Ubuntu

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. (CVE-2023-7042) It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. (CVE-2024-0841) It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. (CVE-2024-21823) Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-22099) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-24861) Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device volume management subsystem did not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-25739) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Accessibility subsystem; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Clock framework and drivers; - Data acquisition framework and drivers; - CPU frequency scaling framework; - Cryptographic API; - DMA engine subsystem; - EFI core; - GPU drivers; - HID subsystem; - I2C subsystem; - InfiniBand drivers; - IOMMU subsystem; - IRQ chip drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - Network drivers; - NTB driver; - NVME drivers; - Device tree and open firmware driver; - PCI subsystem; - MediaTek PM domains; - Power supply drivers; - S/390 drivers; - SCSI drivers; - Freescale SoC drivers; - SPI subsystem; - Media staging drivers; - TCM subsystem; - Trusted Execution Environment drivers; - TTY drivers; - USB subsystem; - VFIO drivers; - Framebuffer layer; - Xen hypervisor drivers; - AFS file system; - File systems infrastructure; - BTRFS file system; - EROFS file system; - Ext4 file system; - F2FS file system; - FAT file system; - Network file system client; - Network file system server daemon; - NILFS2 file system; - NTFS3 file system; - Pstore file system; - Diskquota system; - SMB network file system; - UBI file system; - BPF subsystem; - Netfilter; - TLS protocol; - io_uring subsystem; - Core kernel; - PCI iomap interfaces; - Memory management; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - Distributed Switch Architecture; - HSR network protocol; - IPv4 networking; - IPv6 networking; - L2TP protocol; - MAC80211 subsystem; - IEEE 802.15.4 subsystem; - Multipath TCP; - Netlink; - NET/ROM layer; - NFC subsystem; - Open vSwitch; - Packet sockets; - RDS protocol; - Network traffic control; - SMC sockets; - Sun RPC protocol; - Unix domain sockets; - Wireless networking; - eXpress Data Path; - ALSA SH drivers; - USB sound devices; - KVM core; (CVE-2024-26984, CVE-2024-26838, CVE-2024-26925, CVE-2024-26790, CVE-2024-26955, CVE-2024-27431, CVE-2024-26737, CVE-2024-27044, CVE-2024-26964, CVE-2024-26880, CVE-2024-26926, CVE-2024-26843, CVE-2024-26735, CVE-2024-26881, CVE-2023-52644, CVE-2024-26747, CVE-2024-27405, CVE-2024-26875, CVE-2024-35896, CVE-2024-35829, CVE-2024-26877, CVE-2024-26855, CVE-2024-27414, CVE-2024-35897, CVE-2024-35845, CVE-2024-26601, CVE-2024-35817, CVE-2024-36006, CVE-2024-26957, CVE-2024-27019, CVE-2024-35830, CVE-2024-26977, CVE-2024-26803, CVE-2024-26629, CVE-2024-26994, CVE-2024-27078, CVE-2024-35789, CVE-2023-52641, CVE-2024-27016, CVE-2024-26752, CVE-2024-27028, CVE-2024-26817, CVE-2024-26840, CVE-2024-26969, CVE-2024-26965, CVE-2023-52656, CVE-2024-35973, CVE-2024-35852, CVE-2024-26651, CVE-2024-27432, CVE-2024-27416, CVE-2024-26792, CVE-2024-35877, CVE-2024-26584, CVE-2024-26903, CVE-2024-26951, CVE-2024-36004, CVE-2024-26861, CVE-2024-27412, CVE-2024-26788, CVE-2024-35813, CVE-2024-26931, CVE-2023-52620, CVE-2024-27075, CVE-2024-36008, CVE-2024-35855, CVE-2024-27059, CVE-2024-35806, CVE-2024-26763, CVE-2024-35955, CVE-2024-35936, CVE-2024-26856, CVE-2024-26966