Ubuntu 6577 Published by

Ubuntu Linux has received security updates, including updated packages for Firefox, WEBrick, CUPS, and cups-filters vulnerabilities:

[USN-7056-1] Firefox vulnerabilities
[USN-7057-1] WEBrick vulnerability
[USN-7041-3] CUPS vulnerability
[USN-7043-3] cups-filters vulnerability




[USN-7056-1] Firefox vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7056-1
October 07, 2024

firefox vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Firefox.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-9392,
CVE-2024-9396, CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,
CVE-2024-9401, CVE-2024-9402, CVE-2024-9403)

Masato Kinugawa discovered that Firefox did not properly validate
javascript under the "resource://pdf.js" origin. An attacker could
potentially exploit this issue to execute arbitrary javascript code and
access cross-origin PDF content. (CVE-2024-9393)

Masato Kinugawa discovered that Firefox did not properly validate
javascript under the "resource://devtools" origin. An attacker could
potentially exploit this issue to execute arbitrary javascript code and
access cross-origin JSON content. (CVE-2024-9394)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
firefox 131.0+build1.1-0ubuntu0.20.04.1

After a standard system update you need to restart Firefox to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-7056-1
CVE-2024-9392, CVE-2024-9393, CVE-2024-9394, CVE-2024-9396,
CVE-2024-9397, CVE-2024-9398, CVE-2024-9399, CVE-2024-9400,
CVE-2024-9401, CVE-2024-9402, CVE-2024-9403

Package Information:
https://launchpad.net/ubuntu/+source/firefox/131.0+build1.1-0ubuntu0.20.04.1



[USN-7057-1] WEBrick vulnerability


==========================================================================
Ubuntu Security Notice USN-7057-1
October 07, 2024

ruby-webrick vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

WEBrick could allow a HTTP request smuggling attack.

Software Description:
- ruby-webrick: HTTP server toolkit in Ruby

Details:

It was discovered that WEBrick incorrectly handled having both a Content-
Length header and a Transfer-Encoding header. A remote attacker could
possibly use this issue to perform a HTTP request smuggling attack.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
ruby-webrick 1.8.1-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7057-1
CVE-2024-47220

Package Information:
https://launchpad.net/ubuntu/+source/ruby-webrick/1.8.1-1ubuntu0.1



[USN-7041-3] CUPS vulnerability


==========================================================================
Ubuntu Security Notice USN-7041-3
October 07, 2024

cups vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

CUPS could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- cups: Common UNIX Printing System(tm)

Details:

USN-7041-1 fixed a vulnerability in CUPS. This update provides
the corresponding update for Ubuntu 16.04 LTS.

Original advisory details:

Simone Margaritelli discovered that CUPS incorrectly sanitized IPP
data when creating PPD files. A remote attacker could possibly use this
issue to manipulate PPD files and execute arbitrary code when a printer is
used.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
cups 2.1.3-4ubuntu0.11+esm8
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7041-3
https://ubuntu.com/security/notices/USN-7041-2
https://ubuntu.com/security/notices/USN-7041-1
CVE-2024-47175



[USN-7043-3] cups-filters vulnerability


==========================================================================
Ubuntu Security Notice USN-7043-3
October 07, 2024

cups-filters vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

cups-filters could be made to run programs if it received specially crafted
network traffic.

Software Description:
- cups-filters: OpenPrinting CUPS Filters

Details:

USN-7043-1 fixed a vulnerability in cups-filters. This update provides
the corresponding update for Ubuntu 16.04 LTS

Original advisory details:

Simone Margaritelli discovered that the cups-filters cups-browsed
component could be used to create arbitrary printers from outside
the local network. In combination with issues in other printing
components, a remote attacker could possibly use this issue to
connect to a system, created manipulated PPD files, and execute
arbitrary code when a printer is used. This update
disables support for the legacy CUPS printer discovery protocol.
(CVE-2024-47176)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
cups-browsed 1.8.3-2ubuntu3.5+esm2
Available with Ubuntu Pro
cups-filters 1.8.3-2ubuntu3.5+esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7043-3
https://ubuntu.com/security/notices/USN-7043-2
https://ubuntu.com/security/notices/USN-7043-1
CVE-2024-47176