NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Remediation

Upgrade Ubuntu:18.04 expat to version 2.2.5-3ubuntu0.9+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45491
• https://github.com/libexpat/libexpat/issues/888
• https://github.com/libexpat/libexpat/pull/891
• https://security.netapp.com/advisory/ntap-20241018-0003/

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Remediation

Upgrade Ubuntu:18.04 expat to version 2.2.5-3ubuntu0.9+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45492
• https://github.com/libexpat/libexpat/issues/889
• https://github.com/libexpat/libexpat/pull/892
• https://security.netapp.com/advisory/ntap-20241018-0005/

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.

Remediation

Upgrade Ubuntu:18.04 imagemagick to version 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-57807
• https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e
• https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-23hg-53q6-hqfg

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.

Remediation

There is no fixed version for Ubuntu:18.04 imagemagick.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-34152
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
• https://access.redhat.com/security/cve/CVE-2023-34152
• https://bugzilla.redhat.com/show_bug.cgi?id=2210659
• https://github.com/ImageMagick/ImageMagick/issues/6339
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UFQJCYJ23HWHNDOVKBHZQ7HCXXL6MM3/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2ZUHZXQ2C3JZYKPW4XHCMVVL467MA2V/

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in the InterpretImageFilename function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (%%). Versions 7.1.2-0 and 6.9.13-26 fix the issue.

Remediation

Upgrade Ubuntu:18.04 imagemagick to version 8:6.9.7.4+dfsg-16ubuntu6.15+esm4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-53014
• https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

Remediation

Upgrade Ubuntu:18.04 openssh to version 1:7.6p1-4ubuntu0.7+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-38408
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/
• http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html
• http://www.openwall.com/lists/oss-security/2023/07/20/1
• http://www.openwall.com/lists/oss-security/2023/07/20/2
• http://www.openwall.com/lists/oss-security/2023/09/22/11
• http://www.openwall.com/lists/oss-security/2023/09/22/9
• https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
• https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
• https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d
• https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca
• https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/
• https://news.ycombinator.com/item?id=36790196
• https://security.gentoo.org/glsa/202307-01
• https://security.netapp.com/advisory/ntap-20230803-0010/
• https://support.apple.com/kb/HT213940
• https://www.openssh.com/security.html
• https://www.openssh.com/txt/release-9.3p2
• https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
• https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408
• https://github.com/kali-mx/CVE-2023-38408

NVD Description

Note: Versions mentioned in the description apply only to the upstream python2.7 package and not the python2.7 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Remediation

Upgrade Ubuntu:18.04 python2.7 to version 2.7.17-1~18.04ubuntu1.13+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48565
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/
• https://bugs.python.org/issue42051
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/
• https://security.netapp.com/advisory/ntap-20231006-0007/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.6 package and not the python3.6 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.

Remediation

Upgrade Ubuntu:18.04 python3.6 to version 3.6.9-1~18.04ubuntu1.13+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48565
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/
• https://bugs.python.org/issue42051
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AFHYAGWBFBNUGWU6XWKBHTCV5NH77MB7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAYWJD576JUKLHCWKDLMJSUGTRDKPF3M/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KZRZRJHWLZ7MOJNPQBWGJVXMVYDC5BRA/
• https://security.netapp.com/advisory/ntap-20231006-0007/

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.

Remediation

Upgrade Ubuntu:18.04 sqlite3 to version 3.22.0-1ubuntu0.7+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6965
• https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

Remediation

Upgrade Ubuntu:18.04 krb5 to version 1.16-2ubuntu0.4+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-37371
• https://security.netapp.com/advisory/ntap-20241108-0009/
• https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
• https://web.mit.edu/kerberos/www/advisories/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.

Remediation

Upgrade Ubuntu:18.04 libxml2 to version 2.9.4+dfsg1-6.1ubuntu1.9+esm4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-49794
• https://access.redhat.com/security/cve/CVE-2025-49794
• https://bugzilla.redhat.com/show_bug.cgi?id=2372373
• https://access.redhat.com/errata/RHSA-2025:10630
• https://access.redhat.com/errata/RHSA-2025:10698
• https://access.redhat.com/errata/RHSA-2025:10699
• https://access.redhat.com/errata/RHSA-2025:11580
• https://access.redhat.com/errata/RHSA-2025:12098
• https://access.redhat.com/errata/RHSA-2025:12099
• https://access.redhat.com/errata/RHSA-2025:12199
• https://access.redhat.com/errata/RHSA-2025:12239
• https://access.redhat.com/errata/RHSA-2025:12240
• https://access.redhat.com/errata/RHSA-2025:12241
• https://access.redhat.com/errata/RHSA-2025:12237
• https://access.redhat.com/errata/RHSA-2025:13335
• https://access.redhat.com/errata/RHSA-2025:15828
• https://access.redhat.com/errata/RHSA-2025:15827

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.

Remediation

Upgrade Ubuntu:18.04 libxml2 to version 2.9.4+dfsg1-6.1ubuntu1.9+esm4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-49796
• https://access.redhat.com/security/cve/CVE-2025-49796
• https://bugzilla.redhat.com/show_bug.cgi?id=2372385
• https://access.redhat.com/errata/RHSA-2025:10630
• https://access.redhat.com/errata/RHSA-2025:10698
• https://access.redhat.com/errata/RHSA-2025:10699
• https://access.redhat.com/errata/RHSA-2025:11580
• https://access.redhat.com/errata/RHSA-2025:12098
• https://access.redhat.com/errata/RHSA-2025:12099
• https://access.redhat.com/errata/RHSA-2025:12199
• https://access.redhat.com/errata/RHSA-2025:12239
• https://access.redhat.com/errata/RHSA-2025:12240
• https://access.redhat.com/errata/RHSA-2025:12241
• https://access.redhat.com/errata/RHSA-2025:12237
• https://access.redhat.com/errata/RHSA-2025:13267
• https://access.redhat.com/errata/RHSA-2025:13335
• https://access.redhat.com/errata/RHSA-2025:15828
• https://access.redhat.com/errata/RHSA-2025:15827

NVD Description

Note: Versions mentioned in the description apply only to the upstream wget package and not the wget package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

url.c in GNU Wget through 1.24.5 mishandles semicolons in the userinfo subcomponent of a URI, and thus there may be insecure behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.

Remediation

Upgrade Ubuntu:18.04 wget to version 1.19.4-1ubuntu2.2+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-38428
• https://security.netapp.com/advisory/ntap-20241115-0005/
• https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace
• https://lists.debian.org/debian-lts-announce/2025/04/msg00029.html
• https://lists.gnu.org/archive/html/bug-wget/2024-06/msg00005.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.

Remediation

Upgrade Ubuntu:18.04 git to version 1:2.17.1-1ubuntu0.18+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-32002
• http://www.openwall.com/lists/oss-security/2024/05/14/2
• https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt
• https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks
• https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d
• https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv
• https://lists.debian.org/debian-lts-announce/2024/06/msg00018.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S4CK4IYTXEOBZTEM5K3T6LWOIZ3S44AR/
• https://github.com/amalmurali47/git_rce

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Remediation

Upgrade Ubuntu:18.04 krb5 to version 1.16-2ubuntu0.4+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-3596
• https://www.kb.cert.org/vuls/id/456537
• https://security.netapp.com/advisory/ntap-20240822-0001/
• https://today.ucsd.edu/story/computer-scientists-discover-vulnerabilities-in-a-popular-security-protocol
• https://cert-portal.siemens.com/productcert/html/ssa-723487.html
• https://cert-portal.siemens.com/productcert/html/ssa-794185.html
• http://www.openwall.com/lists/oss-security/2024/07/09/4
• https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/
• https://datatracker.ietf.org/doc/html/rfc2865
• https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014
• https://www.blastradius.fail/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.

