[USN-6621-1] ImageMagick vulnerability
== Ubuntu Security Notice USN-6621-1 February 01, 2024 imagemagick vulnerability == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: ImageMagick could be made to crash if it opened a specially crafted file. Software Description: - imagemagick: Image manipulation programs and library Details: It was discovered that ImageMagick incorrectly handled certain values when processing BMP files. An attacker could exploit this to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): imagemagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3 imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3 libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3 libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm3 Ubuntu 20.04 LTS (Available with Ubuntu Pro): imagemagick 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm2 imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm2 libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm2 libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.9+esm2 Ubuntu 18.04 LTS (Available with Ubuntu Pro): imagemagick 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm3 Ubuntu 16.04 LTS (Available with Ubuntu Pro): imagemagick 8:6.8.9.9-7ubuntu5.16+esm10 imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm10 libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm10 Ubuntu 14.04 LTS (Available with Ubuntu Pro): imagemagick 8:6.7.7.10-6ubuntu3.13+esm7 libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm7 libmagickcore5-extra8:6.7.7.10-6ubuntu3.13+esm7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6621-1 CVE-2023-5341 signature.asc Description: PGP signature
[USN-6587-4] X.Org X Server regression
== Ubuntu Security Notice USN-6587-4 February 01, 2024 xorg-server, xwayland regression == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: A regression was fixed in X.Org X Server. Software Description: - xorg-server: X.Org X11 server Details: USN-6587-1 fixed vulnerabilities in X.Org X Server. The fix was incomplete resulting in a possible regression. This update fixes the problem. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the DeviceFocusEvent and ProcXIQueryPointer APIs. An attacker could possibly use this issue to cause the X Server to crash, obtain sensitive information, or execute arbitrary code. (CVE-2023-6816) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled reattaching to a different master device. An attacker could use this issue to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2024-0229) Olivier Fourdan and Donn Seeley discovered that the X.Org X Server incorrectly labeled GLX PBuffers when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0408) Olivier Fourdan discovered that the X.Org X Server incorrectly handled the curser code when used with SELinux. An attacker could use this issue to cause the X Server to crash, leading to a denial of service. (CVE-2024-0409) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled memory when processing the XISendDeviceHierarchyEvent API. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21885) Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled devices being disabled. An attacker could possibly use this issue to cause the X Server to crash, or execute arbitrary code. (CVE-2024-21886) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm5 xwayland2:1.19.6-1ubuntu4.15+esm5 Ubuntu 16.04 LTS (Available with Ubuntu Pro): xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm10 xwayland2:1.18.4-0ubuntu0.12+esm10 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6587-4 https://ubuntu.com/security/notices/USN-6587-1 https://launchpad.net/bugs/2051536 signature.asc Description: PGP signature
[USN-6620-1] GNU C Library vulnerabilities
== Ubuntu Security Notice USN-6620-1 February 01, 2024 glibc vulnerabilities == A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 Summary: GNU C Library could be made to crash or run programs as an administrator if it handled a specially crafted request. Software Description: - glibc: GNU C Library Details: It was discovered that the GNU C Library incorrectly handled the syslog() function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libc6 2.38-1ubuntu6.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6620-1 CVE-2023-6246, CVE-2023-6779, CVE-2023-6780 Package Information: https://launchpad.net/ubuntu/+source/glibc/2.38-1ubuntu6.1 OpenPGP_signature.asc Description: OpenPGP digital signature
ITSM-74207 ubuntu-security-announce Digest, Vol 233, Issue 1
—-—-—-— Reply above this line. Just confirming that we got your request. We're on it. __ ubuntu-security-announce-requ...@lists.ubuntu.com added you as a participant. __ Automation for Jira resolved this as Won't Do. __ Automation for Jira changed the status to Cancel - Spam. View request: https://chargebacks911.atlassian.net/servicedesk/customer/portal/1/ITSM-74207?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Z3QiOiJhbm9ueW1vdXMtbGluayIsInFzaCI6ImZhYWMzOTVhMGRmMjIwZTdkOWI2YzI5OWI2YzdmZjg5YThmZjA5YTQ0MWI5MDE1NjQyMThhMDllYjNmMzRjMTgiLCJpc3MiOiJzZXJ2aWNlZGVzay1qd3QtdG9rZW4taXNzdWVyIiwiY29udGV4dCI6eyJ1c2VyIjoiMTA2ODQiLCJpc3N1ZSI6IklUU00tNzQyMDcifSwiZXhwIjoxNzA5MjA4MTc1LCJpYXQiOjE3MDY3ODg5NzV9.OPLwsXkRoco4Kw5zjg7-jkySM56sw4JtXUhlUfIdjN8&sda_source=notification-email Turn off this request's notifications: https://chargebacks911.atlassian.net/servicedesk/customer/portal/1/ITSM-74207/unsubscribe?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Z3QiOiJhbm9ueW1vdXMtbGluayIsInFzaCI6IjRlYTgyMDYzOTM2OTQ2ZTlhZDMwZWY3YWY3ZjRkOWRkMzg0NGNhYzY5OGVlNTU4YjAwMjA5ZjRlM2RlMjIwZWIiLCJpc3MiOiJzZXJ2aWNlZGVzay1qd3QtdG9rZW4taXNzdWVyIiwiY29udGV4dCI6eyJ1c2VyIjoicW06OGViNTQ2MmMtNzZkZS00ZGRjLWJmOTItZjY4ZmM4ODE5MDE2OjVhZTg1NzE2MzQ3NzYxMzEwZTI1NWE2NSIsImlzc3VlIjoiSVRTTS03NDIwNyJ9LCJleHAiOjE3MDkyMDgxNzUsImlhdCI6MTcwNjc4ODk3NX0.qk5FHwFIpksJa39RQsACcKtgUlyrr26FyvUEJYkJZb4 This is shared with ubuntu-security-announce-requ...@lists.ubuntu.com and ubuntu-security-announce@lists.ubuntu.com -- Powered by Jira Service Management https://www.atlassian.com/software/jira/service-desk/powered-by?utm_medium=jira-in-product&utm_source=jira_service_desk_email_footer&utm_content=chargebacks911