, CVE-2024-35969, CVE-2024-35960, CVE-2024-35796, CVE-2024-26810, CVE-2024-26862, CVE-2023-52434, CVE-2024-27046, CVE-2024-26999, CVE-2024-26778, CVE-2023-52497, CVE-2024-35872, CVE-2024-26585, CVE-2024-35978, CVE-2024-35918, CVE-2024-35879, CVE-2024-27388, CVE-2024-26898, CVE-2024-26879, CVE-2024-26882, CVE-2023-52650, CVE-2024-35884, CVE-2024-27396, CVE-2024-35785, CVE-2024-36005, CVE-2024-35989, CVE-2023-52662, CVE-2024-35857, CVE-2024-26828, CVE-2024-27054, CVE-2024-26688, CVE-2024-35997, CVE-2024-26603, CVE-2024-26820, CVE-2024-35915, CVE-2024-35982, CVE-2024-26874, CVE-2024-26801, CVE-2024-26814, CVE-2024-27045, CVE-2024-26897, CVE-2024-35895, CVE-2024-35944, CVE-2024-35804, CVE-2024-26805, CVE-2024-27052, CVE-2024-35851, CVE-2024-35900, CVE-2024-35807, CVE-2024-26816, CVE-2024-26769, CVE-2024-27004, CVE-2024-27001, CVE-2024-27415, CVE-2024-35825, CVE-2024-26777, CVE-2024-27000, CVE-2024-27030, CVE-2024-26878, CVE-2024-26804, CVE-2024-27051, CVE-2024-26934, CVE-2024-27043, CVE-2024-26791, CVE-2024-27009, CVE-2024-26795, CVE-2023-52640, CVE-2024-35893, CVE-2024-35898, CVE-2024-26859, CVE-2024-27393, CVE-2024-26766, CVE-2024-26659, CVE-2024-26642, CVE-2024-26989, CVE-2024-26811, CVE-2024-26846, CVE-2024-26743, CVE-2024-35823, CVE-2024-27076, CVE-2024-26935, CVE-2023-52645, CVE-2024-26813, CVE-2024-26782, CVE-2024-26970, CVE-2024-26915, CVE-2024-27039, CVE-2024-26906, CVE-2024-35791, CVE-2024-35990, CVE-2024-26845, CVE-2024-35805, CVE-2024-35912, CVE-2024-27437, CVE-2024-27436, CVE-2024-26772, CVE-2024-26812, CVE-2024-26754, CVE-2024-26958, CVE-2024-26956, CVE-2024-26749, CVE-2024-27413, CVE-2024-27037, CVE-2023-52447, CVE-2024-27403, CVE-2023-52652, CVE-2024-36025, CVE-2024-26996, CVE-2024-35847, CVE-2022-48808, CVE-2024-26976, CVE-2024-26802, CVE-2024-36020, CVE-2024-27034, CVE-2024-26993, CVE-2024-27065, CVE-2024-35930, CVE-2024-26774, CVE-2024-26872, CVE-2024-26924, CVE-2024-26852, CVE-2024-26923, CVE-2024-26771, CVE-2024-35933, CVE-2024-35925, CVE-2024-26937, CVE-2024-26894, CVE-2024-26839, CVE-2024-35899, CVE-2024-26889, CVE-2024-35958, CVE-2024-35885, CVE-2024-35828, CVE-2024-26870, CVE-2024-26583, CVE-2024-26736, CVE-2024-35938, CVE-2024-26793, CVE-2024-26891, CVE-2024-35910, CVE-2024-26654, CVE-2024-35940, CVE-2024-26851, CVE-2024-35984, CVE-2024-26809, CVE-2024-35819, CVE-2024-35821, CVE-2024-26643, CVE-2024-36029, CVE-2024-35888, CVE-2024-27390, CVE-2024-26773, CVE-2024-26733, CVE-2024-26961, CVE-2024-35822, CVE-2024-35854, CVE-2024-35950, CVE-2024-35970, CVE-2024-27053, CVE-2024-26907, CVE-2024-26776, CVE-2024-26748, CVE-2024-26988, CVE-2024-35935, CVE-2024-26744, CVE-2024-27008, CVE-2024-35905, CVE-2024-26974, CVE-2024-26950, CVE-2024-26787, CVE-2024-27077, CVE-2024-35886, CVE-2024-35907, CVE-2024-27020, CVE-2024-26764, CVE-2024-26835, CVE-2024-35988, CVE-2024-26687, CVE-2024-35809, CVE-2024-35844, CVE-2024-26901, CVE-2024-26848, CVE-2024-26857, CVE-2024-26751, CVE-2024-27074, CVE-2024-26885, CVE-2024-26884, CVE-2024-27410, CVE-2024-35871, CVE-2024-26883, CVE-2023-52699, CVE-2024-35922, CVE-2024-26895, CVE-2024-26798, CVE-2024-26981, CVE-2024-27013, CVE-2024-27419, CVE-2024-26779, CVE-2024-27395, CVE-2024-27015, CVE-2024-35890, CVE-2024-26863, CVE-2024-26922, CVE-2024-27417, CVE-2023-52488, CVE-2024-26929, CVE-2024-26960, CVE-2024-26833, CVE-2024-26750, CVE-2024-27024, CVE-2024-36007, CVE-2024-27047, CVE-2024-35853, CVE-2024-26973, CVE-2024-27038, CVE-2024-35934, CVE-2024-27073, CVE-2024-35849, CVE-2023-52880, CVE-2024-35976)

