Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2024-28835 | A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "c | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2024-28834 | A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2023-42843 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2023-42956 | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing we | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2023-42950 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchO | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2024-23284 | A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17 | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2024-23280 | An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 1 | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2024-23263 | A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, wa | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2024-23254 | The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watch | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2024-2496 | A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host inter | libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt |
| CVE | CVE-2024-2494 | A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length c | libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt |
| CVE | CVE-2024-1441 | An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `nam | libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt |
| CVE | CVE-2024-2201 | Native Branch History Injection | linux linux linux-hwe-5.15 linux linux-oem-6.5 linux-azure-5.15 linux-aws-5.15 linux-lowlatency-hwe-5.15 linux-gcp-5.15 linux-azure-6.5 linux-ibm-5.15 linux-hwe-6.5 linux-oracle-5.15 linux-gcp-6.5 linux-riscv-5.15 linux linux-intel-iotg-5.15 linux-oem-6.5 linux-gcp-6.5 linux-azure-6.5 linux-oracle-5.15 linux-hwe-5.15 linux-gcp-5.15 linux-aws-5.15 linux-ibm-5.15 linux-laptop linux-azure-5.15 linux-oracle-6.5 linux-lowlatency-hwe-6.5 linux-aws-6.5 linux-intel-iotg-5.15 linux-riscv linux-starfive linux-xilinx-zynqmp linux-starfive linux-laptop linux-lowlatency-hwe-5.15 linux-riscv-6.5 linux-starfive-6.5 linux-hwe-6.5 |
| CVE | CVE-2024-27285 | YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) a | yard yard yard yard |
| Launchpad | 2061121 | Mantic preseeding of LXD using incorrect track/channel | livecd-rootfs |
| Launchpad | 2051380 | Expired certificate used for tests causes failures | ruby3.1 ruby3.0 |
| Launchpad | 2055241 | Update on-chip oscillator clock nodes for Kria | linux-xilinx-zynqmp |
| Launchpad | 2058321 | Unsupported platform 'ZynqMP KV260 revB | linux-xilinx-zynqmp |
| Launchpad | 2058707 | Backport AXI 1-wire host driver | linux-xilinx-zynqmp |
| Launchpad | 2056100 | sru cloud-init 23.4.4 to 24.1.3 | cloud-init cloud-init |
About
-
Send Feedback to @ubuntu_updates