Remediation

Upgrade Ubuntu:18.04 binutils to version 2.30-21ubuntu1~18.04.9+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-19726
• https://sourceware.org/bugzilla/show_bug.cgi?id=26240
• https://sourceware.org/bugzilla/show_bug.cgi?id=26241

NVD Description

Note: Versions mentioned in the description apply only to the upstream libwebp package and not the libwebp package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Remediation

Upgrade Ubuntu:18.04 libwebp to version 0.6.1-2ubuntu0.18.04.2+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-4863
• https://www.vicarius.io/vsociety/posts/zero-day-webp-vulnerability-cve-2023-4863
• http://www.openwall.com/lists/oss-security/2023/09/21/4
• http://www.openwall.com/lists/oss-security/2023/09/22/1
• http://www.openwall.com/lists/oss-security/2023/09/22/3
• http://www.openwall.com/lists/oss-security/2023/09/22/4
• http://www.openwall.com/lists/oss-security/2023/09/22/5
• http://www.openwall.com/lists/oss-security/2023/09/22/6
• http://www.openwall.com/lists/oss-security/2023/09/22/7
• http://www.openwall.com/lists/oss-security/2023/09/22/8
• http://www.openwall.com/lists/oss-security/2023/09/26/1
• http://www.openwall.com/lists/oss-security/2023/09/26/7
• http://www.openwall.com/lists/oss-security/2023/09/28/1
• http://www.openwall.com/lists/oss-security/2023/09/28/2
• http://www.openwall.com/lists/oss-security/2023/09/28/4
• https://adamcaudill.com/2023/09/14/whose-cve-is-it-anyway/
• https://blog.isosceles.com/the-webp-0day/
• https://bugzilla.suse.com/show_bug.cgi?id=1215231
• https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html
• https://crbug.com/1479274
• https://en.bandisoft.com/honeyview/history/
• https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a
• https://github.com/webmproject/libwebp/releases/tag/v1.3.2
• https://lists.debian.org/debian-lts-announce/2023/09/msg00015.html
• https://lists.debian.org/debian-lts-announce/2023/09/msg00016.html
• https://lists.debian.org/debian-lts-announce/2023/09/msg00017.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T655QF7CQ3DYAMPFV7IECQYGDEUIVVT/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYYKLG6CRGEDTNRBSU26EEWAO6D6U645/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUQ7CTX3W372X3UY56VVNAHCH6H2F4X3/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZDGWWMJREPAGKWCJKSCM4WYLANSKIFX/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYZV7TMKF4QHZ54SFJX54BDN52VHGGCX/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHOLML7N2G5KCAZXFWC5IDFFHSQS5SDB/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTRUIS3564P7ZLM2S2IH4Y4KZ327LI4I/
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4863
• https://news.ycombinator.com/item?id=37478403
• https://security-tracker.debian.org/tracker/CVE-2023-4863
• https://security.gentoo.org/glsa/202309-05
• https://security.gentoo.org/glsa/202401-10
• https://security.netapp.com/advisory/ntap-20230929-0011/
• https://sethmlarson.dev/security-developer-in-residence-weekly-report-16
• https://stackdiary.com/critical-vulnerability-in-webp-codec-cve-2023-4863/
• https://www.bentley.com/advisories/be-2023-0001/
• https://www.bleepingcomputer.com/news/google/google-fixes-another-chrome-zero-day-bug-exploited-in-attacks/
• https://www.debian.org/security/2023/dsa-5496
• https://www.debian.org/security/2023/dsa-5497
• https://www.debian.org/security/2023/dsa-5498
• https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• https://github.com/caoweiquan322/NotEnough

NVD Description

Note: Versions mentioned in the description apply only to the upstream postgresql-10 package and not the postgresql-10 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Remediation

Upgrade Ubuntu:18.04 postgresql-10 to version 10.23-0ubuntu0.18.04.2+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-5869
• https://security.netapp.com/advisory/ntap-20240119-0003/
• https://access.redhat.com/errata/RHSA-2023:7545
• https://access.redhat.com/errata/RHSA-2023:7579
• https://access.redhat.com/errata/RHSA-2023:7580
• https://access.redhat.com/errata/RHSA-2023:7581
• https://access.redhat.com/errata/RHSA-2023:7616
• https://access.redhat.com/errata/RHSA-2023:7656
• https://access.redhat.com/errata/RHSA-2023:7666
• https://access.redhat.com/errata/RHSA-2023:7667
• https://access.redhat.com/errata/RHSA-2023:7694
• https://access.redhat.com/errata/RHSA-2023:7695
• https://access.redhat.com/errata/RHSA-2023:7714
• https://access.redhat.com/errata/RHSA-2023:7770
• https://access.redhat.com/errata/RHSA-2023:7771
• https://access.redhat.com/errata/RHSA-2023:7772
• https://access.redhat.com/errata/RHSA-2023:7778
• https://access.redhat.com/errata/RHSA-2023:7783
• https://access.redhat.com/errata/RHSA-2023:7784
• https://access.redhat.com/errata/RHSA-2023:7785
• https://access.redhat.com/errata/RHSA-2023:7786
• https://access.redhat.com/errata/RHSA-2023:7788
• https://access.redhat.com/errata/RHSA-2023:7789
• https://access.redhat.com/errata/RHSA-2023:7790
• https://access.redhat.com/errata/RHSA-2023:7878
• https://access.redhat.com/errata/RHSA-2023:7883
• https://access.redhat.com/errata/RHSA-2023:7884
• https://access.redhat.com/errata/RHSA-2023:7885
• https://access.redhat.com/errata/RHSA-2024:0304
• https://access.redhat.com/errata/RHSA-2024:0332
• https://access.redhat.com/errata/RHSA-2024:0337
• https://access.redhat.com/security/cve/CVE-2023-5869
• https://bugzilla.redhat.com/show_bug.cgi?id=2247169
• https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
• https://www.postgresql.org/support/security/CVE-2023-5869/

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.

This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.

Remediation

Upgrade Ubuntu:18.04 gnutls28 to version 3.5.18-1ubuntu1.6+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32988
• https://access.redhat.com/security/cve/CVE-2025-32988
• https://bugzilla.redhat.com/show_bug.cgi?id=2359622
• https://access.redhat.com/errata/RHSA-2025:16115
• https://access.redhat.com/errata/RHSA-2025:16116

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.

Remediation

Upgrade Ubuntu:18.04 gnutls28 to version 3.5.18-1ubuntu1.6+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32990
• https://access.redhat.com/security/cve/CVE-2025-32990
• https://bugzilla.redhat.com/show_bug.cgi?id=2359620
• https://access.redhat.com/errata/RHSA-2025:16115
• https://access.redhat.com/errata/RHSA-2025:16116

NVD Description

Note: Versions mentioned in the description apply only to the upstream freetype package and not the freetype package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.

Remediation

Upgrade Ubuntu:18.04 freetype to version 2.8.1-2ubuntu2.2+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27363
• https://www.facebook.com/security/advisories/cve-2025-27363
• http://www.openwall.com/lists/oss-security/2025/03/13/1
• http://www.openwall.com/lists/oss-security/2025/03/13/11
• http://www.openwall.com/lists/oss-security/2025/03/13/12
• http://www.openwall.com/lists/oss-security/2025/03/13/2
• http://www.openwall.com/lists/oss-security/2025/03/13/3
• http://www.openwall.com/lists/oss-security/2025/03/13/8
• http://www.openwall.com/lists/oss-security/2025/03/14/1
• http://www.openwall.com/lists/oss-security/2025/03/14/2
• http://www.openwall.com/lists/oss-security/2025/03/14/3
• http://www.openwall.com/lists/oss-security/2025/03/14/4
• http://www.openwall.com/lists/oss-security/2025/05/06/3
• https://lists.debian.org/debian-lts-announce/2025/03/msg00030.html
• https://source.android.com/docs/security/bulletin/2025-05-01
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• https://github.com/tin-z/CVE-2025-27363

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.

