Headline
Ubuntu Security Notice USN-6746-2
Ubuntu Security Notice 6746-2 - USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google OS Config Agent. This update provides the corresponding update for Ubuntu 24.04 LTS. It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service.
==========================================================================
Ubuntu Security Notice USN-6746-2
June 25, 2024
google-guest-agent, google-osconfig-agent vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Google Guest Agent and OS Config Agent could be made to crash
if it open a specially crafted JSON.
Software Description:
- google-guest-agent: Google Compute Engine Guest Agent
- google-osconfig-agent: Google OS Config Agent
Details:
USN-6746-1 fixed vulnerabilities in Google Guest Agent and Google
OS Config Agent. This update provides the corresponding update for
Ubuntu 24.04 LTS.
Original advisory details:
It was discovered that Google Guest Agent and Google OS Config Agent incorrectly
handled certain JSON files. An attacker could possibly use this issue to
cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
google-guest-agent 20240213.00-0ubuntu3.1
google-osconfig-agent 20240320.00-0ubuntu1~24.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6746-2
https://ubuntu.com/security/notices/USN-6746-1
CVE-2024-24786
Package Information:
https://launchpad.net/ubuntu/+source/google-guest-agent/20240213.00-0ubuntu3.1
https://launchpad.net/ubuntu/+source/google-osconfig-agent/20240320.00-0ubuntu1~24.04.1
Related news
Red Hat Security Advisory 2024-6824-03 - Red Hat OpenShift Container Platform release 4.16.14 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-4597-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.
Red Hat Security Advisory 2024-4455-03 - Red Hat OpenShift Virtualization release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Gentoo Linux Security Advisory 202407-12 - Multiple vulnerabilities have been discovered in Podman, the worst of which could lead to privilege escalation. Versions greater than or equal to 4.9.4 are affected.
Red Hat Security Advisory 2024-3637-03 - Secondary Scheduler Operator for Red Hat OpenShift 1.3.0 for RHEL 9. Issues addressed include denial of service and memory exhaustion vulnerabilities.
Red Hat Security Advisory 2024-0043-03 - Red Hat build of MicroShift release 4.16.0 is now available with updates to packages and images that include a security update. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2024-0041-03 - Red Hat OpenShift Container Platform release 4.16.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service, memory exhaustion, password leak, and resource exhaustion vulnerabilities.
Red Hat Security Advisory 2024-4144-03 - VolSync v0.9.2 general availability release images provide the following: enhancements, security fixes, and updated container images.
Red Hat Security Advisory 2024-4028-03 - Red Hat OpenShift Serverless version 1.33.0 is now available.
Red Hat Security Advisory 2024-3683-03 - Red Hat OpenShift Service Mesh Containers for 2.5.2.
Red Hat Security Advisory 2024-2639-03 - The Migration Toolkit for Containers 1.7.15 is now available.
Ubuntu Security Notice 6746-1 - It was discovered that Google Guest Agent and Google OS Config Agent incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service.
Red Hat Security Advisory 2024-1859-03 - OpenShift API for Data Protection 1.3.1 is now available. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2024-1795-03 - VolSync v0.9.1 general availability release images, which provide enhancements, security fixes, and updated container images.
Red Hat Security Advisory 2024-1563-03 - Red Hat OpenShift Container Platform release 4.15.6 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2024-1461-03 - Red Hat OpenShift Container Platform release 4.14.18 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-1456-03 - Red Hat OpenShift Container Platform release 4.13.38 is now available with updates to packages and images that fix several bugs and add enhancements.
Red Hat Security Advisory 2024-1362-03 - An update for cnf-tests-container, dpdk-base-container, NUMA-aware secondary scheduler, numaresources-operator and numaresources-operator-must-gather is now available for Red Hat OpenShift Container Platform 4.14.