0-6ubuntu0.1

Ubuntu 20.04 LTS
  libopenjp2-7                    2.3.1-1ubuntu4.20.04.2
  libopenjp3d7                    2.3.1-1ubuntu4.20.04.2
  libopenjpip7                    2.3.1-1ubuntu4.20.04.2

Ubuntu 18.04 LTS
  libopenjp2-7                    2.3.0-2+deb10u2ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  libopenjp3d7                    2.3.0-2+deb10u2ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  libopenjpip7                    2.3.0-2+deb10u2ubuntu0.1~esm2
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libopenjp2-7                    2.1.2-1.1+deb9u6ubuntu0.1esm4
                                  Available with Ubuntu Pro
  libopenjp3d7                    2.1.2-1.1+deb9u6ubuntu0.1~esm4
                                  Available with Ubuntu Pro
  libopenjpip7                    2.1.2-1.1+deb9u6ubuntu0.1~esm4
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7037-1
  CVE-2023-39327

Package Information:
  https://launchpad.net/ubuntu/+source/openjpeg2/2.5.0-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/openjpeg2/2.4.0-6ubuntu0.1
https://launchpad.net/ubuntu/+source/openjpeg2/2.3.1-1ubuntu4.20.04.2



[USN-7038-1] APR vulnerability


==========================================================================
Ubuntu Security Notice USN-7038-1
September 26, 2024

apr vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

The system could be made to expose sensitive information.

Software Description:
- apr: Apache Portable Runtime Library

Details:

Thomas Stangner discovered a permission vulnerability in the Apache
Portable Runtime (APR) library. A local attacker could possibly use this
issue to read named shared memory segments, potentially exposing sensitive
application data.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libapr1-dev                     1.7.2-3.1ubuntu0.1
  libapr1t64                      1.7.2-3.1ubuntu0.1

Ubuntu 22.04 LTS
  libapr1                         1.7.0-8ubuntu0.22.04.2
  libapr1-dev                     1.7.0-8ubuntu0.22.04.2

Ubuntu 20.04 LTS
  libapr1                         1.6.5-1ubuntu1.1
  libapr1-dev                     1.6.5-1ubuntu1.1

Ubuntu 18.04 LTS
  libapr1                         1.6.3-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  libapr1-dev                     1.6.3-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libapr1                         1.5.2-3ubuntu0.1~esm2
                                  Available with Ubuntu Pro
  libapr1-dev                     1.5.2-3ubuntu0.1~esm2
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7038-1
  CVE-2023-49582

Package Information:
  https://launchpad.net/ubuntu/+source/apr/1.7.2-3.1ubuntu0.1
  https://launchpad.net/ubuntu/+source/apr/1.7.0-8ubuntu0.22.04.2
  https://launchpad.net/ubuntu/+source/apr/1.6.5-1ubuntu1.1



[USN-7039-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7039-1
September 26, 2024

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Input Device (Tablet) drivers;
- Modular ISDN driver;
- Multiple devices driver;
- Network drivers;
- Near Field Communication (NFC) drivers;
- SCSI drivers;
- GCT GDM724x LTE driver;
- USB subsystem;
- VFIO drivers;
- GFS2 file system;
- JFS file system;
- NILFS2 file system;
- Networking core;
- IPv4 networking;
- L2TP protocol;
- Netfilter;
- RxRPC session sockets;
(CVE-2024-26651, CVE-2024-38583, CVE-2023-52527, CVE-2024-26880,
CVE-2022-48850, CVE-2024-26733, CVE-2021-47188, CVE-2024-42154,
CVE-2023-52809, CVE-2024-42228, CVE-2022-48863, CVE-2022-48836,
CVE-2022-48838, CVE-2024-26677, CVE-2024-27437, CVE-2022-48857,
CVE-2022-48791, CVE-2021-47181, CVE-2024-26851, CVE-2024-40902,
CVE-2022-48851, CVE-2024-38570)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
linux-image-4.4.0-1137-kvm 4.4.0-1137.147
Available with Ubuntu Pro
linux-image-4.4.0-1174-aws 4.4.0-1174.189
Available with Ubuntu Pro
linux-image-4.4.0-259-generic 4.4.0-259.293
Available with Ubuntu Pro
linux-image-4.4.0-259-lowlatency 4.4.0-259.293
Available with Ubuntu Pro
linux-image-aws 4.4.0.1174.178
Available with Ubuntu Pro
linux-image-generic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-utopic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-vivid 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-wily 4.4.0.259.265
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.259.265
Available with Ubuntu Pro
linux-image-kvm 4.4.0.1137.134
Available with Ubuntu Pro
linux-image-lowlatency 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-utopic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-vivid 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-wily 4.4.0.259.265
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-utopic 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-vivid 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-wily 4.4.0.259.265
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.259.265
Available with Ubuntu Pro

Ubuntu 14.04 LTS
linux-image-4.4.0-1136-aws 4.4.0-1136.142
Available with Ubuntu Pro
linux-image-4.4.0-259-generic 4.4.0-259.293~14.04.1
Available with Ubuntu Pro
linux-image-4.4.0-259-lowlatency 4.4.0-259.293~14.04.1
Available with Ubuntu Pro
linux-image-aws 4.4.0.1136.133
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.259.293~14.04.1
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.259.293~14.04.1
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.259.293~14.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7039-1
CVE-2021-47181, CVE-2021-47188, CVE-2022-48791, CVE-2022-48836,
CVE-2022-48838, CVE-2022-48850, CVE-2022-48851, CVE-2022-48857,
CVE-2022-48863, CVE-2023-52527, CVE-2023-52809, CVE-2024-26651,
CVE-2024-26677, CVE-2024-26733, CVE-2024-26851, CVE-2024-26880,
CVE-2024-27437, CVE-2024-38570, CVE-2024-38583, CVE-2024-40902,
CVE-2024-42154, CVE-2024-42228



[USN-7043-1] cups-filters vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7043-1
September 26, 2024

cups-filters vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

cups-filters could be made to run programs if it received specially crafted
network traffic.