Remediation

Upgrade Ubuntu:18.04 binutils to version 2.30-21ubuntu1~18.04.9+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-47695
• https://sourceware.org/bugzilla/show_bug.cgi?id=29846

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Ubuntu:18.04 binutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-7545
• https://sourceware.org/bugzilla/attachment.cgi?id=16117
• https://sourceware.org/bugzilla/show_bug.cgi?id=33049
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944
• https://vuldb.com/?ctiid.316243
• https://vuldb.com/?id.316243
• https://vuldb.com/?submit.614355
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.

Remediation

Upgrade Ubuntu:18.04 binutils to version 2.30-21ubuntu1~18.04.9+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-45703
• https://security.netapp.com/advisory/ntap-20231006-0003/
• https://sourceware.org/bugzilla/show_bug.cgi?id=29799

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.

Remediation

Upgrade Ubuntu:18.04 binutils to version 2.30-21ubuntu1~18.04.9+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-44840
• https://sourceware.org/bugzilla/show_bug.cgi?id=29732

NVD Description

Note: Versions mentioned in the description apply only to the upstream gdk-pixbuf package and not the gdk-pixbuf package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In GNOME GdkPixbuf (aka gdk-pixbuf) through 2.42.10, the ANI (Windows animated cursor) decoder encounters heap memory corruption (in ani_load_chunk in io-ani.c) when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or code execution attack. This occurs in gdk_pixbuf_set_option() in gdk-pixbuf.c.

Remediation

Upgrade Ubuntu:18.04 gdk-pixbuf to version 2.36.11-2ubuntu0.1~esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48622
• https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/202

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.

Remediation

Upgrade Ubuntu:18.04 glib2.0 to version 2.56.4-0ubuntu0.18.04.9+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-32643
• https://gitlab.gnome.org/GNOME/glib/-/issues/2840
• https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835
• https://security.netapp.com/advisory/ntap-20240426-0005/

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. This issue has been patched in versions 6.9.13-27 and 7.1.2-1.

Remediation

Upgrade Ubuntu:18.04 imagemagick to version 8:6.9.7.4+dfsg-16ubuntu6.15+esm5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-55154
• https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82
• https://goo.gle/bigsleep

NVD Description

Note: Versions mentioned in the description apply only to the upstream libx11 package and not the libx11 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.

Remediation

Upgrade Ubuntu:18.04 libx11 to version 2:1.6.4-3ubuntu0.4+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-43787
• http://www.openwall.com/lists/oss-security/2024/01/24/9
• https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/
• https://security.netapp.com/advisory/ntap-20231103-0006/
• https://access.redhat.com/errata/RHSA-2024:2145
• https://access.redhat.com/errata/RHSA-2024:2973
• https://access.redhat.com/security/cve/CVE-2023-43787
• https://bugzilla.redhat.com/show_bug.cgi?id=2242254

NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Remediation

There is no fixed version for Ubuntu:18.04 pam.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8941
• https://access.redhat.com/security/cve/CVE-2025-8941
• https://bugzilla.redhat.com/show_bug.cgi?id=2388220
• https://access.redhat.com/errata/RHSA-2025:14557
• https://access.redhat.com/errata/RHSA-2025:15100
• https://access.redhat.com/errata/RHSA-2025:15104
• https://access.redhat.com/errata/RHSA-2025:15107
• https://access.redhat.com/errata/RHSA-2025:15099
• https://access.redhat.com/errata/RHSA-2025:15101
• https://access.redhat.com/errata/RHSA-2025:15102
• https://access.redhat.com/errata/RHSA-2025:15103
• https://access.redhat.com/errata/RHSA-2025:15105
• https://access.redhat.com/errata/RHSA-2025:15106
• https://access.redhat.com/errata/RHSA-2025:15709
• https://access.redhat.com/errata/RHSA-2025:15828
• https://access.redhat.com/errata/RHSA-2025:15827
• https://access.redhat.com/errata/RHSA-2025:16524

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.6 package and not the python3.6 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren't activated before being used (ie "./venv/bin/python") are not affected.

Remediation

Upgrade Ubuntu:18.04 python3.6 to version 3.6.9-1~18.04ubuntu1.13+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-9287
• https://github.com/python/cpython/commit/633555735a023d3e4d92ba31da35b1205f9ecbd7
• https://github.com/python/cpython/commit/8450b2482586857d689b6658f08de9c8179af7db
• https://github.com/python/cpython/commit/9286ab3a107ea41bd3f3c3682ce2512692bdded8
• https://github.com/python/cpython/commit/ae961ae94bf19c8f8c7fbea3d1c25cc55ce8ae97
• https://github.com/python/cpython/commit/d48cc82ed25e26b02eb97c6263d95dcaa1e9111b
• https://github.com/python/cpython/commit/e52095a0c1005a87eed2276af7a1f2f66e2b6483
• https://github.com/python/cpython/issues/124651
• https://github.com/python/cpython/pull/124712
• https://mail.python.org/archives/list/security-announce@python.org/thread/RSPJ2B5JL22FG3TKUJ7D7DQ4N5JRRBZL/
• https://security.netapp.com/advisory/ntap-20250425-0006/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.

Remediation

Upgrade Ubuntu:18.04 binutils to version 2.30-21ubuntu1~18.04.9+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-35342
• https://security.netapp.com/advisory/ntap-20231006-0009/
• https://sourceware.org/bugzilla/show_bug.cgi?id=25319

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.

Remediation

Upgrade Ubuntu:18.04 binutils to version 2.30-21ubuntu1~18.04.9+esm4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-0840
• https://sourceware.org/bugzilla/attachment.cgi?id=15882
• https://sourceware.org/bugzilla/show_bug.cgi?id=32560
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893
• https://vuldb.com/?ctiid.293997
• https://vuldb.com/?id.293997
• https://vuldb.com/?submit.485255
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.

Remediation

Upgrade Ubuntu:18.04 binutils to version 2.30-21ubuntu1~18.04.9+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-46174
• https://sourceware.org/bugzilla/show_bug.cgi?id=28753

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

Remediation

There is no fixed version for Ubuntu:18.04 expat.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-8176
• https://access.redhat.com/security/cve/CVE-2024-8176
• https://bugzilla.redhat.com/show_bug.cgi?id=2310137
• https://github.com/libexpat/libexpat/issues/893
• http://www.openwall.com/lists/oss-security/2025/03/15/1
• https://blog.hartwork.org/posts/expat-2-7-0-released/
• https://bugzilla.suse.com/show_bug.cgi?id=1239618
• https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes#L40-L52
• https://gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53
• https://security-tracker.debian.org/tracker/CVE-2024-8176
• https://ubuntu.com/security/CVE-2024-8176
• https://security.netapp.com/advisory/ntap-20250328-0009/
• https://access.redhat.com/errata/RHSA-2025:3531
• https://access.redhat.com/errata/RHSA-2025:3734
• https://access.redhat.com/errata/RHSA-2025:3913
• https://access.redhat.com/errata/RHSA-2025:4048
• https://access.redhat.com/errata/RHSA-2025:4447
• https://access.redhat.com/errata/RHSA-2025:4446
• https://access.redhat.com/errata/RHSA-2025:4448
• https://access.redhat.com/errata/RHSA-2025:4449
• https://www.kb.cert.org/vuls/id/760160
• https://access.redhat.com/errata/RHSA-2025:7444
• https://access.redhat.com/errata/RHSA-2025:7512
• https://access.redhat.com/errata/RHSA-2025:8385
• https://access.redhat.com/errata/RHSA-2025:13681

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

Remediation

Upgrade Ubuntu:18.04 expat to version 2.2.5-3ubuntu0.9+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-45490
• https://github.com/libexpat/libexpat/issues/887
• https://github.com/libexpat/libexpat/pull/890
• https://security.netapp.com/advisory/ntap-20241018-0004/

NVD Description

Note: Versions mentioned in the description apply only to the upstream gdk-pixbuf package and not the gdk-pixbuf package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.

