Overview

The long awaited preview of snapd-based AppArmor file prompting is finally
seeing the light of day, plus we cover the recent 24.04.1 LTS release and the
podcast officially moves to a fortnightly cycle.

This week in Ubuntu Security Updates

45 unique CVEs addressed

[USN-6972-4] Linux kernel (Oracle) vulnerabilities

• 18 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM)
  
  
  
  • CVE-2023-52470
  
  
  • CVE-2024-26687
  
  
  • CVE-2024-36901
  
  
  • CVE-2024-26654
  
  
  • CVE-2024-26679
  
  
  • CVE-2024-39484
  
  
  • CVE-2023-52806
  
  
  • CVE-2023-52760
  
  
  • CVE-2024-35955
  
  
  • CVE-2023-52629
  
  
  • CVE-2024-26600
  
  
  • CVE-2024-36940
  
  
  • CVE-2024-39292
  
  
  • CVE-2023-52644
  
  
  • CVE-2024-35835
  
  
  • CVE-2024-26903
  
  
  • CVE-2024-24860
  
  
  • CVE-2024-22099
  
  
  
  

[USN-6982-1] Dovecot vulnerabilities

• 2 CVEs addressed in Noble (24.04 LTS)
  
  
  
  • CVE-2024-23185
  
  
  • CVE-2024-23184
  
  
  
  

[USN-6983-1] FFmpeg vulnerability

• 1 CVEs addressed in Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
  
  
  
  • CVE-2024-32230
  
  
  
  

[USN-6984-1] WebOb vulnerability

• 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
  
  
  
  • CVE-2024-42353
  
  
  
  

[USN-6973-4] Linux kernel (Raspberry Pi) vulnerabilities

• 9 CVEs addressed in Bionic ESM (18.04 ESM)
  
  
  
  • CVE-2023-52760
  
  
  • CVE-2023-52629
  
  
  • CVE-2021-46926
  
  
  • CVE-2024-26921
  
  
  • CVE-2024-26929
  
  
  • CVE-2024-36901
  
  
  • CVE-2024-39484
  
  
  • CVE-2024-26830
  
  
  • CVE-2024-24860
  
  
  
  

[USN-6981-2] Drupal vulnerabilities

• 3 CVEs addressed in Trusty ESM (14.04 ESM)
  
  
  
  • CVE-2020-28949
  
  
  • CVE-2020-28948
  
  
  • CVE-2020-13671
  
  
  
  


• 2 of these are in the CISA KEV - Discussion of CISA KEV from Episode 231

[USN-6986-1] OpenSSL vulnerability

• 1 CVEs addressed in Jammy (22.04 LTS), Noble (24.04 LTS)
  
  
  
  • CVE-2024-6119
  
  
  
  

[USN-6987-1] Django vulnerabilities

• 2 CVEs addressed in Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
  
  
  
  • CVE-2024-45231
  
  
  • CVE-2024-45230
  
  
  
  

[USN-6988-1] Twisted vulnerabilities

• 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic ESM (18.04 ESM), Focal (20.04 LTS), Jammy (22.04 LTS), Noble (24.04 LTS)
  
  
  
  • CVE-2024-41810
  
  
  • CVE-2024-41671
  
  
  
  

[USN-6985-1] ImageMagick vulnerabilities

• 11 CVEs addressed in Trusty ESM (14.04 ESM)
  
  
  
  • CVE-2019-12979
  
  
  • CVE-2019-12978
  
  
  • CVE-2019-12976
  
  
  • CVE-2019-12975
  
  
  • CVE-2019-12974
  
  
  • CVE-2019-11598
  
  
  • CVE-2019-11597
  
  
  • CVE-2019-11472
  
  
  • CVE-2019-11470
  
  
  • CVE-2019-10650
  
  
  • CVE-2019-10131
  
  
  
  

Goings on in Ubuntu Security Community

Ubuntu 24.04.1 LTS released (02:55 )

• On 29th August - https://lists.ubuntu.com/archives/ubuntu-announce/2024-August/000304.html


• https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890


• Discussed high level features previously in Ubuntu 24.04 LTS (Noble Numbat) released from Episode 227
  
  
  
  • New security features / improvements:
    
    
    
    • Unprivileged user namespace restrictions
    
    
    • Binary hardening
    
    
    • AppArmor 4
    
    
    • Disabling of old TLS versions
    
    
    • Upstream Kernel Security Features
      
      
      
      • Intel shadow stack support
      
      
      • Secure virtualisation with AMD SEV-SNP and Intel TDX
      
      
      • Strict compile-time bounds checking
      
      
      
      
    
    
    
    
  
  
  
  


• Initially offered upgrades from 22.04 but this has been pulled just recently
  due to reports of a critical bug in the ubuntu-release-upgrader package and
  its interaction with the apt solver - essentially resulting in packages lik