Summary: This article discusses the security vulnerabilities affecting Ubuntu 24.04 LTS and provides details on how to secure systems against these vulnerabilities.
Threat Actor: N/A
Victim: N/A
Key Point :
- One of the vulnerabilities affecting Ubuntu 24.04 LTS is CVE-2024-32487, which was discovered in the less package.
- This vulnerability allows for OS command execution via a newline character within a file name, due to mishandling of quotes in the filename.c component.
- Exploiting this vulnerability typically involves using file names under the attacker’s control, such as those extracted from untrusted archives.
Ubuntu 24.04 LTS was released on April 25, 2024, with some new exciting features. Like every other release, it is not immune to vulnerabilities. Recently, the Ubuntu security team has addressed multiple security vulnerabilities affecting Ubuntu 24.04 that could potentially lead to a denial of service or the execution of arbitrary code. In this article, we will explore the details of these vulnerabilities and learn how to secure your systems.
Vulnerabilities Affecting Ubuntu 24.04 LTS
Less Vulnerability (CVE-2024-32487)
This vulnerability was discovered in the less package, a pager program similar to more. Both tools help to display content of the text file in the terminal. It was found that less allowed OS command execution via a newline character within a file name. This occurs due to mishandling of quotes in the filename.c component. Exploiting this vulnerability usually involves employing file names under the attacker’s control, such as those extracted from untrusted archives. Additionally, exploiting the vulnerability necessitates the presence of the LESSOPEN environment variable, which is commonly set by default in numerous scenarios. Exploiting this vulnerability allows attackers to execute arbitrary code on your computer. This can happen if they trick you into opening a specially crafted file.
Glibc Vulnerability (CVE-2024-2961)
In GNU C Library versions 2.39 and earlier, the iconv() function can potentially overflow the output buffer by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set. This overflow can lead to denial of service (application crashes) or overwrite neighboring variables.
Curl Vulnerabilities in Ubuntu 24.04 (CVE-2024-2398, CVE-2024-2004)
CVE-2024-2004: Dan Fandrich found that curl would incorrectly utilize the default protocol set when a parameter option disabled all protocols without adding any, which goes against expected behavior.
CVE-2024-2398: A vulnerability was found in curl where it mishandled memory when limiting the number of headers with HTTP/2 server push enabled. Exploiting this flaw could potentially allow a remote attacker to cause curl to exhaust resources, resulting in a denial-of-service condition.
GnuTLS Vulnerability (CVE-2024-28834, CVE-2024-28835)
CVE-2024-28834: A timing side-channel vulnerability was identified in GnuTLS during certain ECDSA operations. Exploiting this flaw could potentially allow a remote attacker to recover sensitive information.
CVE-2024-28835: A vulnerability was found in GnuTLS regarding the improper verification of certain PEM bundles. Exploiting this flaw might enable a remote attacker to crash GnuTLS, leading to a denial-of-service situation.
libvirt Vulnerabilities in Ubuntu 24.04 (CVE-2024-1441, CVE-2024-2494)
CVE-2024-1441: Alexander Kuznetsov identified a flaw in libvirt’s handling of specific API calls. Exploiting this vulnerability might enable an attacker to crash libvirt, leading to a denial-of-service scenario.
CVE-2024-2494: A flaw was found in libvirt’s handling of certain RPC library API calls. Exploiting this vulnerability might allow an attacker to crash libvirt, leading to a denial-of-service situation.
Pillow Vulnerability (CVE-2024-28219)
Hugo van Kemenade found an issue in Pillow where it failed to adequately perform bounds checks during ICC file processing, potentially resulting in a buffer overflow. If a user or automated system processed a specifically crafted ICC file, an attacker might exploit this flaw to cause a denial-of-service or execute arbitrary code.
Stay Updated, Stay Secure
Given the risks these vulnerabilities pose, it is imperative for Ubuntu 24.04 users to promptly apply security updates. You can simply update the packages to the latest version by running the default package manager tool “apt” in the terminal.
$ sudo apt update && sudo apt upgrade
The first command will update the package index and the second command will upgrade all packages on your system to the latest available versions.
By doing this, you can ensure your systems have the latest versions of packages that are free from the known vulnerabilities. Additionally, it is essential to stay informed about security updates and regularly patch systems for maintaining the security of the system.
Ubuntu 24.04 is powered by the latest Linux kernel 6.8. Since the kernel is an integral part of the Linux system, it is crucial to protect your Ubuntu 24.04 systems from Linux kernel vulnerabilities. TuxCare’s KernelCare Enterprise offers live patching for the Linux systems allowing security patches to be applied to the running kernel without having to reboot the system. The conventional patching methods involve a reboot, causing service disruption and making it impractical for critical systems that need high availability. Furthermore, KernelCare Enterprise allows you to automate the patching process, ensuring security patches are applied immediately when they are available.
Send questions to a TuxCare security expert to learn more about automated and rebootless patching for Linux systems.
Source: Ubuntu Security Notices
Summary
Article Name
Several Vulnerabilities Addressed in Ubuntu 24.04
Description
Discover critical vulnerabilities affecting the latest Ubuntu 24.04 release. Learn about potential risks and how to secure the system.
Author
Rohan Timalsina
Publisher Name
TuxCare
Publisher Logo
Source: https://tuxcare.com/blog/several-vulnerabilities-addressed-in-ubuntu-24-04
“An interesting youtube video that may be related to the article above”