Remediation

Upgrade Ubuntu:18.04 gdk-pixbuf to version 2.36.11-2ubuntu0.1~esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-7345
• https://access.redhat.com/security/cve/CVE-2025-7345
• https://bugzilla.redhat.com/show_bug.cgi?id=2377063
• https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/249
• https://access.redhat.com/errata/RHSA-2025:12841
• https://access.redhat.com/errata/RHSA-2025:12862
• https://access.redhat.com/errata/RHSA-2025:13315
• https://access.redhat.com/errata/RHSA-2025:14575
• https://access.redhat.com/errata/RHSA-2025:14576
• https://access.redhat.com/errata/RHSA-2025:14574
• https://access.redhat.com/errata/RHSA-2025:14585
• https://access.redhat.com/errata/RHSA-2025:14618
• https://access.redhat.com/errata/RHSA-2025:14646
• https://access.redhat.com/errata/RHSA-2025:14647
• https://access.redhat.com/errata/RHSA-2025:14683

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.

Remediation

Upgrade Ubuntu:18.04 glib2.0 to version 2.56.4-0ubuntu0.18.04.9+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-32636
• https://gitlab.gnome.org/GNOME/glib/-/issues/2841
• https://https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835
• https://security.netapp.com/advisory/ntap-20231110-0002/

NVD Description

Note: Versions mentioned in the description apply only to the upstream glib2.0 package and not the glib2.0 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.

Remediation

Upgrade Ubuntu:18.04 glib2.0 to version 2.56.4-0ubuntu0.18.04.9+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-29499
• https://access.redhat.com/security/cve/CVE-2023-29499
• https://bugzilla.redhat.com/show_bug.cgi?id=2211828
• https://gitlab.gnome.org/GNOME/glib/-/issues/2794
• https://lists.debian.org/debian-lts-announce/2023/09/msg00030.html
• https://security.gentoo.org/glsa/202311-18
• https://security.netapp.com/advisory/ntap-20231103-0001/

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.

Remediation

Upgrade Ubuntu:18.04 krb5 to version 1.16-2ubuntu0.4+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-37370
• https://security.netapp.com/advisory/ntap-20241108-0007/
• https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef
• https://web.mit.edu/kerberos/www/advisories/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libx11 package and not the libx11 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption.

Remediation

Upgrade Ubuntu:18.04 libx11 to version 2:1.6.4-3ubuntu0.4+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-3138
• https://access.redhat.com/security/cve/CVE-2023-3138
• https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c
• https://lists.x.org/archives/xorg-announce/2023-June/003406.html
• https://lists.x.org/archives/xorg-announce/2023-June/003407.html
• https://security.netapp.com/advisory/ntap-20231208-0008/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.

Remediation

Upgrade Ubuntu:18.04 libxml2 to version 2.9.4+dfsg1-6.1ubuntu1.9+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-27113
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/861
• https://security.netapp.com/advisory/ntap-20250306-0004/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Remediation

Upgrade Ubuntu:18.04 libxml2 to version 2.9.4+dfsg1-6.1ubuntu1.9+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32415
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/890

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.

Remediation

Upgrade Ubuntu:18.04 libxml2 to version 2.9.4+dfsg1-6.1ubuntu1.9+esm4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-6021
• https://access.redhat.com/security/cve/CVE-2025-6021
• https://bugzilla.redhat.com/show_bug.cgi?id=2372406
• https://access.redhat.com/errata/RHSA-2025:10630
• https://access.redhat.com/errata/RHSA-2025:10698
• https://access.redhat.com/errata/RHSA-2025:10699
• https://access.redhat.com/errata/RHSA-2025:11580
• https://access.redhat.com/errata/RHSA-2025:12098
• https://access.redhat.com/errata/RHSA-2025:12099
• https://access.redhat.com/errata/RHSA-2025:12199
• https://access.redhat.com/errata/RHSA-2025:12239
• https://access.redhat.com/errata/RHSA-2025:12240
• https://access.redhat.com/errata/RHSA-2025:12241
• https://access.redhat.com/errata/RHSA-2025:12237
• https://access.redhat.com/errata/RHSA-2025:13267
• https://access.redhat.com/errata/RHSA-2025:13335
• https://access.redhat.com/errata/RHSA-2025:13325
• https://access.redhat.com/errata/RHSA-2025:13336
• https://access.redhat.com/errata/RHSA-2025:13289
• https://access.redhat.com/errata/RHSA-2025:14059
• https://access.redhat.com/errata/RHSA-2025:14396
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/926
• https://access.redhat.com/errata/RHSA-2025:15308
• https://access.redhat.com/errata/RHSA-2025:15672

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

Remediation

Upgrade Ubuntu:18.04 libxml2 to version 2.9.4+dfsg1-6.1ubuntu1.9+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-32414
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/889

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxml2 package and not the libxml2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

Remediation

Upgrade Ubuntu:18.04 libxml2 to version 2.9.4+dfsg1-6.1ubuntu1.9+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-25062
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/604
• https://gitlab.gnome.org/GNOME/libxml2/-/tags

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxslt package and not the libxslt package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of service or unexpected behavior.

Remediation

There is no fixed version for Ubuntu:18.04 libxslt.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-7424
• https://access.redhat.com/security/cve/CVE-2025-7424
• https://bugzilla.redhat.com/show_bug.cgi?id=2379228

NVD Description

Note: Versions mentioned in the description apply only to the upstream nghttp2 package and not the nghttp2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

Remediation

Upgrade Ubuntu:18.04 nghttp2 to version 1.30.0-1ubuntu1+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9511
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511
• https://seclists.org/bugtraq/2019/Sep/1
• https://seclists.org/bugtraq/2019/Aug/40
• https://kb.cert.org/vuls/id/605641/
• https://kc.mcafee.com/corporate/index?page=content&id=SB10296
• https://support.f5.com/csp/article/K02591030
• https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS
• https://www.synology.com/security/advisory/Synology_SA_19_33
• https://www.debian.org/security/2019/dsa-4511
• https://www.debian.org/security/2020/dsa-4669
• https://www.debian.org/security/2019/dsa-4505
• https://security-tracker.debian.org/tracker/CVE-2019-9511
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
• https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
• https://security.netapp.com/advisory/ntap-20190823-0002/
• https://security.netapp.com/advisory/ntap-20190823-0005/
• https://access.redhat.com/errata/RHSA-2019:2692
• https://access.redhat.com/errata/RHSA-2019:2745
• https://access.redhat.com/errata/RHSA-2019:2746
• https://access.redhat.com/errata/RHSA-2019:2775
• https://access.redhat.com/errata/RHSA-2019:2799
• https://access.redhat.com/errata/RHSA-2019:2925
• https://access.redhat.com/errata/RHSA-2019:2939
• https://access.redhat.com/errata/RHSA-2019:2949
• https://access.redhat.com/errata/RHSA-2019:2955
• https://access.redhat.com/errata/RHSA-2019:2966
• https://access.redhat.com/errata/RHSA-2019:3041
• https://access.redhat.com/errata/RHSA-2019:3932
• https://access.redhat.com/errata/RHSA-2019:3933
• https://access.redhat.com/errata/RHSA-2019:3935
• https://access.redhat.com/errata/RHSA-2019:4018
• https://access.redhat.com/errata/RHSA-2019:4019
• https://access.redhat.com/errata/RHSA-2019:4020
• https://access.redhat.com/errata/RHSA-2019:4021
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html
• https://usn.ubuntu.com/4099-1/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/
• https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS

NVD Description

Note: Versions mentioned in the description apply only to the upstream nghttp2 package and not the nghttp2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

Remediation

Upgrade Ubuntu:18.04 nghttp2 to version 1.30.0-1ubuntu1+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9513
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513
• https://seclists.org/bugtraq/2019/Sep/1
• https://seclists.org/bugtraq/2019/Aug/40
• https://kb.cert.org/vuls/id/605641/
• https://kc.mcafee.com/corporate/index?page=content&id=SB10296
• https://support.f5.com/csp/article/K02591030
• https://support.f5.com/csp/article/K02591030?utm_source=f5support&utm_medium=RSS
• https://www.synology.com/security/advisory/Synology_SA_19_33
• https://www.debian.org/security/2019/dsa-4511
• https://www.debian.org/security/2020/dsa-4669
• https://www.debian.org/security/2019/dsa-4505
• https://security-tracker.debian.org/tracker/CVE-2019-9513
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
• https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://security.netapp.com/advisory/ntap-20190823-0002/
• https://security.netapp.com/advisory/ntap-20190823-0005/
• https://access.redhat.com/errata/RHSA-2019:2692
• https://access.redhat.com/errata/RHSA-2019:2745
• https://access.redhat.com/errata/RHSA-2019:2746
• https://access.redhat.com/errata/RHSA-2019:2775
• https://access.redhat.com/errata/RHSA-2019:2799
• https://access.redhat.com/errata/RHSA-2019:2925
• https://access.redhat.com/errata/RHSA-2019:2939
• https://access.redhat.com/errata/RHSA-2019:2949
• https://access.redhat.com/errata/RHSA-2019:2955
• https://access.redhat.com/errata/RHSA-2019:2966
• https://access.redhat.com/errata/RHSA-2019:3041
• https://access.redhat.com/errata/RHSA-2019:3932
• https://access.redhat.com/errata/RHSA-2019:3933
• https://access.redhat.com/errata/RHSA-2019:3935
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html
• http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00035.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00003.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00014.html
• https://usn.ubuntu.com/4099-1/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBYAF6ED3O4XCHQ5C2HYENJLXYXZC4M/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZLUYPYY3RX4ZJDWZRJIKSULYRJ4PXW7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/POPAEC4FWL4UU4LDEGPY5NPALU24FFQD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TAZZEVTCN2B4WT6AIBJ7XGYJMBTORJU5/
• https://support.f5.com/csp/article/K02591030?utm_source=f5support&amp%3Butm_medium=RSS

NVD Description

Note: Versions mentioned in the description apply only to the upstream nghttp2 package and not the nghttp2 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.

Remediation

Upgrade Ubuntu:18.04 nghttp2 to version 1.30.0-1ubuntu1+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-11080
• https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr
• https://www.debian.org/security/2020/dsa-4696
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/
• https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090
• https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://lists.debian.org/debian-lts-announce/2021/10/msg00011.html
• https://www.oracle.com//security-alerts/cpujul2021.html
• http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/
• https://www.oracle.com/security-alerts/cpuapr2022.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream postgresql-10 package and not the postgresql-10 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Time-of-check Time-of-use (TOCTOU) race condition in pg_dump in PostgreSQL allows an object creator to execute arbitrary SQL functions as the user running pg_dump, which is often a superuser. The attack involves replacing another relation type with a view or foreign table. The attack requires waiting for pg_dump to start, but winning the race condition is trivial if the attacker retains an open transaction. Versions before PostgreSQL 16.4, 15.8, 14.13, 13.16, and 12.20 are affected.

Remediation

Upgrade Ubuntu:18.04 postgresql-10 to version 10.23-0ubuntu0.18.04.2+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-7348
• https://www.postgresql.org/support/security/CVE-2024-7348/
• http://www.openwall.com/lists/oss-security/2024/08/11/1
• https://security.netapp.com/advisory/ntap-20240822-0002/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python2.7 package and not the python2.7 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Remediation

Upgrade Ubuntu:18.04 python2.7 to version 2.7.17-1~18.04ubuntu1.13 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-24329
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/
• https://github.com/python/cpython/issues/102153
• https://github.com/python/cpython/pull/99421
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/
• https://pointernull.com/security/python-url-parse-problem.html
• https://security.netapp.com/advisory/ntap-20230324-0004/
• https://www.kb.cert.org/vuls/id/127587

NVD Description

Note: Versions mentioned in the description apply only to the upstream python2.7 package and not the python2.7 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A use-after-free exists in Python through 3.9 via heappushpop in heapq.

Remediation

Upgrade Ubuntu:18.04 python2.7 to version 2.7.17-1~18.04ubuntu1.13+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48560
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZ5OOBWNYWXFTZDMCGHJVGDLDTHLWITJ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VO7Y2YZSDK3UYJD2KBGLXRTGNG6T326J/
• https://bugs.python.org/issue39421
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZ5OOBWNYWXFTZDMCGHJVGDLDTHLWITJ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VO7Y2YZSDK3UYJD2KBGLXRTGNG6T326J/
• https://security.netapp.com/advisory/ntap-20230929-0008/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.6 package and not the python3.6 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.

Remediation

Upgrade Ubuntu:18.04 python3.6 to version 3.6.9-1~18.04ubuntu1.13 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-24329
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/
• https://github.com/python/cpython/issues/102153
• https://github.com/python/cpython/pull/99421
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PEVICI7YNGGMSL3UCMWGE66QFLATH72/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DSL6NSOAXWBJJ67XPLSSC74MNKZF3BBO/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EM2XLZSTXG44TMFXF4E6VTGKR2MQCW3G/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2NY75GFDZ5T6YPN44D3VMFT5SUVTOTG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GR5US3BYILYJ4SKBV6YBNPRUBAL5P2CN/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H23OSKC6UG6IWOQAUPW74YUHWRWVXJP7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZTLGV2HYFF4AMYJL25VDIGAIHCU7UPA/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWC4WGXER5P6Q75RFGL7QUTPP3N5JR7T/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MZEHSXSCMA4WWQKXT6QV7AAR6SWNZ2VP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O5SP4RT3RRS434ZS2HQKQJ3VZW7YPKYR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OHHJHJRLEF3TDT2K3676CAUVRDD4CCMR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PEUN6T22UJFXR7J5F6UUHCXXPKJ2DVHI/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PURM5CFDABEWAIWZFD2MQ7ZJGCPYSQ44/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q3J5N24ECS4B6MJDRO6UAYU6GPLYBDCL/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRQHN7RWJQJHYP6E5EKESOYP5VDSHZG4/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RA2MBEEES6L46OD64OBSVUUMGKNGMOWW/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4IDB5OAR5Y4UK3HLMZBW4WEL2B7YFMJ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZH26JGNZ5XYPZ5SAU3NKSBSPRE5OHTG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2MZOJYGFCB5PPT6AKMAU72N7QOYWLBP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UONZWLB4QVLQIY5CPDLEUEKH6WX4VQMC/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WTOAUJNDWZDRWVSXJ354AYZYKRMT56HU/
• https://pointernull.com/security/python-url-parse-problem.html
• https://security.netapp.com/advisory/ntap-20230324-0004/
• https://www.kb.cert.org/vuls/id/127587

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.6 package and not the python3.6 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

There is a MEDIUM severity vulnerability affecting CPython.

Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Remediation

Upgrade Ubuntu:18.04 python3.6 to version 3.6.9-1~18.04ubuntu1.13+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-6232
• https://github.com/python/cpython/commit/4eaf4891c12589e3c7bdad5f5b076e4c8392dd06
• https://github.com/python/cpython/commit/743acbe872485dc18df4d8ab2dc7895187f062c4
• https://github.com/python/cpython/commit/d449caf8a179e3b954268b3a88eb9170be3c8fbf
• https://github.com/python/cpython/commit/ed3a49ea734ada357ff4442996fd4ae71d253373
• https://github.com/python/cpython/issues/121285
• https://github.com/python/cpython/pull/121286
• https://mail.python.org/archives/list/security-announce@python.org/thread/JRYFTPRHZRTLMZLWQEUHZSJXNHM4ACTY/
• https://github.com/python/cpython/commit/34ddb64d088dd7ccc321f6103d23153256caa5d4
• https://github.com/python/cpython/commit/7d1f50cd92ff7e10a1c15a8f591dde8a6843a64d
• https://github.com/python/cpython/commit/b4225ca91547aa97ed3aca391614afbb255bc877
• http://www.openwall.com/lists/oss-security/2024/09/03/5
• https://security.netapp.com/advisory/ntap-20241018-0007/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.6 package and not the python3.6 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A use-after-free exists in Python through 3.9 via heappushpop in heapq.

Remediation

Upgrade Ubuntu:18.04 python3.6 to version 3.6.9-1~18.04ubuntu1.13+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48560
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZ5OOBWNYWXFTZDMCGHJVGDLDTHLWITJ/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VO7Y2YZSDK3UYJD2KBGLXRTGNG6T326J/
• https://bugs.python.org/issue39421
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JZ5OOBWNYWXFTZDMCGHJVGDLDTHLWITJ/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VO7Y2YZSDK3UYJD2KBGLXRTGNG6T326J/
• https://security.netapp.com/advisory/ntap-20230929-0008/

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A null pointer dereference flaw was found in Libtiff via tif_dirinfo.c. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.

Remediation

Upgrade Ubuntu:18.04 tiff to version 4.0.9-5ubuntu0.10+esm7 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-7006
• https://access.redhat.com/security/cve/CVE-2024-7006
• https://bugzilla.redhat.com/show_bug.cgi?id=2302996
• https://access.redhat.com/errata/RHSA-2024:6360
• https://access.redhat.com/errata/RHSA-2024:8833
• https://access.redhat.com/errata/RHSA-2024:8914
• https://security.netapp.com/advisory/ntap-20240920-0001/

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.

Remediation

Upgrade Ubuntu:18.04 tiff to version 4.0.9-5ubuntu0.10+esm5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-52356
• https://access.redhat.com/errata/RHSA-2024:5079
• http://seclists.org/fulldisclosure/2024/Jul/16
• http://seclists.org/fulldisclosure/2024/Jul/17
• http://seclists.org/fulldisclosure/2024/Jul/18
• http://seclists.org/fulldisclosure/2024/Jul/19
• http://seclists.org/fulldisclosure/2024/Jul/20
• http://seclists.org/fulldisclosure/2024/Jul/21
• http://seclists.org/fulldisclosure/2024/Jul/22
• http://seclists.org/fulldisclosure/2024/Jul/23
• https://access.redhat.com/security/cve/CVE-2023-52356
• https://bugzilla.redhat.com/show_bug.cgi?id=2251344
• https://gitlab.com/libtiff/libtiff/-/issues/622
• https://gitlab.com/libtiff/libtiff/-/merge_requests/546
• https://lists.debian.org/debian-lts-announce/2024/03/msg00011.html
• https://support.apple.com/kb/HT214116
• https://support.apple.com/kb/HT214117
• https://support.apple.com/kb/HT214118
• https://support.apple.com/kb/HT214119
• https://support.apple.com/kb/HT214120
• https://support.apple.com/kb/HT214122
• https://support.apple.com/kb/HT214123
• https://support.apple.com/kb/HT214124

NVD Description

Note: Versions mentioned in the description apply only to the upstream sqlite3 package and not the sqlite3 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.

Remediation

Upgrade Ubuntu:18.04 sqlite3 to version 3.22.0-1ubuntu0.7+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-7104
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/
• https://security.netapp.com/advisory/ntap-20240112-0008/
• https://sqlite.org/forum/forumpost/5bcbf4571c
• https://sqlite.org/src/info/0e4e7a05c4204b47
• https://vuldb.com/?ctiid.248999
• https://vuldb.com/?id.248999

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.

Remediation

There is no fixed version for Ubuntu:18.04 imagemagick.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-27752
• https://bugzilla.redhat.com/show_bug.cgi?id=1894226

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a malicious machine impersonating a legit server. This issue occurs due to how OpenSSH mishandles error codes in specific conditions when verifying the host key. For an attack to be considered successful, the attacker needs to manage to exhaust the client's memory resource first, turning the attack complexity high.

Remediation

Upgrade Ubuntu:18.04 openssh to version 1:7.6p1-4ubuntu0.7+esm4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-26465
• https://access.redhat.com/security/cve/CVE-2025-26465
• https://bugzilla.redhat.com/show_bug.cgi?id=2344780
• https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466
• https://bugzilla.suse.com/show_bug.cgi?id=1237040
• https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/008_ssh.patch.sig
• https://lists.debian.org/debian-lts-announce/2025/02/msg00020.html
• https://lists.mindrot.org/pipermail/openssh-unix-announce/2025-February/000161.html
• https://security-tracker.debian.org/tracker/CVE-2025-26465
• https://security.netapp.com/advisory/ntap-20250228-0003/
• https://ubuntu.com/security/CVE-2025-26465
• https://www.openssh.com/releasenotes.html#9.9p2
• https://www.openwall.com/lists/oss-security/2025/02/18/1
• https://www.openwall.com/lists/oss-security/2025/02/18/4
• https://www.theregister.com/2025/02/18/openssh_vulnerabilities_mitm_dos/
• https://www.vicarius.io/vsociety/posts/cve-2025-26465-detect-vulnerable-openssh
• https://www.vicarius.io/vsociety/posts/cve-2025-26465-mitigate-vulnerable-openssh
• https://access.redhat.com/errata/RHSA-2025:3837
• https://access.redhat.com/errata/RHSA-2025:6993
• https://access.redhat.com/errata/RHSA-2025:8385
• https://access.redhat.com/errata/RHSA-2025:16823
• https://seclists.org/oss-sec/2025/q1/144

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains.

It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with domain=co.UK when the URL used a lower case hostname curl.co.uk, even though co.uk is listed as a PSL domain.

Remediation

Upgrade Ubuntu:18.04 curl to version 7.58.0-2ubuntu3.24+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-46218
• https://curl.se/docs/CVE-2023-46218.html
• https://hackerone.com/reports/2212193
• https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/
• https://security.netapp.com/advisory/ntap-20240125-0007/
• https://www.debian.org/security/2023/dsa-5587

NVD Description

Note: Versions mentioned in the description apply only to the upstream curl package and not the curl package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

libcurl's ASN1 parser code has the GTime2str() function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen() getting performed on a pointer to a heap buffer area that is not (purposely) null terminated.

This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when CURLINFO_CERTINFO is used.