Software Description:
- cups-filters: OpenPrinting CUPS Filters

Details:

Simone Margaritelli discovered that the cups-filters cups-browsed component
could be used to create arbitrary printers from outside the local network.
In combination with issues in other printing components, a remote attacker
could possibly use this issue to connect to a system, created manipulated
PPD files, and execute arbitrary code when a printer is used. This update
disables support for the legacy CUPS printer discovery protocol.
(CVE-2024-47176)

Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used. (CVE-2024-47076)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
cups-browsed 1.28.15-0ubuntu1.3
cups-filters 1.28.15-0ubuntu1.3

Ubuntu 20.04 LTS
cups-browsed 1.27.4-1ubuntu0.3
cups-filters 1.27.4-1ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7043-1
CVE-2024-47076, CVE-2024-47176

Package Information:
https://launchpad.net/ubuntu/+source/cups-filters/1.28.15-0ubuntu1.3
https://launchpad.net/ubuntu/+source/cups-filters/1.27.4-1ubuntu0.3



[USN-7045-1] libppd vulnerability


==========================================================================
Ubuntu Security Notice USN-7045-1
September 26, 2024

libppd vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

libppd could be made to run programs if it received specially crafted
network traffic.

Software Description:
- libppd: OpenPrinting libppd

Details:

Simone Margaritelli discovered that libppd incorrectly sanitized IPP data
when creating PPD files. A remote attacker could possibly use this issue to
manipulate PPD files and execute arbitrary code when a printer is used.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libppd-utils 2:2.0.0-0ubuntu4.1
libppd2 2:2.0.0-0ubuntu4.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7045-1
CVE-2024-47175

Package Information:
https://launchpad.net/ubuntu/+source/libppd/2:2.0.0-0ubuntu4.1



[USN-7042-1] cups-browsed vulnerability


==========================================================================
Ubuntu Security Notice USN-7042-1
September 26, 2024

cups-browsed vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

cups-browsed could be made to run programs if it received specially crafted
network traffic.

Software Description:
- cups-browsed: OpenPrinting cups-browsed

Details:

Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables support
for the legacy CUPS printer discovery protocol.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
cups-browsed 2.0.0-0ubuntu10.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7042-1
CVE-2024-47176

Package Information:
https://launchpad.net/ubuntu/+source/cups-browsed/2.0.0-0ubuntu10.1



[USN-7041-1] CUPS vulnerability


==========================================================================
Ubuntu Security Notice USN-7041-1
September 26, 2024

cups vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

CUPS could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- cups: Common UNIX Printing System(tm)

Details:

Simone Margaritelli discovered that CUPS incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
cups 2.4.7-1.2ubuntu7.3

Ubuntu 22.04 LTS
cups 2.4.1op1-1ubuntu4.11

Ubuntu 20.04 LTS
cups 2.3.1-9ubuntu1.9

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7041-1
CVE-2024-47175

Package Information:
https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.3
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.11
https://launchpad.net/ubuntu/+source/cups/2.3.1-9ubuntu1.9



[USN-7044-1] libcupsfilters vulnerability


==========================================================================
Ubuntu Security Notice USN-7044-1
September 26, 2024

libcupsfilters vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

libcupsfilters could be made to run programs if it received specially
crafted network traffic.

Software Description:
- libcupsfilters: OpenPrinting libcupsfilters

Details:

Simone Margaritelli discovered that libcupsfilters incorrectly sanitized
IPP data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libcupsfilters2-common 2.0.0-0ubuntu7.1
libcupsfilters2t64 2.0.0-0ubuntu7.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7044-1
CVE-2024-47076

Package Information:
https://launchpad.net/ubuntu/+source/libcupsfilters/2.0.0-0ubuntu7.1



[USN-7040-1] ConfigObj vulnerability


==========================================================================
Ubuntu Security Notice USN-7040-1
September 26, 2024

configobj vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

ConfigObj could be made to crash if it received specially crafted input.

Software Description:
- configobj: simple but powerful config file reader and writer for Python

Details:

It was discovered that ConfigObj contains regex that is susceptible to
catastrophic backtracking. An attacker could possibly use this issue to
cause a regular expression denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  python3-configobj               5.0.6-5ubuntu0.1

Ubuntu 20.04 LTS
  python3-configobj               5.0.6-4ubuntu0.1

Ubuntu 18.04 LTS
  python-configobj                5.0.6-2ubuntu0.18.04.1~esm1
                                  Available with Ubuntu Pro
  python3-configobj               5.0.6-2ubuntu0.18.04.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  python-configobj                5.0.6-2ubuntu0.16.04.1~esm1
                                  Available with Ubuntu Pro
  python3-configobj               5.0.6-2ubuntu0.16.04.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7040-1
  CVE-2023-26112

Package Information:
  https://launchpad.net/ubuntu/+source/configobj/5.0.6-5ubuntu0.1
  https://launchpad.net/ubuntu/+source/configobj/5.0.6-4ubuntu0.1