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - Accessibility subsystem; - Android drivers; - Drivers core; - Bluetooth drivers; - Clock framework and drivers; - Data acquisition framework and drivers; - Cryptographic API; - Buffer Sharing and Synchronization framework; - GPU drivers; - On-Chip Interconnect management framework; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - Network drivers; - Microsoft Azure Network Adapter (MANA) driver; - Device tree and open firmware driver; - Chrome hardware platform drivers; - i.MX PM domains; - TI SCI PM domains driver; - S/390 drivers; - SCSI drivers; - SPI subsystem; - Thermal drivers; - TTY drivers; - USB subsystem; - Framebuffer layer; - BTRFS file system; - Network file system server daemon; - NILFS2 file system; - File systems infrastructure; - Pstore file system; - SMB network file system; - BPF subsystem; - Bluetooth subsystem; - Netfilter; - io_uring subsystem; - Core kernel; - Extra boot config (XBC); - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Multipath TCP; - NFC subsystem; - RDS protocol; - Network traffic control; - SMC sockets; - Sun RPC protocol; - TLS protocol; - Unix domain sockets; - Wireless networking; - eXpress Data Path; - SELinux security module; (CVE-2024-26988, CVE-2024-36023, CVE-2024-35869, CVE-2024-35938, CVE-2024-27000, CVE-2024-35880, CVE-2024-35915, CVE-2024-35959, CVE-2024-35883, CVE-2024-35886, CVE-2024-35976, CVE-2024-35903, CVE-2024-35980, CVE-2024-27020, CVE-2024-35955, CVE-2024-35964, CVE-2024-26980, CVE-2024-35882, CVE-2024-35927, CVE-2024-35884, CVE-2024-35914, CVE-2024-35905, CVE-2024-26925, CVE-2024-35885, CVE-2024-26990, CVE-2024-27012, CVE-2024-35969, CVE-2024-35862, CVE-2024-35956, CVE-2024-35971, CVE-2024-27022, CVE-2024-35935, CVE-2024-26992, CVE-2024-27010, CVE-2024-35892, CVE-2024-26999, CVE-2024-26989, CVE-2024-35963, CVE-2024-35981, CVE-2024-26997, CVE-2024-35920, CVE-2024-35918, CVE-2024-35933, CVE-2024-35867, CVE-2024-35904, CVE-2024-35890, CVE-2024-35968, CVE-2024-35917, CVE-2024-35897, CVE-2024-26922, CVE-2024-36026, CVE-2024-27013, CVE-2024-26991, CVE-2024-26996, CVE-2024-35873, CVE-2024-26987, CVE-2024-35895, CVE-2024-36027, CVE-2024-35896, CVE-2024-35894, CVE-2024-26983, CVE-2024-35966, CVE-2024-35967, CVE-2024-35945, CVE-2024-27003, CVE-2024-35939, CVE-2024-35861, CVE-2024-26985, CVE-2024-27015, CVE-2024-35982, CVE-2024-35912, CVE-2024-35979, CVE-2024-35879, CVE-2024-26982, CVE-2024-35891, CVE-2024-35925, CVE-2024-35870, CVE-2024-27021, CVE-2024-35866, CVE-2024-27014, CVE-2024-27001, CVE-2024-27004, CVE-2024-35953, CVE-2024-36021, CVE-2024-35931, CVE-2024-27007, CVE-2024-35922, CVE-2024-35872, CVE-2024-35926, CVE-2024-27016, CVE-2024-26984, CVE-2024-35919, CVE-2024-35911, CVE-2024-26923, CVE-2024-35929, CVE-2024-35887, CVE-2024-35893, CVE-2024-35898, CVE-2024-35930, CVE-2024-35934, CVE-2024-35916, CVE-2024-35877, CVE-2024-26926, CVE-2024-35974, CVE-2024-36018, CVE-2024-27002, CVE-2024-35975, CVE-2024-35864, CVE-2024-35958, CVE-2024-35944, CVE-2024-35985, CVE-2024-35940, CVE-2024-35900, CVE-2024-27018, CVE-2024-26936, CVE-2024-36024, CVE-2024-26998, CVE-2024-35954, CVE-2024-35878, CVE-2024-26928, CVE-2024-35952, CVE-2024-36020, CVE-2024-26986, CVE-2024-35950, CVE-2024-35957, CVE-2024-35909, CVE-2024-27005, CVE-2024-35978, CVE-2024-35875, CVE-2024-35943, CVE-2024-35970, CVE-2024-35863, CVE-2024-26993, CVE-2024-35865, CVE-2024-26995, CVE-2024-35888, CVE-2024-35899, CVE-2024-35868, CVE-2023-52699, CVE-2024-26994, CVE-2024-26817, CVE-2024-35902, CVE-2024-35977, CVE-2024-35961, CVE-2024-36025, CVE-2024-35936, CVE-2024-35913, CVE-2024-27017, CVE-2024-35889, CVE-2024-35972, CVE-2024-35901, CVE-2024-26921, CVE-2024-26924, CVE-2024-35951, CVE-2024-35860, CVE-2024-35907, CVE-2024-35910, CVE-2024-36022, CVE-2024-27019, CVE-2024-27009, CVE-2024-26981, CVE-2024-35973, CVE-2024-35965, CVE-2024-36019, CVE-2024-35871, CVE-2024-27008, CVE-2024-26811, CVE-2024-35908, CVE-2024-35921, CVE-2024-35942, CVE-2024-35946, CVE-2024-35924, CVE-2024-27011, CVE-2024-35960, CVE-2024-27006, CVE-2024-35937, CVE-2024-35932)