Remediation

Upgrade Ubuntu:18.04 curl to version 7.58.0-2ubuntu3.24+esm5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-7264
• https://curl.se/docs/CVE-2024-7264.html
• https://curl.se/docs/CVE-2024-7264.json
• https://hackerone.com/reports/2629968
• http://www.openwall.com/lists/oss-security/2024/07/31/1
• https://github.com/curl/curl/commit/27959ecce75cdb2809c0bdb3286e60e08fadb519
• https://security.netapp.com/advisory/ntap-20240828-0008/

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

Remediation

Upgrade Ubuntu:18.04 krb5 to version 1.16-2ubuntu0.4+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-36054
• https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
• https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final
• https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final
• https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html
• https://security.netapp.com/advisory/ntap-20230908-0004/
• https://web.mit.edu/kerberos/www/advisories/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libmaxminddb package and not the libmaxminddb package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.

Remediation

There is no fixed version for Ubuntu:18.04 libmaxminddb.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-28241
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/
• https://security.gentoo.org/glsa/202011-15
• https://github.com/maxmind/libmaxminddb/compare/1.4.2...1.4.3
• https://github.com/maxmind/libmaxminddb/issues/236
• https://github.com/maxmind/libmaxminddb/pull/237
• https://lists.debian.org/debian-lts-announce/2020/11/msg00019.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WUK4UCOB5FJVK36E22IRLEYGKMUWGBG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELTOHZBPO6XVUVADP4DPZBNQCPTYOQBV/

NVD Description

Note: Versions mentioned in the description apply only to the upstream libxslt package and not the libxslt package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.

Remediation

There is no fixed version for Ubuntu:18.04 libxslt.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-40403
• http://seclists.org/fulldisclosure/2023/Oct/10
• http://seclists.org/fulldisclosure/2023/Oct/3
• http://seclists.org/fulldisclosure/2023/Oct/4
• http://seclists.org/fulldisclosure/2023/Oct/5
• http://seclists.org/fulldisclosure/2023/Oct/6
• http://seclists.org/fulldisclosure/2023/Oct/8
• http://seclists.org/fulldisclosure/2023/Oct/9
• https://support.apple.com/en-us/HT213927
• https://support.apple.com/en-us/HT213931
• https://support.apple.com/en-us/HT213932
• https://support.apple.com/en-us/HT213936
• https://support.apple.com/en-us/HT213937
• https://support.apple.com/en-us/HT213938
• https://support.apple.com/en-us/HT213940

NVD Description

Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.

Remediation

Upgrade Ubuntu:18.04 ncurses to version 6.1-1ubuntu1.18.04.1+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-19189
• http://seclists.org/fulldisclosure/2023/Dec/10
• http://seclists.org/fulldisclosure/2023/Dec/11
• http://seclists.org/fulldisclosure/2023/Dec/9
• https://github.com/zjuchenyuan/fuzzpoc/blob/master/infotocap_poc5.md
• https://lists.debian.org/debian-lts-announce/2023/09/msg00033.html
• https://security.netapp.com/advisory/ntap-20231006-0005/
• https://support.apple.com/kb/HT214036
• https://support.apple.com/kb/HT214037
• https://support.apple.com/kb/HT214038

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Remediation

Upgrade Ubuntu:18.04 openssh to version 1:7.6p1-4ubuntu0.7+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-51385
• http://seclists.org/fulldisclosure/2024/Mar/21
• http://www.openwall.com/lists/oss-security/2023/12/26/4
• https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a
• https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
• https://security.gentoo.org/glsa/202312-17
• https://security.netapp.com/advisory/ntap-20240105-0005/
• https://support.apple.com/kb/HT214084
• https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html
• https://www.debian.org/security/2023/dsa-5586
• https://www.openssh.com/txt/release-9.6
• https://www.openwall.com/lists/oss-security/2023/12/18/2
• https://github.com/vin01/poc-proxycommand-vulnerable

NVD Description

Note: Versions mentioned in the description apply only to the upstream pixman package and not the pixman package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.

Remediation

There is no fixed version for Ubuntu:18.04 pixman.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-37769
• https://gitlab.freedesktop.org/pixman/pixman/-/issues/76

NVD Description

Note: Versions mentioned in the description apply only to the upstream python2.7 package and not the python2.7 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

Remediation

Upgrade Ubuntu:18.04 python2.7 to version 2.7.17-1~18.04ubuntu1.13+esm4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48564
• https://bugs.python.org/issue42103
• https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• https://security.netapp.com/advisory/ntap-20230929-0009/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.6 package and not the python3.6 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.

Remediation

Upgrade Ubuntu:18.04 python3.6 to version 3.6.9-1~18.04ubuntu1.13+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48564
• https://bugs.python.org/issue42103
• https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• https://security.netapp.com/advisory/ntap-20230929-0009/

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.

Remediation

Upgrade Ubuntu:18.04 tiff to version 4.0.9-5ubuntu0.10+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-3618
• https://access.redhat.com/security/cve/CVE-2023-3618
• https://bugzilla.redhat.com/show_bug.cgi?id=2215865
• https://lists.debian.org/debian-lts-announce/2023/07/msg00034.html
• https://security.netapp.com/advisory/ntap-20230824-0012/
• https://support.apple.com/kb/HT214036
• https://support.apple.com/kb/HT214037
• https://support.apple.com/kb/HT214038

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.

Remediation

Upgrade Ubuntu:18.04 tiff to version 4.0.9-5ubuntu0.10+esm4 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-40090
• https://gitlab.com/libtiff/libtiff/-/issues/455
• https://gitlab.com/libtiff/libtiff/-/merge_requests/386

NVD Description

Note: Versions mentioned in the description apply only to the upstream freetype package and not the freetype package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c.

Remediation

There is no fixed version for Ubuntu:18.04 freetype.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-23022
• https://gitlab.freedesktop.org/freetype/freetype/-/issues/1312
• https://security-tracker.debian.org/tracker/CVE-2025-23022

NVD Description

Note: Versions mentioned in the description apply only to the upstream imagemagick package and not the imagemagick package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.

Remediation

There is no fixed version for Ubuntu:18.04 imagemagick.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-25664
• https://bugzilla.redhat.com/show_bug.cgi?id=1891605
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z3J6D7POCQYQKNVRDYLTTPM5SQC3WVTR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z3J6D7POCQYQKNVRDYLTTPM5SQC3WVTR/

NVD Description

Note: Versions mentioned in the description apply only to the upstream wget package and not the wget package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Remediation

There is no fixed version for Ubuntu:18.04 wget.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-31879
• https://security.netapp.com/advisory/ntap-20210618-0002/
• https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Remediation

Upgrade Ubuntu:18.04 gnutls28 to version 3.5.18-1ubuntu1.6+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-5981
• http://www.openwall.com/lists/oss-security/2024/01/19/3
• https://access.redhat.com/errata/RHSA-2024:0155
• https://access.redhat.com/errata/RHSA-2024:0319
• https://access.redhat.com/errata/RHSA-2024:0399
• https://access.redhat.com/errata/RHSA-2024:0451
• https://access.redhat.com/errata/RHSA-2024:0533
• https://access.redhat.com/errata/RHSA-2024:1383
• https://access.redhat.com/errata/RHSA-2024:2094
• https://access.redhat.com/security/cve/CVE-2023-5981
• https://bugzilla.redhat.com/show_bug.cgi?id=2248445
• https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/

NVD Description

Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

Remediation

Upgrade Ubuntu:18.04 krb5 to version 1.16-2ubuntu0.4+esm5 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-3576
• https://access.redhat.com/security/cve/CVE-2025-3576
• https://bugzilla.redhat.com/show_bug.cgi?id=2359465
• https://lists.debian.org/debian-lts-announce/2025/05/msg00047.html
• https://access.redhat.com/errata/RHSA-2025:8411
• https://access.redhat.com/errata/RHSA-2025:9418
• https://access.redhat.com/errata/RHSA-2025:9430
• https://access.redhat.com/errata/RHSA-2025:11487
• https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html
• https://access.redhat.com/errata/RHSA-2025:13664
• https://access.redhat.com/errata/RHSA-2025:13777
• https://access.redhat.com/errata/RHSA-2025:15000
• https://access.redhat.com/errata/RHSA-2025:15002
• https://access.redhat.com/errata/RHSA-2025:15004
• https://access.redhat.com/errata/RHSA-2025:15001
• https://access.redhat.com/errata/RHSA-2025:15003

NVD Description

Note: Versions mentioned in the description apply only to the upstream mysql-5.7 package and not the mysql-5.7 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).

