Category Archives: Advisories

USN-6718-3: curl vulnerabilities

Read Time:30 Second

USN-6718-1 fixed vulnerabilities in curl. This update provides the
corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Dan Fandrich discovered that curl would incorrectly use the default set of
protocols when a parameter option disabled all protocols without adding
any, contrary to expectations. This issue only affected Ubuntu 23.10.
(CVE-2024-2004)

It was discovered that curl incorrectly handled memory when limiting the
amount of headers when HTTP/2 server push is allowed. A remote attacker
could possibly use this issue to cause curl to consume resources, leading
to a denial of service. (CVE-2024-2398)

Read More

USN-6729-3: Apache HTTP Server vulnerabilities

Read Time:38 Second

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. This update
provides the corresponding updates for Ubuntu 24.04 LTS.

Original advisory details:

Orange Tsai discovered that the Apache HTTP Server incorrectly handled
validating certain input. A remote attacker could possibly use this
issue to perform HTTP request splitting attacks. (CVE-2023-38709)

Keran Mu and Jianjun Chen discovered that the Apache HTTP Server
incorrectly handled validating certain input. A remote attacker could
possibly use this issue to perform HTTP request splitting attacks.
(CVE-2024-24795)

Bartek Nowotarski discovered that the Apache HTTP Server HTTP/2 module
incorrectly handled endless continuation frames. A remote attacker could
possibly use this issue to cause the server to consume resources, leading
to a denial of service. (CVE-2024-27316)

Read More

USN-6737-2: GNU C Library vulnerability

Read Time:20 Second

USN-6737-1 fixed a vulnerability in the GNU C Library. This update provides
the corresponding update for Ubuntu 24.04 LTS.

Original advisory details:

Charles Fol discovered that the GNU C Library iconv feature incorrectly
handled certain input sequences. An attacker could use this issue to cause
the GNU C Library to crash, resulting in a denial of service, or possibly
execute arbitrary code.

Read More

USN-6755-1: GNU cpio vulnerabilities

Read Time:15 Second

Ingo Brückl discovered that cpio contained a path traversal vulnerability.
If a user or automated system were tricked into extracting a specially
crafted cpio archive, an attacker could possibly use this issue to write
arbitrary files outside the target directory on the host, even if using the
option –no-absolute-filenames.

Read More

USN-6756-1: less vulnerability

Read Time:12 Second

It was discovered that less mishandled newline characters in file names. If
a user or automated system were tricked into opening specially crafted
files, an attacker could possibly use this issue to execute arbitrary
commands on the host.

Read More