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-24861) Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device volume management subsystem did not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-25739) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Accessibility subsystem; - Android drivers; - Bluetooth drivers; - Clock framework and drivers; - Data acquisition framework and drivers; - Cryptographic API; - DMA engine subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - IRQ chip drivers; - Multiple devices driver; - VMware VMCI Driver; - MMC subsystem; - Network drivers; - Microsoft Azure Network Adapter (MANA) driver; - Device tree and open firmware driver; - PCI subsystem; - S/390 drivers; - SCSI drivers; - Freescale SoC drivers; - Trusted Execution Environment drivers; - TTY drivers; - USB subsystem; - VFIO drivers; - Framebuffer layer; - Xen hypervisor drivers; - File systems infrastructure; - BTRFS file system; - Ext4 file system; - FAT file system; - Network file system client; - Network file system server daemon; - NILFS2 file system; - Pstore file system; - SMB network file system; - UBI file system; - Netfilter; - BPF subsystem; - Core kernel; - PCI iomap interfaces; - Memory management; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - Distributed Switch Architecture; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - IEEE 802.15.4 subsystem; - NFC subsystem; - Open vSwitch; - RDS protocol; - Network traffic control; - SMC sockets; - Unix domain sockets; - eXpress Data Path; - Key management; - ALSA SH drivers; - KVM core; (CVE-2024-26993, CVE-2024-26996, CVE-2024-35879, CVE-2024-26812, CVE-2024-26984, CVE-2024-26817, CVE-2024-35950, CVE-2024-26960, CVE-2024-27437, CVE-2024-26964, CVE-2024-27059, CVE-2024-35969, CVE-2024-35936, CVE-2024-35912, CVE-2024-35915, CVE-2024-35938, CVE-2024-27019, CVE-2024-35822, CVE-2024-35997, CVE-2024-35855, CVE-2024-26925, CVE-2024-26654, CVE-2024-26923, CVE-2024-36031, CVE-2024-36020, CVE-2024-35823, CVE-2024-35852, CVE-2024-35989, CVE-2024-27000, CVE-2024-35853, CVE-2024-27013, CVE-2024-35854, CVE-2024-35922, CVE-2024-26937, CVE-2023-52880, CVE-2024-26974, CVE-2024-26629, CVE-2024-35804, CVE-2024-35958, CVE-2024-26814, CVE-2024-35890, CVE-2024-35940, CVE-2024-26999, CVE-2024-35847, CVE-2024-27015, CVE-2024-26687, CVE-2024-26970, CVE-2024-35930, CVE-2024-26813, CVE-2024-26810, CVE-2024-26969, CVE-2024-26977, CVE-2024-26956, CVE-2024-35901, CVE-2024-27020, CVE-2024-35905, CVE-2024-35785, CVE-2024-27009, CVE-2024-35877, CVE-2024-35893, CVE-2024-26989, CVE-2024-26642, CVE-2024-35857, CVE-2024-35935, CVE-2024-26828, CVE-2024-26965, CVE-2024-35888, CVE-2024-35900, CVE-2024-26951, CVE-2024-35809, CVE-2024-27008, CVE-2024-26958, CVE-2024-35973, CVE-2024-26935, CVE-2024-26934, CVE-2024-35982, CVE-2023-52488, CVE-2024-35884, CVE-2024-35907, CVE-2024-27018, CVE-2024-26929, CVE-2024-35984, CVE-2024-35899, CVE-2024-26976, CVE-2024-26922, CVE-2024-35817, CVE-2024-26961, CVE-2024-35925, CVE-2024-35821, CVE-2024-36005, CVE-2024-35988, CVE-2024-35970, CVE-2024-27001, CVE-2024-35960, CVE-2022-48808, CVE-2024-35927, CVE-2024-35806, CVE-2024-27016, CVE-2024-35897, CVE-2024-26957, CVE-2024-36025, CVE-2024-35872, CVE-2024-26988, CVE-2024-35819, CVE-2024-35896, CVE-2024-36007, CVE-2024-35944, CVE-2024-35990, CVE-2024-36006, CVE-2024-36004, CVE-2024-35955, CVE-2024-35898, CVE-2024-26973, CVE-2024-26950, CVE-2024-36008, CVE-2024-35805, CVE-2024-35807, CVE-2024-35934, CVE-2024-26926, CVE-2024-35902, CVE-2024-35918, CVE-2024-35895, CVE-2024-35978, CVE-2024-35849, CVE-2024-35791, CVE-2024-26931, CVE-2024-35886, CVE-2024-26981, CVE-2024-27395, CVE-2024-35815, CVE-2024-26994, CVE-2024-35825, CVE-2024-35789, CVE-2024-35813, CVE-2024-35885, CVE-2024-35851, CVE-2024-35796, CVE-2023-52699, CVE-2024-35871, CVE-2024-26811, CVE-2024-26966, CVE-2024-35976, CVE-2024-26955, CVE-2024-36029, CVE-2024-27396, CVE-2024-27004, CVE-2024-27393, CVE-2024-35910, CVE-2024-35933)