Remediation

Upgrade Ubuntu:18.04 mysql-5.7 to version 5.7.43-0ubuntu0.18.04.1+esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-22053
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C63HAGVLQA6FJNDCHR7CNZZL6VSLILB2/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEHRBBYYTPA4DETOM5XAKGCP37NUTLOA/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QYLDK6ODVC4LJSDULLX6Q2YHTFOWABCN/
• https://security.netapp.com/advisory/ntap-20230725-0005/
• https://www.oracle.com/security-alerts/cpujul2023.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

Remediation

Upgrade Ubuntu:18.04 openssh to version 1:7.6p1-4ubuntu0.7+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-48795
• https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit
• https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability
• http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html
• http://seclists.org/fulldisclosure/2024/Mar/21
• http://www.openwall.com/lists/oss-security/2023/12/18/3
• http://www.openwall.com/lists/oss-security/2023/12/19/5
• http://www.openwall.com/lists/oss-security/2023/12/20/3
• http://www.openwall.com/lists/oss-security/2024/03/06/3
• http://www.openwall.com/lists/oss-security/2024/04/17/8
• https://access.redhat.com/security/cve/cve-2023-48795
• https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/
• https://bugs.gentoo.org/920280
• https://bugzilla.redhat.com/show_bug.cgi?id=2254210
• https://bugzilla.suse.com/show_bug.cgi?id=1217950
• https://crates.io/crates/thrussh/versions
• https://filezilla-project.org/versions.php
• https://forum.netgate.com/topic/184941/terrapin-ssh-attack
• https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10&id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6
• https://github.com/NixOS/nixpkgs/pull/275249
• https://github.com/PowerShell/Win32-OpenSSH/issues/2189
• https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta
• https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0
• https://github.com/TeraTermProject/teraterm/releases/tag/v5.1
• https://github.com/advisories/GHSA-45x7-px36-x8w8
• https://github.com/apache/mina-sshd/issues/445
• https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab
• https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22
• https://github.com/cyd01/KiTTY/issues/520
• https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
• https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42
• https://github.com/erlang/otp/releases/tag/OTP-26.2.1
• https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d
• https://github.com/hierynomus/sshj/issues/916
• https://github.com/janmojzis/tinyssh/issues/81
• https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5
• https://github.com/libssh2/libssh2/pull/1291
• https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25
• https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3
• https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15
• https://github.com/mwiede/jsch/issues/457
• https://github.com/mwiede/jsch/pull/461
• https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16
• https://github.com/openssh/openssh-portable/commits/master
• https://github.com/paramiko/paramiko/issues/2337
• https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES
• https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES
• https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES
• https://github.com/proftpd/proftpd/issues/456
• https://github.com/rapier1/hpn-ssh/releases
• https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst
• https://github.com/ronf/asyncssh/tags
• https://github.com/ssh-mitm/ssh-mitm/issues/165
• https://github.com/warp-tech/russh/releases/tag/v0.40.2
• https://gitlab.com/libssh/libssh-mirror/-/tags
• https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ
• https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg
• https://help.panic.com/releasenotes/transmit5/
• https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/
• https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html
• https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html
• https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html
• https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/
• https://matt.ucc.asn.au/dropbear/CHANGES
• https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC
• https://news.ycombinator.com/item?id=38684904
• https://news.ycombinator.com/item?id=38685286
• https://news.ycombinator.com/item?id=38732005
• https://nova.app/releases/#v11.8
• https://oryx-embedded.com/download/#changelog
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002
• https://roumenpetrov.info/secsh/#news20231220
• https://security-tracker.debian.org/tracker/CVE-2023-48795
• https://security-tracker.debian.org/tracker/source-package/libssh2
• https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg
• https://security-tracker.debian.org/tracker/source-package/trilead-ssh2
• https://security.gentoo.org/glsa/202312-16
• https://security.gentoo.org/glsa/202312-17
• https://security.netapp.com/advisory/ntap-20240105-0004/
• https://support.apple.com/kb/HT214084
• https://thorntech.com/cve-2023-48795-and-sftp-gateway/
• https://twitter.com/TrueSkrillor/status/1736774389725565005
• https://ubuntu.com/security/CVE-2023-48795
• https://winscp.net/eng/docs/history#6.2.2
• https://www.bitvise.com/ssh-client-version-history#933
• https://www.bitvise.com/ssh-server-version-history
• https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
• https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update
• https://www.debian.org/security/2023/dsa-5586
• https://www.debian.org/security/2023/dsa-5588
• https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc
• https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508
• https://www.netsarang.com/en/xshell-update-history/
• https://www.openssh.com/openbsd.html
• https://www.openssh.com/txt/release-9.6
• https://www.openwall.com/lists/oss-security/2023/12/18/2
• https://www.openwall.com/lists/oss-security/2023/12/20/3
• https://www.paramiko.org/changelog.html
• https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/
• https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/
• https://www.terrapin-attack.com
• https://www.theregister.com/2023/12/20/terrapin_attack_ssh
• https://www.vandyke.com/products/securecrt/history.txt
• https://github.com/projectdiscovery/nuclei-templates/blob/main/javascript/cves/2023/CVE-2023-48795.yaml

NVD Description

Note: Versions mentioned in the description apply only to the upstream python2.7 package and not the python2.7 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

Remediation

Upgrade Ubuntu:18.04 python2.7 to version 2.7.17-1~18.04ubuntu1.13+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48566
• https://bugs.python.org/issue40791
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• https://security.netapp.com/advisory/ntap-20231006-0013/

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.6 package and not the python3.6 package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

Remediation

Upgrade Ubuntu:18.04 python3.6 to version 3.6.9-1~18.04ubuntu1.13+esm2 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-48566
• https://bugs.python.org/issue40791
• https://lists.debian.org/debian-lts-announce/2023/09/msg00022.html
• https://lists.debian.org/debian-lts-announce/2023/10/msg00017.html
• https://security.netapp.com/advisory/ntap-20231006-0013/

NVD Description

Note: Versions mentioned in the description apply only to the upstream apr package and not the apr package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data.

This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h)

Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.

Remediation

Upgrade Ubuntu:18.04 apr to version 1.6.3-2ubuntu0.1~esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-49582
• https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4
• http://www.openwall.com/lists/oss-security/2024/08/26/1
• https://security.netapp.com/advisory/ntap-20241101-0004/

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Remediation

Upgrade Ubuntu:18.04 binutils to version 2.30-21ubuntu1~18.04.9+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-47008
• https://sourceware.org/bugzilla/show_bug.cgi?id=29255%20

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:18.04 relevant fixed versions and status.

An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.

Remediation

Upgrade Ubuntu:18.04 binutils to version 2.30-21ubuntu1~18.04.9+esm3 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-47007
• https://sourceware.org/bugzilla/show_bug.cgi?id=29254