https://ubuntu.com/security/notices/rss.xmlRecent content on Ubuntu security notices2024 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.http://www.rssboard.org/rss-specificationFeedgenMon, 30 Sep 2024 02:15:12 +0000https://ubuntu.com/security/notices/USN-7045-1Simone Margaritelli discovered that libppd incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used. https://ubuntu.com/security/notices/USN-7045-1Thu, 26 Sep 2024 20:40:34 +0000https://ubuntu.com/security/notices/USN-7044-1Simone Margaritelli discovered that libcupsfilters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used. https://ubuntu.com/security/notices/USN-7044-1Thu, 26 Sep 2024 20:35:22 +0000https://ubuntu.com/security/notices/USN-7043-1Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. (CVE-2024-47176) Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used. (CVE-2024-47076) https://ubuntu.com/security/notices/USN-7043-1Thu, 26 Sep 2024 20:30:49 +0000https://ubuntu.com/security/notices/USN-7042-1Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. https://ubuntu.com/security/notices/USN-7042-1Thu, 26 Sep 2024 20:24:02 +0000https://ubuntu.com/security/notices/USN-7041-1Simone Margaritelli discovered that CUPS incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used. https://ubuntu.com/security/notices/USN-7041-1Thu, 26 Sep 2024 20:12:01 +0000https://ubuntu.com/security/notices/USN-7040-1It was discovered that ConfigObj contains regex that is susceptible to catastrophic backtracking. An attacker could possibly use this issue to cause a regular expression denial of service. https://ubuntu.com/security/notices/USN-7040-1Thu, 26 Sep 2024 16:19:18 +0000https://ubuntu.com/security/notices/USN-7039-1Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Input Device (Tablet) drivers; - Modular ISDN driver; - Multiple devices driver; - Network drivers; - Near Field Communication (NFC) drivers; - SCSI drivers; - GCT GDM724x LTE driver; - USB subsystem; - VFIO drivers; - GFS2 file system; - JFS file system; - NILFS2 file system; - Networking core; - IPv4 networking; - L2TP protocol; - Netfilter; - RxRPC session sockets; (CVE-2024-26651, CVE-2024-38583, CVE-2023-52527, CVE-2024-26880, CVE-2022-48850, CVE-2024-26733, CVE-2021-47188, CVE-2024-42154, CVE-2023-52809, CVE-2024-42228, CVE-2022-48863, CVE-2022-48836, CVE-2022-48838, CVE-2024-26677, CVE-2024-27437, CVE-2022-48857, CVE-2022-48791, CVE-2021-47181, CVE-2024-26851, CVE-2024-40902, CVE-2022-48851, CVE-2024-38570) https://ubuntu.com/security/notices/USN-7039-1Thu, 26 Sep 2024 11:58:55 +0000https://ubuntu.com/security/notices/USN-7021-3Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - BTRFS file system; - F2FS file system; - GFS2 file system; - BPF subsystem; - Netfilter; - RxRPC session sockets; - Integrity Measurement Architecture(IMA) framework; (CVE-2024-39494, CVE-2024-38570, CVE-2024-27012, CVE-2024-39496, CVE-2024-42160, CVE-2024-41009, CVE-2024-42228, CVE-2024-26677) https://ubuntu.com/security/notices/USN-7021-3Thu, 26 Sep 2024 11:24:20 +0000https://ubuntu.com/security/notices/USN-7020-3Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - SCSI drivers; - F2FS file system; - BPF subsystem; - IPv4 networking; (CVE-2024-42160, CVE-2024-42159, CVE-2024-42224, CVE-2024-41009, CVE-2024-42154, CVE-2024-42228) https://ubuntu.com/security/notices/USN-7020-3Thu, 26 Sep 2024 10:57:17 +0000https://ubuntu.com/security/notices/USN-7034-2USN-7034-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate authority bundle. https://ubuntu.com/security/notices/USN-7034-2Thu, 26 Sep 2024 10:09:27 +0000