Ubuntu 6576 Published by

Ubuntu Linux has received updates focused on security, addressing vulnerabilities in ImageMagick, the Linux kernel, and nano:

[USN-7068-1] ImageMagick vulnerabilities
[USN-7069-1] Linux kernel vulnerabilities
[USN-7064-1] nano vulnerability




[USN-7068-1] ImageMagick vulnerabilities


==========================================================================

Ubuntu Security Notice USN-7068-1
October 15, 2024

imagemagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain
malformed image files. If a user or automated system using ImageMagick
were tricked into processing a specially crafted file, an attacker could
exploit this to cause a denial of service or affect the reliability of the
system. The vulnerabilities included memory leaks, buffer overflows, and
improper handling of pixel data.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  imagemagick-6.q16               8:6.8.9.9-7ubuntu5.16+esm11
                                  Available with Ubuntu Pro
  libimage-magick-perl            8:6.8.9.9-7ubuntu5.16+esm11
                                  Available with Ubuntu Pro
  libimage-magick-q16-perl        8:6.8.9.9-7ubuntu5.16+esm11
                                  Available with Ubuntu Pro
  libmagick++-6.q16-5v5           8:6.8.9.9-7ubuntu5.16+esm11
                                  Available with Ubuntu Pro
  libmagickcore-6-headers         8:6.8.9.9-7ubuntu5.16+esm11
                                  Available with Ubuntu Pro
  libmagickcore-6.q16-2           8:6.8.9.9-7ubuntu5.16+esm11
                                  Available with Ubuntu Pro
  libmagickcore-6.q16-2-extra     8:6.8.9.9-7ubuntu5.16+esm11
                                  Available with Ubuntu Pro
  libmagickcore-6.q16-dev         8:6.8.9.9-7ubuntu5.16+esm11
                                  Available with Ubuntu Pro
  libmagickwand-6.q16-2           8:6.8.9.9-7ubuntu5.16+esm11
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  imagemagick                     8:6.7.7.10-6ubuntu3.13+esm11
                                  Available with Ubuntu Pro
  libmagick++-dev                 8:6.7.7.10-6ubuntu3.13+esm11
                                  Available with Ubuntu Pro
  libmagick++5                    8:6.7.7.10-6ubuntu3.13+esm11
                                  Available with Ubuntu Pro
  libmagickcore-dev               8:6.7.7.10-6ubuntu3.13+esm11
                                  Available with Ubuntu Pro
  libmagickcore5                  8:6.7.7.10-6ubuntu3.13+esm11
                                  Available with Ubuntu Pro
  libmagickcore5-extra            8:6.7.7.10-6ubuntu3.13+esm11
                                  Available with Ubuntu Pro
  libmagickwand-dev               8:6.7.7.10-6ubuntu3.13+esm11
                                  Available with Ubuntu Pro
  libmagickwand5                  8:6.7.7.10-6ubuntu3.13+esm11
                                  Available with Ubuntu Pro
  perlmagick                      8:6.7.7.10-6ubuntu3.13+esm11
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7068-1
( https://ubuntu.com/security/notices/USN-7068-1)
  CVE-2019-7397, CVE-2019-7398, CVE-2019-9956, CVE-2020-19667,
  CVE-2020-25664, CVE-2020-25665, CVE-2020-25666, CVE-2020-25674,
  CVE-2020-25676, CVE-2020-27560, CVE-2020-27750, CVE-2020-27753,
  CVE-2020-27754, CVE-2020-27755, CVE-2020-27758, CVE-2020-27759,
  CVE-2020-27760, CVE-2020-27761, CVE-2020-27762, CVE-2020-27763,
  CVE-2020-27764, CVE-2020-27765, CVE-2020-27766, CVE-2020-27767,
  CVE-2020-27768, CVE-2020-27769, CVE-2020-27770, CVE-2020-27771,
  CVE-2020-27772, CVE-2020-27773, CVE-2020-27774, CVE-2020-27775,
  CVE-2020-27776



