UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2024-1441 An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `nam libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt
CVE CVE-2024-2201 Native Branch History Injection linux linux linux-hwe-5.15 linux linux-oem-6.5 linux-azure-5.15 linux-aws-5.15 linux-lowlatency-hwe-5.15 linux-gcp-5.15 linux-azure-6.5 linux-ibm-5.15 linux-hwe-6.5 linux-oracle-5.15 linux-gcp-6.5 linux-riscv-5.15 linux linux-intel-iotg-5.15 linux-oem-6.5 linux-gcp-6.5 linux-azure-6.5 linux-oracle-5.15 linux-hwe-5.15 linux-gcp-5.15 linux-aws-5.15 linux-ibm-5.15 linux-laptop linux-azure-5.15 linux-oracle-6.5 linux-lowlatency-hwe-6.5 linux-aws-6.5 linux-intel-iotg-5.15 linux-riscv linux-starfive linux-xilinx-zynqmp linux-starfive linux-laptop linux-lowlatency-hwe-5.15 linux-riscv-6.5 linux-starfive-6.5 linux-hwe-6.5 linux-aws-6.5 linux-xilinx-zynqmp
CVE CVE-2024-27285 YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) a yard yard yard yard
Launchpad 2061121 Mantic preseeding of LXD using incorrect track/channel livecd-rootfs
Launchpad 2051380 Expired certificate used for tests causes failures ruby3.1 ruby3.0 ruby3.1 ruby3.0
Launchpad 2055241 Update on-chip oscillator clock nodes for Kria linux-xilinx-zynqmp linux-xilinx-zynqmp
Launchpad 2058321 Unsupported platform 'ZynqMP KV260 revB linux-xilinx-zynqmp linux-xilinx-zynqmp
Launchpad 2058707 Backport AXI 1-wire host driver linux-xilinx-zynqmp linux-xilinx-zynqmp
Launchpad 2056100 sru cloud-init 23.4.4 to 24.1.3 cloud-init cloud-init cloud-init cloud-init
CVE CVE-2022-29599 In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing she maven-shared-utils maven-shared-utils maven-shared-utils maven-shared-utils
Launchpad 2060906 attempt to add opensc using modutil suddenly fails nss nss nss nss nss nss nss nss
CVE CVE-2024-27316 HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client do apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2024-24795 HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applicat apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2023-38709 Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
Launchpad 2060880 squid crashes after update to 4.10-1ubuntu1.10 squid squid squid squid
Launchpad 1876597 [SRU] package pure-ftpd-common 1.0.49-4 failed to install/upgrade: unable to open '/usr/share/doc/pure-ftpd-common/README.Authentication-Modules.gz.d pure-ftpd
Launchpad 1855189 usbguard stops responding when recvmsg receives ENOBUFS usbguard
CVE CVE-2023-5824 Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. squid squid squid squid squid squid squid squid squid squid squid squid
CVE CVE-2024-25111 Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP C squid squid squid squid squid squid squid squid squid squid squid squid
CVE CVE-2024-25617 Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may b squid squid squid squid squid squid squid squid squid squid squid squid


About   -   Send Feedback to @ubuntu_updates