Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Ubuntu 23.10 USN-6666-1 Moderate: Libuv Hostname Truncation Issue

ubuntu
Calendar Grey February 28, 2024
Dist Ubuntu Esm H88
A security flaw identified in libuv poses risks to Ubuntu systems; users are advised to apply updates to mitigate possible hostname truncation exploitation.
libuv could be made to truncate certain hostnames.

Summary

libuv could be made to truncate certain hostnames.

Software Description:

- libuv1: asynchronous event notification library

Details:

It was discovered that libuv incorrectly truncated certain hostnames. A

remote attacker could possibly use this issue with specially crafted

hostnames to bypass certain checks.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   libuv1                          1.44.2-1ubuntu0.1

Ubuntu 22.04 LTS:
   libuv1                          1.43.0-1ubuntu0.1

Ubuntu 20.04 LTS:
   libuv1                          1.34.2-1ubuntu1.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6666-1

CVE-2024-24806

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6666-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.