Ubuntu 6586 Published by

The following security updates are available for Ubuntu Linux:

[USN-6945-1] wpa_supplicant and hostapd vulnerability
[USN-6946-1] Django vulnerabilities




[USN-6945-1] wpa_supplicant and hostapd vulnerability


=========================================================================
Ubuntu Security Notice USN-6945-1
August 06, 2024

wpa vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

wpa_supplicant could be made to run programs as an administrator with
specially crafted configuration file.

Software Description:
- wpa: client support for WPA and WPA2

Details:

Rory McNamara discovered that wpa_supplicant could be made to load
arbitrary shared objects by unprivileged users that have access to
the control interface. An attacker could use this to escalate privileges
to root.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
wpasupplicant 2:2.10-21ubuntu0.1

Ubuntu 22.04 LTS
wpasupplicant 2:2.10-6ubuntu2.1

Ubuntu 20.04 LTS
wpasupplicant 2:2.9-1ubuntu4.4

Ubuntu 18.04 LTS
wpasupplicant 2:2.6-15ubuntu2.8+esm1

Ubuntu 16.04 LTS
wpasupplicant 2.4-0ubuntu6.8+esm1

Ubuntu 14.04 LTS
wpasupplicant 2.1-0ubuntu1.7+esm5

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6945-1
CVE-2024-5290, https://launchpad.net/bugs/2067613

Package Information:
https://launchpad.net/ubuntu/+source/wpa/2:2.10-21ubuntu0.1
https://launchpad.net/ubuntu/+source/wpa/2:2.10-6ubuntu2.1
https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.4
https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.8+esm1
https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.8+esm1
https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7+esm5


[USN-6946-1] Django vulnerabilities


==========================================================================
Ubuntu Security Notice USN-6946-1
August 06, 2024

python-django vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Django.

Software Description:
- python-django: High-level Python web development framework

Details:

It was discovered that Django incorrectly handled certain strings in
floatformat function. An attacker could possibly use this issue to
cause a memory exhaustion. (CVE-2024-41989)

It was discovered that Django incorrectly handled very large inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2024-41990)

It was discovered that Django in AdminURLFieldWidget incorrectly
handled certain inputs with a very large number of Unicode characters.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2024-41991)

It was discovered that Django incorrectly handled certain JSON objects.
An attacker could possibly use this issue to cause a potential SQL
injection. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 24.04
LTS. (CVE-2024-42005)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
python3-django 3:4.2.11-1ubuntu1.2

Ubuntu 22.04 LTS
python3-django 2:3.2.12-2ubuntu1.13

Ubuntu 20.04 LTS
python3-django 2:2.2.12-1ubuntu0.24

Ubuntu 18.04 LTS
python-django 1:1.11.11-1ubuntu1.21+esm6
Available with Ubuntu Pro
python3-django 1:1.11.11-1ubuntu1.21+esm6
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6946-1
CVE-2024-41989, CVE-2024-41990, CVE-2024-41991, CVE-2024-42005

Package Information:
https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.2
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.13
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.24