========================================================================== Ubuntu Security Notice USN-6666-1 February 28, 2024
libuv1 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: libuv could be made to truncate certain hostnames. Software Description: - libuv1: asynchronous event notification library Details: It was discovered that libuv incorrectly truncated certain hostnames. A remote attacker could possibly use this issue with specially crafted hostnames to bypass certain checks. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libuv1 1.44.2-1ubuntu0.1 Ubuntu 22.04 LTS: libuv1 1.43.0-1ubuntu0.1 Ubuntu 20.04 LTS: libuv1 1.34.2-1ubuntu1.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6666-1 CVE-2024-24806 Package Information: https://launchpad.net/ubuntu/+source/libuv1/1.44.2-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libuv1/1.43.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libuv1/1.34.2-1ubuntu1.5
OpenPGP_signature.asc
Description: OpenPGP digital signature