[USN-7069-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7069-1
October 15, 2024

linux, linux-aws, linux-aws-hwe, linux-azure-4.15, linux-gcp,
linux-gcp-4.15, linux-hwe, linux-kvm, linux-oracle vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- Cryptographic API;
- CPU frequency scaling framework;
- HW tracing;
- ISDN/mISDN subsystem;
- Media drivers;
- Network drivers;
- NVME drivers;
- S/390 drivers;
- SCSI drivers;
- USB subsystem;
- VFIO drivers;
- Watchdog drivers;
- JFS file system;
- IRQ subsystem;
- Core kernel;
- Memory management;
- Amateur Radio drivers;
- IPv4 networking;
- IPv6 networking;
- IUCV driver;
- Network traffic control;
- TIPC protocol;
- XFRM subsystem;
- Integrity Measurement Architecture(IMA) framework;
- SoC Audio for Freescale CPUs drivers;
- USB sound devices;
(CVE-2024-36971, CVE-2024-42271, CVE-2024-38630, CVE-2024-38602,
CVE-2024-42223, CVE-2024-44940, CVE-2023-52528, CVE-2024-41097,
CVE-2024-27051, CVE-2024-42157, CVE-2024-46673, CVE-2024-39494,
CVE-2024-42089, CVE-2024-41073, CVE-2024-26810, CVE-2024-26960,
CVE-2024-38611, CVE-2024-31076, CVE-2024-26754, CVE-2023-52510,
CVE-2024-40941, CVE-2024-45016, CVE-2024-38627, CVE-2024-38621,
CVE-2024-39487, CVE-2024-27436, CVE-2024-40901, CVE-2024-26812,
CVE-2024-42244, CVE-2024-42229, CVE-2024-43858, CVE-2024-42280,
CVE-2024-26641, CVE-2024-42284, CVE-2024-26602)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1136-oracle 4.15.0-1136.147
Available with Ubuntu Pro
linux-image-4.15.0-1157-kvm 4.15.0-1157.162
Available with Ubuntu Pro
linux-image-4.15.0-1167-gcp 4.15.0-1167.184
Available with Ubuntu Pro
linux-image-4.15.0-1174-aws 4.15.0-1174.187
Available with Ubuntu Pro
linux-image-4.15.0-1182-azure 4.15.0-1182.197
Available with Ubuntu Pro
linux-image-4.15.0-230-generic 4.15.0-230.242
Available with Ubuntu Pro
linux-image-4.15.0-230-lowlatency 4.15.0-230.242
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1174.172
Available with Ubuntu Pro
linux-image-azure-lts-18.04 4.15.0.1182.150
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1167.180
Available with Ubuntu Pro
linux-image-generic 4.15.0.230.214
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1157.148
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.230.214
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1136.141
Available with Ubuntu Pro
linux-image-virtual 4.15.0.230.214
Available with Ubuntu Pro

Ubuntu 16.04 LTS
linux-image-4.15.0-1136-oracle 4.15.0-1136.147~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1167-gcp 4.15.0-1167.184~16.04.2
Available with Ubuntu Pro
linux-image-4.15.0-1174-aws 4.15.0-1174.187~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-230-generic 4.15.0-230.242~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-230-lowlatency 4.15.0-230.242~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1174.187~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1167.184~16.04.2
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.230.242~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1167.184~16.04.2
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.230.242~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.230.242~16.04.1
Available with Ubuntu Pro
linux-image-oracle 4.15.0.1136.147~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.230.242~16.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7069-1
CVE-2023-52510, CVE-2023-52528, CVE-2024-26602, CVE-2024-26641,
CVE-2024-26754, CVE-2024-26810, CVE-2024-26812, CVE-2024-26960,
CVE-2024-27051, CVE-2024-27436, CVE-2024-31076, CVE-2024-36971,
CVE-2024-38602, CVE-2024-38611, CVE-2024-38621, CVE-2024-38627,
CVE-2024-38630, CVE-2024-39487, CVE-2024-39494, CVE-2024-40901,
CVE-2024-40941, CVE-2024-41073, CVE-2024-41097, CVE-2024-42089,
CVE-2024-42157, CVE-2024-42223, CVE-2024-42229, CVE-2024-42244,
CVE-2024-42271, CVE-2024-42280, CVE-2024-42284, CVE-2024-43858,
CVE-2024-44940, CVE-2024-45016, CVE-2024-46673



[USN-7064-1] nano vulnerability


==========================================================================
Ubuntu Security Notice USN-7064-1
October 15, 2024

nano vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

nano could be made to give users administrator privileges.

Software Description:
- nano: small, friendly text editor inspired by Pico

Details:

It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  nano                            7.2-2ubuntu0.1

Ubuntu 22.04 LTS
  nano                            6.2-1ubuntu0.1

Ubuntu 20.04 LTS
  nano                            4.8-1ubuntu1.1

Ubuntu 18.04 LTS
  nano                            2.9.3-2ubuntu0.1~esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  nano                            2.5.3-2ubuntu2+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7064-1
  CVE-2024-5742

Package Information:
  https://launchpad.net/ubuntu/+source/nano/7.2-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/nano/6.2-1ubuntu0.1
  https://launchpad.net/ubuntu/+source/nano/4.8-1ubuntu1.1