Ubuntu Linux has received updates focused on security enhancements, addressing vulnerabilities identified in Roundcube, snapd, HPLIP, and WebKitGTK:

[USN-7200-1] Roundcube vulnerability
[USN-6940-2] snapd vulnerabilities
[USN-7202-1] HPLIP vulnerability
[USN-7201-1] WebKitGTK vulnerabilities

[USN-7200-1] Roundcube vulnerability

==========================================================================
Ubuntu Security Notice USN-7200-1
January 13, 2025

roundcube vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Roundcube could be made to expose sensitive information.

Software Description:
- roundcube: skinnable AJAX based webmail solution for IMAP servers -
metapack

Details:

It was discovered that Roundcube incorrectly handled certain file-based
attachment plugins. An attacker could exploit this to gain unauthorized
access to arbitrary files on the host’s file system.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  roundcube-core                  1.2~beta+dfsg.1-0ubuntu1+esm5
                                  Available with Ubuntu Pro
  roundcube-plugins               1.2~beta+dfsg.1-0ubuntu1+esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7200-1
( https://ubuntu.com/security/notices/USN-7200-1)
  CVE-2017-16651

[USN-6940-2] snapd vulnerabilities

==========================================================================
Ubuntu Security Notice USN-6940-2
January 13, 2025

snapd vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in snapd.

Software Description:
- snapd: Daemon and tooling that enable snap packages

Details:

USN-6940-1 fixed vulnerabilities in snapd. This update provides the
corresponding updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS.

Original advisory details:

 Neil McPhail discovered that snapd did not properly restrict writes to
 the /home/jslarraz/bin path in the AppArmor profile for snaps using the home
 plug. An attacker who could convince a user to install a malicious snap
 could use this vulnerability to escape the snap sandbox. (CVE-2024-1724)

 Zeyad Gouda discovered that snapd failed to properly check the file type
 when extracting a snap. An attacker who could convince a user to install
 a malicious snap containing non-regular files could then cause snapd to
 block indefinitely while trying to read from such files and cause a
 denial of service. (CVE-2024-29068)

 Zeyad Gouda discovered that snapd failed to properly check the
 destination of symbolic links when extracting a snap. An attacker who
 could convince a user to install a malicious snap containing crafted
 symbolic links could then cause snapd to write out the contents of the
 symbolic link destination into a world-readable directory. This in-turn
 could allow a local unprivileged user to gain access to privileged
 information. (CVE-2024-29069)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  snapd                           2.61.4ubuntu0.18.04.1+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  snapd                           2.61.4ubuntu0.16.04.1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6940-2
  https://ubuntu.com/security/notices/USN-6940-1
  CVE-2024-1724, CVE-2024-29068, CVE-2024-29069

[USN-7202-1] HPLIP vulnerability

==========================================================================
Ubuntu Security Notice USN-7202-1
January 13, 2025

hplip vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

HPLIP could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- hplip: HP Linux Printing and Imaging System (HPLIP)

Details:

Kevin Backhouse discovered that HPLIP incorrectly handled certain MDNS
responses. A remote attacker could use this issue to cause HPLIP to crash,
resulting in a denial of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
hplip 3.20.3+dfsg0-2ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7202-1
CVE-2020-6923

Package Information:
https://launchpad.net/ubuntu/+source/hplip/3.20.3+dfsg0-2ubuntu0.1

[USN-7201-1] WebKitGTK vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7201-1
January 13, 2025

webkit2gtk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in WebKitGTK.

Software Description:
- webkit2gtk: Web content engine library for GTK+

Details:

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
libjavascriptcoregtk-4.1-0 2.46.5-0ubuntu0.24.10.1
libjavascriptcoregtk-6.0-1 2.46.5-0ubuntu0.24.10.1
libwebkit2gtk-4.1-0 2.46.5-0ubuntu0.24.10.1
libwebkitgtk-6.0-4 2.46.5-0ubuntu0.24.10.1

Ubuntu 24.04 LTS
libjavascriptcoregtk-4.1-0 2.46.5-0ubuntu0.24.04.1
libjavascriptcoregtk-6.0-1 2.46.5-0ubuntu0.24.04.1
libwebkit2gtk-4.1-0 2.46.5-0ubuntu0.24.04.1
libwebkitgtk-6.0-4 2.46.5-0ubuntu0.24.04.1

Ubuntu 22.04 LTS
libjavascriptcoregtk-4.0-18 2.46.5-0ubuntu0.22.04.1
libjavascriptcoregtk-4.1-0 2.46.5-0ubuntu0.22.04.1
libjavascriptcoregtk-6.0-1 2.46.5-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.46.5-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.46.5-0ubuntu0.22.04.1
libwebkitgtk-6.0-4 2.46.5-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7201-1
CVE-2024-54479, CVE-2024-54502, CVE-2024-54505, CVE-2024-54508

Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.46.5-0ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.46.5-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.46.5-0ubuntu0.22.04.1