<!DOCTYPE html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body> ========================================================================== <div id=":16f" class="a3s aiL "> Ubuntu Security Notice USN-7130-1 November 26, 2024 gh vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS Summary: GitHub CLI could be made to run programs as your login if it connected to a malicious server. Software Description: - gh: GitHub CLI, GitHub’s official command line tool Details: It was discovered that GitHub CLI incorrectly handled username validation. An attacker could possibly use this issue to perform remote code execution if the user connected to a malicious server. (CVE-2024-52308) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 gh 2.46.0-1ubuntu0.2 Ubuntu 24.04 LTS gh 2.45.0-1ubuntu0.2+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: <a href="https://ubuntu.com/security/notices/USN-7130-1" rel="noreferrer" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-7130-1&source=gmail&ust=1732735834761000&usg=AOvVaw11PW0EeFfTqQB_aenMTOrp">https://ubuntu.com/security/notices/USN-7130-1</a> CVE-2024-52308 Package Information: <a href="https://launchpad.net/ubuntu/+source/gh/2.46.0-1ubuntu0.2" rel="noreferrer" target="_blank" data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/gh/2.46.0-1ubuntu0.2&source=gmail&ust=1732735834761000&usg=AOvVaw1W_xLGVkDl7AYlqGTazAi6">https://launchpad.net/ubuntu/+source/gh/2.46.0-1ubuntu0.2</a></div> </body> </html>