USN-7650-1: Linux kernel (OEM) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PA-RISC architecture; - PowerPC architecture; - S390 architecture; - x86 architecture; -...

USN-7645-1: PHP vulnerabilities

It was discovered that PHP incorrectly parsed certain HTTP response headers. An attacker could possibly use this issue to cause incorrect MIME type parsing which could result in unexpected behavior. CVE-2025-1217 It was discovered that PHP did not properly validate certain HTTP headers. An attack...

USN-7648-1: PHP vulnerabilities

It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use this issue to bypass certain hostname validation checks. CVE-2025-1220 It was discovered that PHP incorrectly handled the pgsql and pdopgsql escaping functions. A remo...

USN-7649-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PA-RISC architecture; - PowerPC architecture; - S390 architecture; - x86 architecture; -...

USN-7647-1: LedgerSMB vulnerabilities

It was discovered that LedgerSMB did not check the origin of HTML fragments. An attacker could possibly use this issue to send a maliciously crafted URL to the server and obtain sensitive information, or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubun...

USN-7646-1: Rails vulnerability

It was discovered that Rails did not correctly handle headers. An attacker could potentially use this issue to view arbitrary files on a target server. CVE-2019-5418...

USN-7609-5: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - Netfilter; - Network traffic control; CVE-2025-38001, CVE-2025-37798, CVE-2025-37932,...

USN-7591-6: Linux kernel (Raspberry Pi) vulnerabilities

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux Kernel contained an improper access control vulnerability. A nearby attacker could use this to connect a rougue device and possibly execute arbitrary code. CVE-2024-8805 It was discovered that the CIFS network file system...

USN-7443-3: Erlang vulnerability

USN-7443-1 fixed a vulnerability in Erlang. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk discovered that Erlang OTP’s SSH module incorrect handled authenticatio...

USN-7643-1: libsoup vulnerabilities

Jan Różański discovered that libsoup incorrectly handled range headers in an HTTP request. An attacker could possibly use this issue to cause libsoup to consume excessive memory, resulting in a denial of service. CVE-2025-32907 Alon Zahavi discovered that libsoup incorrectly handled memory when...

USN-7611-3: Linux kernel (AWS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; CVE-2025-38000, CVE-2025-37890, CVE-2025-38001, CVE-2025-37997, CVE-2025-3793...

USN-7642-1: AIOHTTP vulnerabilities

Ben Kallus discovered that AIOHTTP did not correctly parse HTTP headers. A remote attacker could possibly use this issue to perform request smuggling. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2023-47627 Ivan Novikov discovered that AIOHTTP did not properly validate...

USN-7638-1: Libmobi vulnerabilities

It was discovered that Libmobi did not correctly handle certain memory operations, which could lead to a buffer overflow. A local attacker could possibly trigger this vulnerability to cause a denial of service. CVE-2022-1907, CVE-2022-1908 It was discovered that Libmobi could dereference a NULL...

USN-7641-1: Bind vulnerability

It was discovered that Bind incorrectly handled configurations where the stale-answer-client-timeout option is set to 0. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service...

USN-7640-1: Linux kernel (IoT) vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

USN-7639-1: Apache HTTP Server vulnerabilities

It was discovered that the Apache HTTP Server incorrectly handled certain Content-Type response headers. A remote attacker could possibly use this issue to perform HTTP response splitting attacks. CVE-2024-42516 xiaojunjie discovered that the Apache HTTP Server modproxy module incorrectly handled...

USN-7585-7: Linux kernel (Raspberry Pi) vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

USN-7610-3: Linux kernel (Low Latency) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; CVE-2025-38001, CVE-2025-37997, CVE-2025-37798, CVE-2025-38000, CVE-2025-3793...

USN-7637-1: libjxl vulnerabilities

It was discovered that libjxl did not perform proper bounds checking when parsing Exif tags. An attacker could possibly use this issue to cause libjxl to crash, resulting in a denial of service. CVE-2023-0645 It was discovered that libjxl did not perform proper bounds checking when decoding...

USN-7636-1: Roundcube Webmail vulnerability

It was discovered that Roundcube Webmail incorrectly handled sanitization in the messagebody function. A remote attacker could possibly use this issue to send and receive emails as another user...

USN-7545-3: Apport regression

USN-7545-1 fixed vulnerabilities in Apport. The update introduced a regression that raised an error if a crashing process was killed while Apport was analyzing it. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that Apport incorrect...

USN-7635-1: GnuTLS vulnerabilities

It was discovered that GnuTLS incorrectly handled exporting Subject Alternative Name SAN entries containing an otherName. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-32988 It was discovered that...

