USN-7961-1: Erlang vulnerability

It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this issue to bypass SSL key usage restrictions...

USN-7960-1: Rack vulnerabilities

It was discovered that Rack incorrectly handled certain query parameters. An attacker could possibly use this issue to cause a limited denial of service. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2025-59830 It was discovered that Rack did not properly handle...

USN-7959-1: klibc vulnerabilities

It was discovered that zlib, vendored in klibc, did not properly handle integer arithmetic. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service...

USN-7958-1: AngularJS vulnerabilities

It was discovered that AngularJS did not properly sanitize certain xlink:href attributes. A remote attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 16.04 LTS. CVE-2019-14863 It was discovered that AngularJS incorrectly handled certain regular...

USN-7927-3: urllib3 regression

USN-7927-1 fixed vulnerabilities in urllib3. The update for CVE-2025-66471 introduced a regression in urllib3 when decompressing zstd data. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Illia Volochii discovered that urllib3 did not limit the steps ...

USN-7957-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

USN-7956-1: Google Guest Agent vulnerability

Jakub Ciolek discovered that the Go Cryptography module included in Google Guest Agent did not validate GSSAPI authentication requests during SSH operations. An attacker could possibly use this issue to cause a denial of service...

USN-7922-5: Linux kernel (IoT) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers...

USN-7927-2: urllib3 regression

USN-7927-1 fixed vulnerabilities in urllib3. The update for CVE-2025-66471 introduced a regression in the zstd decompression component inside urllib3. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Illia Volochii discovered that urllib3 did not limit...

USN-7955-1: urllib3 vulnerability

It was discovered that urllib3 incorrectly handled decompression during HTTP redirects. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service...

USN-7954-1: Libtasn1 vulnerabilities

It was discovered that Libtasn1 incorrectly handled decoding ASN.1 content. An attacker could possibly use this issue to cause Libtasn1 to crash, resulting in a denial of service. CVE-2025-13151 It was discovered that Libtasn1 incorrectly handled encoding ASN.1 content. An attacker could possibly...

USN-7951-1: Python vulnerability

It was discovered that Python's http.client did not properly handle the Content-Length header in HTTP responses. A malicious server could exploit this to cause Python to allocate excessive memory, leading to a denial of service...

USN-7953-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled memory while reading images in multi-chunk mode. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04 and Ubuntu 25.10. CVE-2025-14177 It was discovered that PHP incorrectl...

USN-7952-1: libheif vulnerabilities

It was discovered that libheif did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2024-25269 Aldo Ristori discovered that libheif did not...

USN-7931-5: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Memory management; - Appletalk network protocol; - Netfilter; CVE-2025-37958,...

USN-7940-2: Linux kernel (Azure, N-Series) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7928-5: Linux kernel (KVM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Network drivers; - AFS file system; - F2FS file system; - Tracing...

USN-7950-1: Tornado vulnerabilities

It was discovered that Tornado incorrectly handled special characters in HTTP headers. An attacker could possibly use this issue to execute a cross- site scripting XSS attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10...

USN-7946-2: GnuPG vulnerability

USN-7946-1 fixed vulnerabilities in GnuPG 2.x. This update provides the corresponding updates for GnuPG 1.x. Original advisory details: It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, or execute arbitrary code...

USN-7949-1: Sodium vulnerability

It was discovered that Sodium incorrectly handled the elliptic curve point validity check in certain atypical use cases. This could result in invalid points being used, contrary to expectations...

USN-7948-1: GPSd vulnerabilities

It was discovered that GPSd incorrectly handled processing NMEA2000 packets. An attacker could use this issue to cause GPSd to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-67268 It was discovered that GPSd incorrectly handled processing NAVCOM packets. An...

USN-7946-1: GnuPG vulnerability

It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, or execute arbitrary code...

USN-7047-1: libvirt vulnerabilities

It was discovered that libvirt parsed user-provided XML files before performing ACL checks. An attacker could possibly use this issue to cause libvirt to consume memory, resulting in a denial of service. CVE-2025-12748 It was discovered that libvirt incorrectly handled permissions on external...

USN-7945-1: Libxslt vulnerability

Ivan Fratric discovered that Libxslt was vulnerable to type confusion when performing XML transformations. An attacker could possibly use this issue to cause Libxslt to crash or corrupt memory, causing a denial of service or undefined behavior...

USN-7944-1: Net-SNMP vulnerability

Bahae Bahrini discovered that Net-SNMP could be made to write out of bounds. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service...

USN-7943-1: libcaca vulnerability

Han Zheng discovered that libcaca incorrectly handled certain images. An attacker could possibly use this issue to cause libcaca to crash...

USN-7922-4: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers...

USN-7942-1: GLib vulnerabilities

It was discovered that GLib incorrectly handled escaping URI strings. An attacker could use this issue to cause GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-13601 It was discovered that GLib incorrectly parsed certain GVariants. An attacker could u...

USN-7941-1: WebKitGTK vulnerabilities

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and...

USN-7922-3: Linux kernel (Oracle) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers...

USN-7928-4: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Network drivers; - AFS file system; - F2FS file system; - Tracing...

USN-7931-4: Linux kernel (Xilinx) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Memory management; - Appletalk network protocol; - Netfilter; CVE-2025-37958,...

USN-7921-2: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Netfilter; - TLS protocol; CVE-2025-39946, CVE-2025-39964, CVE-2025-39993,...

USN-7940-1: Linux kernel (Azure FIPS) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7939-2: Linux kernel (Azure FIPS) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7939-1: Linux kernel (Azure) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7938-1: Linux kernel (Azure) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7889-7: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - Network drivers; - Netfilter; - TLS protocol; CVE-2025-21729, CVE-2025-38227, CVE-2025-38616,...

USN-7937-1: Linux kernel (Azure FIPS) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7935-1: Linux kernel (Azure) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7936-1: Linux kernel (OEM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Compute Acceleration Framework; - Media drivers; - Netfilter; - TLS protocol; CVE-2025-39946,...

USN-7920-2: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Tracing infrastructure; - Netfilter; CVE-2025-40018, CVE-2025-40232...

USN-7934-1: Linux kernel (Azure) vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux...

USN-7909-5: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...

USN-7933-1: Linux kernel (KVM) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7931-3: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Memory management; - Appletalk network protocol; - Netfilter; CVE-2025-37958,...

USN-7932-1: libsoup vulnerability

It was discovered libsoup incorrectly handled memory when handling specific HTTP/2 read and cancel sequences. An attacker could possibly use this issue to cause a denial of service...

USN-7931-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Memory management; - Appletalk network protocol; - Netfilter; CVE-2025-37958,...

USN-7931-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Memory management; - Appletalk network protocol; - Netfilter; CVE-2025-37958,...

USN-7930-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - MTD block device drivers;...