Ubuntu has released critical security updates addressing vulnerabilities in Docker, Ghostscript, and Micropython as part of its ongoing commitment to system security. The updates were announced on May 1, 2025, and are applicable across various Ubuntu versions, including LTS releases.
- Network Packet Handling: An issue that allowed attackers to inject packets into established connections, potentially causing denial of service or bypassing firewall protections (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842).
- Cache Management: Improper handling of the BuildKit toolkit’s cache could expose sensitive information (CVE-2024-23651).
- File Path Verification: Faulty verification might enable attackers to delete arbitrary files from the system (CVE-2024-23652).
- Parallel Operations: Incorrect handling of parallel operations could lead to undefined behavior (CVE-2024-36621, CVE-2024-36623).
To resolve these issues, users are advised to update to specified package versions corresponding to their Ubuntu release.
The updates include:
- Ghostscript version 10.03.1 for Ubuntu 24.10
- Ghostscript version 10.02.1 for Ubuntu 24.04 LTS
- Heap-Based Buffer Overflow: This vulnerability could allow attackers to execute arbitrary code or cause denial of service (CVE-2024-8946).
- Use-After-Free: Another memory management flaw that could lead to similar malicious exploits (CVE-2024-8947).
- USB Host Component: A buffer overflow vulnerability linked to the Middleware USB Host MCU Component (CVE-2021-42553).
The recommended updates are provided for different Ubuntu versions, enhancing security for users.
By keeping software up to date, users can protect their systems from potential exploitation and ensure a secure computing environment. Regularly monitoring for updates and understanding the implications of vulnerabilities remains crucial for all users
Docker Vulnerabilities [USN-7474-1]
Several security issues were identified in Docker, particularly affecting Ubuntu 22.04 LTS, 20.04 LTS, and 18.04 LTS. Notable vulnerabilities include:- Network Packet Handling: An issue that allowed attackers to inject packets into established connections, potentially causing denial of service or bypassing firewall protections (CVE-2023-28840, CVE-2023-28841, CVE-2023-28842).
- Cache Management: Improper handling of the BuildKit toolkit’s cache could expose sensitive information (CVE-2024-23651).
- File Path Verification: Faulty verification might enable attackers to delete arbitrary files from the system (CVE-2024-23652).
- Parallel Operations: Incorrect handling of parallel operations could lead to undefined behavior (CVE-2024-36621, CVE-2024-36623).
To resolve these issues, users are advised to update to specified package versions corresponding to their Ubuntu release.
Ghostscript Vulnerability [USN-7473-1]
Ghostscript, used for interpreting PostScript and PDF files, was found to have vulnerabilities that could lead to crashes or unauthorized file access when processing maliciously crafted files. This affects Ubuntu 24.10 and 24.04 LTS.The updates include:
- Ghostscript version 10.03.1 for Ubuntu 24.10
- Ghostscript version 10.02.1 for Ubuntu 24.04 LTS
Micropython Vulnerabilities [USN-7472-1]
Multiple vulnerabilities were discovered in Micropython, which is designed for microcontrollers. Key issues include:- Heap-Based Buffer Overflow: This vulnerability could allow attackers to execute arbitrary code or cause denial of service (CVE-2024-8946).
- Use-After-Free: Another memory management flaw that could lead to similar malicious exploits (CVE-2024-8947).
- USB Host Component: A buffer overflow vulnerability linked to the Middleware USB Host MCU Component (CVE-2021-42553).
The recommended updates are provided for different Ubuntu versions, enhancing security for users.
Conclusion
To maintain system integrity and security, Ubuntu users should promptly apply these updates. A standard system update will generally suffice to implement the necessary security patches. For further details and references, users can visit the official Ubuntu security notices.By keeping software up to date, users can protect their systems from potential exploitation and ensure a secure computing environment. Regularly monitoring for updates and understanding the implications of vulnerabilities remains crucial for all users
Docker, Ghostscript, Micropython updates for Ubuntu
Ubuntu Linux has been updated with security updates, including fixes for Docker, Ghostscript, and Micropython vulnerabilities:
[USN-7474-1] Docker vulnerabilities
[USN-7473-1] Ghostscript vulnerability
[USN-7472-1] Micropython vulnerabilitiesDocker, Ghostscript, Micropython updates for Ubuntu @ Linux Compatible