It was discovered that poppler incorrectly handled certain malformed PDF. An attacker could possibly use this issue to cause a denial of service.

Filip Hejsek discovered that the phpCAS library included in OCS Inventory was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account.

Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an incompatible API change. After applying this update, third party applications need to be modified to pass in an additional service base URL argument when constructing the client class. For more information please refer to the section "Upgrading 1.5.0 -> 1.6.0" of the phpCAS upgrading document: https://github.com/apereo/phpCAS/blob/master/docs/Upgrading

James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges.

It was discovered that python-zipp did not properly handle the zip files with malformed names. An attacker could possibly use this issue to cause a denial of service.

Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2015-7559) Peter Stöckli discovered that Apache ActiveMQ incorrectly handled hostname verification. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-11775) Jonathan Gallimore and Colm Ó hÉigeartaigh discovered that Apache ActiveMQ incorrectly handled authentication in certain functions. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13920) Gregor Tudan discovered that Apache ActiveMQ incorrectly handled LDAP authentication. A remote attacker could possibly use this issue to acquire unauthenticated access. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26117) It was discovered that Apache ActiveMQ incorrectly handled authentication. A remote attacker could possibly use this issue to run arbitrary code. (CVE-2022-41678) It was discovered that Apache ActiveMQ incorrectly handled deserialization. A remote attacker could possibly use this issue to run arbitrary shell commands. (CVE-2023-46604)

Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character (#). A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.

Arnaud Morin discovered that Nova incorrectly handled certain raw format images. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

Joshua Rogers discovered that Squid did not properly handle multi-byte characters during Edge Side Includes (ESI) processing. A remote attacker could possibly use this issue to cause a memory corruption error, leading to a denial of service.

It was discovered that Bind incorrectly handled a flood of DNS messages over TCP. A remote attacker could possibly use this issue to cause Bind to become unstable, resulting in a denial of service. (CVE-2024-0760) Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2024-1737) It was discovered that Bind incorrectly handled a large number of SIG(0) signed requests. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service. (CVE-2024-1975) Daniel Stränger discovered that Bind incorrectly handled serving both stable cache data and authoritative zone content. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2024-4076) On Ubuntu 20.04 LTS, Bind has been updated from 9.16 to 9.18. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918

It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. (CVE-2019-0221) It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2020-9484, CVE-2021-25329)

