Ubuntu 24.04 LTS Pagure Critical Security Flaws USN-7984-1
ubuntu
February 4, 2026
Several security issues were fixed in Pagure.
Summary
Several security issues were fixed in Pagure.
Software Description:
- pagure: A git-centered forge using pygit2
Details:
Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic
links in Git repositories. A remote attacker could possibly use this
issue to cause Pagure to expose files outside the intended repository
boundaries. (CVE-2024-4981)
Thomas Chauchefoin discovered that Pagure did not properly sanitize path
inputs. A remote attacker could possibly use this issue to read arbitrary
files. (CVE-2024-4982)
Thomas Chauchefoin discovered that Pagure incorrectly handled symbolic
links during repository archiving. A remote attacker could possibly use
this issue to disclose local files on the server. (CVE-2024-47515)
Thomas Chauchefoin discovered that Pagure incorrectly handled certain
inputs. A remote attacker could possibly use this issue to execute
arbitrary code on the server. (CVE-2024-47516)
Update Instructions
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
pagure 5.11.3+dfsg-2.1ubuntu0.2
Ubuntu 22.04 LTS
pagure 5.11.3+dfsg-1ubuntu0.1
Ubuntu 20.04 LTS
pagure 5.8.1+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.References
https://ubuntu.com/security/notices/USN-7984-1
CVE-2024-47515, CVE-2024-47516, CVE-2024-4981, CVE-2024-4982
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-7984-1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!