Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2024-52804 | Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 | python-tornado python-tornado python-tornado python-tornado |
| Launchpad | 2091079 | New bugfix release 24.2.8 | mesa mesa |
| CVE | CVE-2024-21820 | Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user | intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode |
| CVE | CVE-2024-23918 | Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to | intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode |
| CVE | CVE-2024-21853 | Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user t | intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode |
| CVE | CVE-2023-46750 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Sh | shiro shiro |
| CVE | CVE-2023-46749 | Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used togethe | shiro shiro |
| CVE | CVE-2023-34478 | Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used togeth | shiro shiro |
| Launchpad | 2084747 | [MIR][noble] oem-somerville-magmar-meta | oem-somerville-magmar-meta oem-somerville-magmar-meta |
| Launchpad | 2084745 | [MIR][noble] oem-somerville-muk-meta | oem-somerville-muk-meta oem-somerville-muk-meta |
| CVE | CVE-2024-50602 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an un | expat expat expat expat expat expat expat expat expat expat expat expat expat expat expat expat |
| CVE | CVE-2023-4234 | A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_submit_report() function during the | ofono ofono ofono ofono ofono ofono |
| CVE | CVE-2023-4233 | A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the sms_decode_address_field() function during | ofono ofono ofono ofono ofono ofono |
| CVE | CVE-2023-2794 | A flaw was found in ofono, an Open Source Telephony on Linux. A stack overflow bug is triggered within the decode_deliver() function during the SMS d | ofono ofono ofono ofono ofono ofono |
| CVE | CVE-2021-32719 | RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ manag | rabbitmq-server |
| CVE | CVE-2021-32718 | RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the | rabbitmq-server |
| CVE | CVE-2024-44309 | A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Seq | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2024-44308 | The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 an | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2022-40468 | Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and | tinyproxy tinyproxy |
| Launchpad | 2089748 | [SRU] Update sysprof to 47.2 | sysprof |
About
-
Send Feedback to @ubuntu_updates