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. (CVE-2022-38096) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-24861) Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device volume management subsystem did not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-25739) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Block layer subsystem; - Accessibility subsystem; - Android drivers; - Bluetooth drivers; - Clock framework and drivers; - Data acquisition framework and drivers; - Cryptographic API; - DMA engine subsystem; - GPU drivers; - HID subsystem; - I2C subsystem; - IRQ chip drivers; - Multiple devices driver; - VMware VMCI Driver; - MMC subsystem; - Network drivers; - Device tree and open firmware driver; - PCI subsystem; - S/390 drivers; - SCSI drivers; - Freescale SoC drivers; - Trusted Execution Environment drivers; - TTY drivers; - USB subsystem; - VFIO drivers; - Framebuffer layer; - Xen hypervisor drivers; - File systems infrastructure; - BTRFS file system; - Ext4 file system; - FAT file system; - Network file system client; - Network file system server daemon; - NILFS2 file system; - Pstore file system; - SMB network file system; - UBI file system; - Netfilter; - BPF subsystem; - Core kernel; - PCI iomap interfaces; - Memory management; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - IEEE 802.15.4 subsystem; - NFC subsystem; - Open vSwitch; - RDS protocol; - Network traffic control; - SMC sockets; - Unix domain sockets; - eXpress Data Path; - ALSA SH drivers; - KVM core; (CVE-2024-35872, CVE-2024-35807, CVE-2024-27013, CVE-2024-35989, CVE-2024-36008, CVE-2024-26957, CVE-2024-35912, CVE-2024-27000, CVE-2024-35918, CVE-2024-26977, CVE-2024-35821, CVE-2024-35853, CVE-2024-26814, CVE-2024-35823, CVE-2024-35958, CVE-2024-26813, CVE-2024-26811, CVE-2024-26937, CVE-2024-26951, CVE-2024-35925, CVE-2024-26929, CVE-2024-35988, CVE-2024-35902, CVE-2024-26994, CVE-2024-27001, CVE-2024-36029, CVE-2024-36005, CVE-2024-35970, CVE-2024-36007, CVE-2024-35809, CVE-2024-27019, CVE-2024-26970, CVE-2024-27059, CVE-2024-35877, CVE-2024-35899, CVE-2024-26989, CVE-2024-27008, CVE-2024-26812, CVE-2024-35969, CVE-2024-35785, CVE-2024-35871, CVE-2024-35847, CVE-2024-36006, CVE-2024-35973, CVE-2024-27396, CVE-2024-35849, CVE-2024-35990, CVE-2024-26960, CVE-2024-26931, CVE-2024-35852, CVE-2024-26965, CVE-2024-35960, CVE-2024-35813, CVE-2024-26976, CVE-2024-36004, CVE-2024-35895, CVE-2024-27018, CVE-2024-26969, CVE-2024-27016, CVE-2024-27437, CVE-2024-26956, CVE-2024-26629, CVE-2024-35879, CVE-2024-35817, CVE-2024-26922, CVE-2024-35815, CVE-2024-35935, CVE-2024-35940, CVE-2023-52880, CVE-2024-35851, CVE-2024-35854, CVE-2024-35893, CVE-2024-26973, CVE-2024-35997, CVE-2024-26984, CVE-2024-26961, CVE-2024-26966, CVE-2024-35885, CVE-2024-27020, CVE-2024-26950, CVE-2024-35934, CVE-2024-26988, CVE-2024-35938, CVE-2024-26958, CVE-2024-35888, CVE-2024-27395, CVE-2024-35915, CVE-2024-35806, CVE-2024-26934, CVE-2024-35825, CVE-2024-35796, CVE-2024-35900, CVE-2024-35791, CVE-2024-26925, CVE-2024-35982, CVE-2024-26810, CVE-2024-26955, CVE-2024-26935, CVE-2024-35805, CVE-2024-35896, CVE-2024-35855, CVE-2024-35819, CVE-2024-26642, CVE-2024-27009, CVE-2024-35804, CVE-2024-35898, CVE-2024-35822, CVE-2024-35930, CVE-2024-35789, CVE-2024-26687, CVE-2024-26964, CVE-2024-35978, CVE-2024-35976, CVE-2024-35936, CVE-2024-26926, CVE-2024-26993, CVE-2024-35933, CVE-2024-35884, CVE-2024-26974, CVE-2024-35922, CVE-2024-35886, CVE-2024-27004, CVE-2024-36020, CVE-2024-35955, CVE-2024-26996, CVE-2024-26981, CVE-2024-36025, CVE-2024-26654, CVE-2024-27015, CVE-2024-35984, CVE-2024-26828, CVE-2024-35950, CVE-2024-35944, CVE-2024-35905, CVE-2024-35890, CVE-2024-26923, CVE-2024-35897, CVE-2024-27393, CVE-2023-52699, CVE-2024-26817, CVE-2024-35910, CVE-2024-35857, CVE-2024-35907, CVE-2023-52488, CVE-2024-26999)

It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; - Compute Acceleration Framework; - Accessibility subsystem; - Android drivers; - Drivers core; - Bluetooth drivers; - Clock framework and drivers; - Data acquisition framework and drivers; - Cryptographic API; - Buffer Sharing and Synchronization framework; - GPU drivers; - On-Chip Interconnect management framework; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - Network drivers; - Microsoft Azure Network Adapter (MANA) driver; - Device tree and open firmware driver; - Chrome hardware platform drivers; - i.MX PM domains; - TI SCI PM domains driver; - S/390 drivers; - SCSI drivers; - SPI subsystem; - Thermal drivers; - TTY drivers; - USB subsystem; - Framebuffer layer; - BTRFS file system; - Network file system server daemon; - NILFS2 file system; - File systems infrastructure; - Pstore file system; - SMB network file system; - BPF subsystem; - Bluetooth subsystem; - Netfilter; - io_uring subsystem; - Core kernel; - Extra boot config (XBC); - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Multipath TCP; - NFC subsystem; - RDS protocol; - Network traffic control; - SMC sockets; - Sun RPC protocol; - TLS protocol; - Unix domain sockets; - Wireless networking; - eXpress Data Path; - SELinux security module; (CVE-2024-35955, CVE-2024-35921, CVE-2024-35946, CVE-2024-35934, CVE-2024-26993, CVE-2024-35899, CVE-2024-35952, CVE-2024-35894, CVE-2024-35886, CVE-2024-35872, CVE-2024-35970, CVE-2024-35936, CVE-2024-35907, CVE-2024-27013, CVE-2024-35910, CVE-2024-27009, CVE-2024-35875, CVE-2024-36021, CVE-2024-26923, CVE-2024-26997, CVE-2024-35978, CVE-2024-35981, CVE-2024-27015, CVE-2024-26928, CVE-2024-35963, CVE-2024-35897, CVE-2024-27020, CVE-2024-35922, CVE-2024-27001, CVE-2024-27011, CVE-2024-35940, CVE-2024-35871, CVE-2024-35900, CVE-2024-35869, CVE-2024-35905, CVE-2024-35974, CVE-2024-35873, CVE-2024-35882, CVE-2024-35914, CVE-2024-35956, CVE-2024-35887, CVE-2024-35920, CVE-2024-27018, CVE-2024-35880, CVE-2024-35943, CVE-2024-35912, CVE-2024-35979, CVE-2024-35862, CVE-2024-36019, CVE-2024-35950, CVE-2024-35977, CVE-2024-35918, CVE-2024-26992, CVE-2024-35884, CVE-2024-35916, CVE-2024-26817, CVE-2024-35959, CVE-2024-35909, CVE-2024-35933, CVE-2024-35982, CVE-2024-26996, CVE-2024-35980, CVE-2024-36018, CVE-2024-26925, CVE-2024-35929, CVE-2024-35971, CVE-2024-26990, CVE-2024-35885, CVE-2024-36025, CVE-2024-26998, CVE-2024-35930, CVE-2024-26982, CVE-2024-36022, CVE-2024-35895, CVE-2024-35902, CVE-2024-35911, CVE-2024-27002, CVE-2024-35968, CVE-2024-35861, CVE-2024-35903, CVE-2024-36026, CVE-2024-35896, CVE-2024-35945, CVE-2024-26936, CVE-2024-35954, CVE-2024-26985, CVE-2024-35908, CVE-2024-35924, CVE-2024-35938, CVE-2024-26991, CVE-2024-27017, CVE-2024-26922, CVE-2024-35919, CVE-2024-35915, CVE-2024-35985, CVE-2024-26995, CVE-2024-35870, CVE-2024-27010, CVE-2024-35904, CVE-2024-26999, CVE-2024-26983, CVE-2024-35939, CVE-2024-35865, CVE-2024-35860, CVE-2024-35944, CVE-2024-27021, CVE-2024-27016, CVE-2024-27004, CVE-2024-27019, CVE-2024-36027, CVE-2024-35890, CVE-2024-35975, CVE-2024-35901, CVE-2024-35967, CVE-2024-26986, CVE-2024-35957, CVE-2024-35937, CVE-2024-26988, CVE-2024-35972, CVE-2024-35926, CVE-2024-26926, CVE-2024-35964, CVE-2024-26994, CVE-2024-35889, CVE-2024-26981, CVE-2024-36024, CVE-2024-27022, CVE-2024-35935, CVE-2024-26811, CVE-2024-35932, CVE-2024-35866, CVE-2024-27008, CVE-2024-27012, CVE-2024-36023, CVE-2024-35931, CVE-2024-35888, CVE-2024-26989, CVE-2024-35868, CVE-2024-35976, CVE-2024-35953, CVE-2024-36020, CVE-2024-35893, CVE-2024-35961, CVE-2024-35965, CVE-2024-35892, CVE-2024-35942, CVE-2024-35958, CVE-2024-27014, CVE-2024-35867, CVE-2024-27003, CVE-2024-27007, CVE-2024-35951, CVE-2024-35973, CVE-2024-35863, CVE-2024-26984, CVE-2024-35898, CVE-2024-35960, CVE-2024-27005, CVE-2024-35917, CVE-2024-35927, CVE-2024-26980, CVE-2024-35877, CVE-2024-35925, CVE-2024-26921, CVE-2024-35913, CVE-2023-52699, CVE-2024-26987, CVE-2024-27006, CVE-2024-35878, CVE-2024-35864, CVE-2024-35969, CVE-2024-35883, CVE-2024-35891, CVE-2024-35879, CVE-2024-27000, CVE-2024-35966)

