ClickCease Several Vulnerabilities Addressed in Ubuntu 24.04

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Several Vulnerabilities Addressed in Ubuntu 24.04

Rohan Timalsina

May 14, 2024 - TuxCare expert team

Ubuntu 24.04 LTS was released on April 25, 2024, with some new exciting features. Like every other release, it is not immune to vulnerabilities. Recently, the Ubuntu security team has addressed multiple security vulnerabilities affecting Ubuntu 24.04 that could potentially lead to a denial of service or the execution of arbitrary code. In this article, we will explore the details of these vulnerabilities and learn how to secure your systems.


Vulnerabilities Affecting Ubuntu 24.04 LTS


Less Vulnerability (CVE-2024-32487)

This vulnerability was discovered in the less package, a pager program similar to more. Both tools help to display content of the text file in the terminal. It was found that less allowed OS command execution via a newline character within a file name. This occurs due to mishandling of quotes in the filename.c component. Exploiting this vulnerability usually involves employing file names under the attacker’s control, such as those extracted from untrusted archives. Additionally, exploiting the vulnerability necessitates the presence of the LESSOPEN environment variable, which is commonly set by default in numerous scenarios. Exploiting this vulnerability allows attackers to execute arbitrary code on your computer. This can happen if they trick you into opening a specially crafted file.


Glibc Vulnerability (CVE-2024-2961)

In GNU C Library versions 2.39 and earlier, the iconv() function can potentially overflow the output buffer by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set. This overflow can lead to denial of service (application crashes) or overwrite neighboring variables.


Curl Vulnerabilities in Ubuntu 24.04 (CVE-2024-2398, CVE-2024-2004)


CVE-2024-2004: Dan Fandrich found that curl would incorrectly utilize the default protocol set when a parameter option disabled all protocols without adding any, which goes against expected behavior.

CVE-2024-2398: A vulnerability was found in curl where it mishandled memory when limiting the number of headers with HTTP/2 server push enabled. Exploiting this flaw could potentially allow a remote attacker to cause curl to exhaust resources, resulting in a denial-of-service condition.


GnuTLS Vulnerability (CVE-2024-28834, CVE-2024-28835)


CVE-2024-28834: A timing side-channel vulnerability was identified in GnuTLS during certain ECDSA operations. Exploiting this flaw could potentially allow a remote attacker to recover sensitive information.

CVE-2024-28835: A vulnerability was found in GnuTLS regarding the improper verification of certain PEM bundles. Exploiting this flaw might enable a remote attacker to crash GnuTLS, leading to a denial-of-service situation.


libvirt Vulnerabilities in Ubuntu 24.04 (CVE-2024-1441, CVE-2024-2494)


CVE-2024-1441: Alexander Kuznetsov identified a flaw in libvirt’s handling of specific API calls. Exploiting this vulnerability might enable an attacker to crash libvirt, leading to a denial-of-service scenario.

CVE-2024-2494: A flaw was found in libvirt’s handling of certain RPC library API calls. Exploiting this vulnerability might allow an attacker to crash libvirt, leading to a denial-of-service situation.


Pillow Vulnerability (CVE-2024-28219)

Hugo van Kemenade found an issue in Pillow where it failed to adequately perform bounds checks during ICC file processing, potentially resulting in a buffer overflow. If a user or automated system processed a specifically crafted ICC file, an attacker might exploit this flaw to cause a denial-of-service or execute arbitrary code.


Stay Updated, Stay Secure


Given the risks these vulnerabilities pose, it is imperative for Ubuntu 24.04 users to promptly apply security updates. You can simply update the packages to the latest version by running the default package manager tool “apt” in the terminal.

$ sudo apt update && sudo apt upgrade

The first command will update the package index and the second command will upgrade all packages on your system to the latest available versions.

By doing this, you can ensure your systems have the latest versions of packages that are free from the known vulnerabilities. Additionally, it is essential to stay informed about security updates and regularly patch systems for maintaining the security of the system.

Ubuntu 24.04 is powered by the latest Linux kernel 6.8. Since the kernel is an integral part of the Linux system, it is crucial to protect your Ubuntu 24.04 systems from Linux kernel vulnerabilities. TuxCare’s KernelCare Enterprise offers live patching for the Linux systems allowing security patches to be applied to the running kernel without having to reboot the system. The conventional patching methods involve a reboot, causing service disruption and making it impractical for critical systems that need high availability. Furthermore, KernelCare Enterprise allows you to automate the patching process, ensuring security patches are applied immediately when they are available.

Send questions to a TuxCare security expert to learn more about automated and rebootless patching for Linux systems.


Source: Ubuntu Security Notices

Several Vulnerabilities Addressed in Ubuntu 24.04
Article Name
Several Vulnerabilities Addressed in Ubuntu 24.04
Discover critical vulnerabilities affecting the latest Ubuntu 24.04 release. Learn about potential risks and how to secure the system.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter