Bugs addressed in recent updates
Origin | Bug number | Title | Packages |
---|---|---|---|
CVE | CVE-2024-23280 | An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 1 | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
CVE | CVE-2024-23263 | A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, wa | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
CVE | CVE-2024-23254 | The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watch | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
CVE | CVE-2024-2496 | A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host inter | libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt |
CVE | CVE-2024-2494 | A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length c | libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt |
CVE | CVE-2024-1441 | An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `nam | libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt |
CVE | CVE-2024-2201 | Native Branch History Injection | linux linux linux-hwe-5.15 linux linux-oem-6.5 linux-azure-5.15 linux-aws-5.15 linux-lowlatency-hwe-5.15 linux-gcp-5.15 linux-azure-6.5 linux-ibm-5.15 linux-hwe-6.5 linux-oracle-5.15 linux-gcp-6.5 linux-riscv-5.15 linux linux-intel-iotg-5.15 linux-oem-6.5 linux-gcp-6.5 linux-azure-6.5 linux-oracle-5.15 linux-hwe-5.15 linux-gcp-5.15 linux-aws-5.15 linux-ibm-5.15 linux-laptop linux-azure-5.15 linux-oracle-6.5 linux-lowlatency-hwe-6.5 linux-aws-6.5 linux-intel-iotg-5.15 linux-riscv linux-starfive linux-xilinx-zynqmp linux-starfive linux-laptop linux-lowlatency-hwe-5.15 linux-riscv-6.5 linux-starfive-6.5 linux-hwe-6.5 linux-aws-6.5 linux-xilinx-zynqmp linux-riscv-5.15 linux linux-riscv-5.15 linux-lowlatency-hwe-5.15 linux-oracle-5.15 linux-gcp-5.15 linux-ibm-5.15 linux-azure-5.15 linux |
CVE | CVE-2024-27285 | YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) a | yard yard yard yard |
Launchpad | 2061121 | Mantic preseeding of LXD using incorrect track/channel | livecd-rootfs |
Launchpad | 2051380 | Expired certificate used for tests causes failures | ruby3.1 ruby3.0 ruby3.1 ruby3.0 |
Launchpad | 2055241 | Update on-chip oscillator clock nodes for Kria | linux-xilinx-zynqmp linux-xilinx-zynqmp |
Launchpad | 2058321 | Unsupported platform 'ZynqMP KV260 revB | linux-xilinx-zynqmp linux-xilinx-zynqmp |
Launchpad | 2058707 | Backport AXI 1-wire host driver | linux-xilinx-zynqmp linux-xilinx-zynqmp |
Launchpad | 2056100 | sru cloud-init 23.4.4 to 24.1.3 | cloud-init cloud-init cloud-init cloud-init |
CVE | CVE-2022-29599 | In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing she | maven-shared-utils maven-shared-utils maven-shared-utils maven-shared-utils |
Launchpad | 2060906 | attempt to add opensc using modutil suddenly fails | nss nss nss nss nss nss nss nss |
CVE | CVE-2024-27316 | HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client do | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
CVE | CVE-2024-24795 | HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applicat | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
CVE | CVE-2023-38709 | Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
Launchpad | 2060880 | squid crashes after update to 4.10-1ubuntu1.10 | squid squid squid squid |
About
-
Send Feedback to @ubuntu_updates