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. (CVE-2023-7042) Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-22099) Gui-Dong Han discovered that the software RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-23307) It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. (CVE-2024-24857, CVE-2024-24858, CVE-2024-24859) Bai Jiaju discovered that the Xceive XC4000 silicon tuner device driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-24861) Chenyuan Yang discovered that the Unsorted Block Images (UBI) flash device volume management subsystem did not properly validate logical eraseblock sizes in certain situations. An attacker could possibly use this to cause a denial of service (system crash). (CVE-2024-25739) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - Block layer subsystem; - Accessibility subsystem; - ACPI drivers; - Android drivers; - Bluetooth drivers; - Clock framework and drivers; - Data acquisition framework and drivers; - Cryptographic API; - GPU drivers; - HID subsystem; - I2C subsystem; - IRQ chip drivers; - Multiple devices driver; - Media drivers; - VMware VMCI Driver; - MMC subsystem; - Network drivers; - PCI subsystem; - SCSI drivers; - Freescale SoC drivers; - SPI subsystem; - Media staging drivers; - TTY drivers; - USB subsystem; - VFIO drivers; - Framebuffer layer; - Xen hypervisor drivers; - File systems infrastructure; - BTRFS file system; - Ext4 file system; - FAT file system; - NILFS2 file system; - Diskquota system; - SMB network file system; - UBI file system; - io_uring subsystem; - BPF subsystem; - Core kernel; - Memory management; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Networking core; - HSR network protocol; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Netfilter; - NET/ROM layer; - NFC subsystem; - Open vSwitch; - Packet sockets; - RDS protocol; - Network traffic control; - Sun RPC protocol; - Unix domain sockets; - ALSA SH drivers; - USB sound devices; - KVM core; (CVE-2024-35982, CVE-2024-26862, CVE-2024-35997, CVE-2024-26851, CVE-2024-26817, CVE-2024-26820, CVE-2024-26974, CVE-2024-35806, CVE-2024-26903, CVE-2024-35822, CVE-2024-27076, CVE-2024-26901, CVE-2024-26955, CVE-2024-26976, CVE-2024-35821, CVE-2024-27038, CVE-2024-26994, CVE-2023-52656, CVE-2024-27008, CVE-2024-26966, CVE-2024-26898, CVE-2024-26931, CVE-2024-35888, CVE-2024-26810, CVE-2024-26969, CVE-2024-35960, CVE-2024-26884, CVE-2024-26999, CVE-2024-35847, CVE-2024-35807, CVE-2024-26857, CVE-2024-35915, CVE-2023-52880, CVE-2024-35936, CVE-2024-26875, CVE-2024-26973, CVE-2024-35899, CVE-2024-35910, CVE-2024-27020, CVE-2024-26828, CVE-2024-26957, CVE-2024-35925, CVE-2024-27046, CVE-2024-26923, CVE-2024-27053, CVE-2024-26586, CVE-2024-26878, CVE-2024-26880, CVE-2024-27077, CVE-2024-26812, CVE-2024-27043, CVE-2024-35973, CVE-2024-26855, CVE-2024-26981, CVE-2024-27065, CVE-2024-26687, CVE-2024-35852, CVE-2024-26894, CVE-2024-26852, CVE-2024-35900, CVE-2024-35955, CVE-2022-48627, CVE-2024-35944, CVE-2024-27028, CVE-2024-35825, CVE-2024-36004, CVE-2024-27024, CVE-2024-27075, CVE-2024-27001, CVE-2024-35854, CVE-2024-27073, CVE-2024-27013, CVE-2024-27059, CVE-2024-26863, CVE-2023-52644, CVE-2024-35809, CVE-2024-26889, CVE-2024-36006, CVE-2024-35950, CVE-2024-35849, CVE-2024-27419, CVE-2024-27436, CVE-2024-26922, CVE-2024-35853, CVE-2024-35828, CVE-2024-35805, CVE-2024-26956, CVE-2024-27004, CVE-2023-52620, CVE-2024-26642, CVE-2024-26859, CVE-2024-35877, CVE-2024-26651, CVE-2024-26984, CVE-2024-36007, CVE-2024-26816, CVE-2024-27000, CVE-2024-35897, CVE-2024-36020, CVE-2024-26935, CVE-2024-27388, CVE-2024-35984, CVE-2024-35819, CVE-2024-35935, CVE-2024-35895, CVE-2024-35930, CVE-2024-26874, CVE-2024-26937, CVE-2024-26993, CVE-2024-27395, CVE-2024-26965, CVE-2024-35933, CVE-2024-35815, CVE-2023-52699, CVE-2024-35886, CVE-2024-35922, CVE-2024-27030, CVE-2024-35978, CVE-2024-35855, CVE-2024-35813, CVE-2024-27396, CVE-2024-26654, CVE-2024-27437, CVE-2024-35789, CVE-2024-26926, CVE-2024-35830, CVE-2024-27078, CVE-2023-52650, CVE-2024-27044, CVE-2024-26882, CVE-2024-35969, CVE-2024-26813, CVE-2024-35893, CVE-2024-26883, CVE-2024-27074, CVE-2024-35823, CVE-2024-35898, CVE-2024-26934)

It was discovered that Rack incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. (CVE-2023-27539) It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-27530)

It was discovered that PyMongo incorrectly handled certain BSON. An attacker could possibly use this issue to read sensitive information or cause a crash.

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-6600, CVE-2024-6601, CVE-2024-6604) Ronald Crane discovered that Thunderbird did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-6602) Irvan Kurniawan discovered that Thunderbird did not properly manage memory during thread creation. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-6603)