Monday, January 13, 2025
HomeComputer SecurityUbuntu Released Security Updates & Fixed Multiple Critical Vulnerabilities

Ubuntu Released Security Updates & Fixed Multiple Critical Vulnerabilities

Published on

Ubuntu Released security updates frequently this month and fixed multiple critical vulnerabilities that affected the Ubuntu package.

The vulnerabilities are fixed with the latest packages if you have enabled automatic update in your Ubuntu servers the updates will be applied automatically.

php5 vulnerabilities

Ubuntu fixes the several vulnerabilities that affected the PHP that provides  corresponding update for Ubuntu 12.04 ESM.

It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service.

GLib vulnerabilities

There are 2 Vulnerabilities fixed that affected glib2.0 – GLib Input, Output and Streaming Library.

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2018-16428)

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. (CVE-2018-16429)

Ghostscript vulnerabilities

Several security issues were fixed in Ghostscript.Tavis Ormandy discovered multiple security issues in Ghostscript.

If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use these issues to access arbitrary files, execute arbitrary code, or cause a denial of service.

glib2.0 vulnerabilities

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information.

ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain HWP files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0360)

It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to hang, resulting in a denial of service. (CVE-2018-0361)

PHP vulnerabilities

It was discovered that PHP incorrectly handled restarting certain child processes when php-fpm is used. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 18.04 LTS.

It was discovered that PHP incorrectly handled certain exif tags in JPEG images. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service.

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

Also Read

Google Chrome to Show Not Secure For HTTP Sites and Fix for 42 Security Issues

Apache Software Foundation Releases Important Security Patches for Multiple Apache Tomcat Versions

Cisco Released Critical Security Updates for Vulnerabilities that Affected Cisco Products

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

Microsoft Warns of MFA Issue Affecting Microsoft 365 users

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that...

RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

PoC Exploit Released for Critical macOS Sandbox Vulnerability (CVE-2024-54498)

A proof-of-concept (PoC) exploit has been publicly disclosed for a critical vulnerability impacting macOS...

IBM Robotic Process Automation Vulnerability Let Attackers Obtain Sensitive Data

A newly disclosed security vulnerability in IBM Robotic Process Automation (RPA) has raised concerns about potential...