USN-7634-1: GNU C Library vulnerabilities

It was discovered that the GNU C Library incorrectly handled the strcmp implementation optimized for Power10 processors. This could cause applications to crash, compute wrong results, or leak confidential information. CVE-2025-5702 It was discovered that the GNU C Library incorrectly handled the...

USN-7633-1: Nix vulnerabilities

Linus Heckemann discovered that Nix did not correctly handle certain binaries. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-38531 Pierre-Etienne Meunier discovered that Nix did not correctly handle TLS certificates. A remote attacker could possibly use this issue ...

USN-7608-6: Linux kernel (Xilinx ZynqMP) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Memory management; - Netfilter; - Network traffic control; CVE-2025-37890...

USN-7626-3: Git regression

USN-7626-1 fixed vulnerabilities in Git. The updates for CVE-2025-27613 and CVE-2025-46835 caused Gitk and Git GUI to not work properly on Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and were disabled in USN-7626-2. The problematic updates for the aforementioned CV...

USN-7630-1: RESTEasy vulnerabilities

It was discovered that RESTEasy made insufficient use of random values in asynchronous jobs. An attacker could possibly use this issue to steal user data. This issue only affected Ubuntu 14.04 LTS. CVE-2016-6345 It was discovered that RESTEasy enabled a vulnerable GZIP decompression module by...

LSN-0113-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. In the Linux kernel, the following vulnerability has been resolved: ubifs: authenticatio...

USN-7626-2: Git regression

USN-7626-1 fixed vulnerabilities in Git. The update introduced a regression in gitk and git-gui. This update reverts the corresponding fixes for CVE-2025-27613 and CVE-2025-46835 pending further investigation. We apologize for the inconvenience. Original advisory details: Avi Halachmi discovered...

USN-7632-1: YAML-LibYAML vulnerability

It was discovered that YAML-LibYAML incorrectly handled certain file names. An attacker could possibly use this issue to overwrite arbitrary files...

USN-7631-1: DjVuLibre vulnerability

It was discovered that DjVuLibre incorrectly handled certain memory operations. If a user or automated system were tricked into processing a specially crafted DjVu file, a remote attacker could cause applications to stop responding or crash, resulting in a denial of service, or possibly execute...

USN-7629-1: Protocol Buffers vulnerabilities

It was discovered that Protocol Buffers incorrectly handled memory when receiving malicious input using the Python bindings. An attacker could possibly use this issue to cause a denial of service. CVE-2025-4565 It was discovered that Protocol Buffers incorrectly handled memory when receiving...

USN-7609-4: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - Netfilter; - Network traffic control; CVE-2025-38001, CVE-2025-37798, CVE-2025-37932,...

USN-7611-2: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; CVE-2025-38000, CVE-2025-37890, CVE-2025-38001, CVE-2025-37997, CVE-2025-3793...

USN-7607-3: Linux kernel (KVM) vulnerabilities

It was discovered that a use-after-free vulnerability existed in the Bluetooth stack in the Linux kernel. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-3640 Several security issues were discovered in the Linux kernel. An...

USN-7628-1: Linux kernel (Azure) vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

USN-7610-2: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Netfilter; - Network traffic control; CVE-2025-38001, CVE-2025-37997, CVE-2025-37798, CVE-2025-38000, CVE-2025-3793...

USN-7608-5: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Memory management; - Netfilter; - Network traffic control; CVE-2025-37890...

USN-7627-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - Block layer subsystem; - ACPI drivers; - NILFS2 file system; - File systems infrastructure;...

USN-7627-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - Block layer subsystem; - ACPI drivers; - NILFS2 file system; - File systems infrastructure;...

USN-7412-2: GnuPG regression

USN-7412-1 fixed vulnerabilities in GnuPG. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated...

USN-7626-1: Git vulnerabilities

Avi Halachmi discovered that Git incorrectly managed file modification constraints with Gitk. An attacker could possibly use this issue to create or write to arbitrary files on the system. CVE-2025-27613 Avi Halachmi discovered that Git incorrectly handled arguments when invoking the Gitk utility...

USN-7594-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - PowerPC architecture; - RISC-V architecture; - User-Mode Linux UML; - x...

USN-7625-1: OnionShare vulnerabilities

It was discovered that OnionShare could be exploited when run with the --debug argument. A local attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. CVE-2018-19960 It was discovered that OnionShare could be blocke...

USN-7624-1: FreeRDP vulnerability

It was discovered that FreeRDP incorrectly handled certain RDP packets. A remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service...

USN-7010-2: DCMTK regression

USN-7010-1 fixed vulnerabilities in DCMTK. The update introduced a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If a user or an automated system were tricked into...

USN-7623-1: Ghostscript vulnerabilities

It was discovered that OpenJPEG, vendored in Ghostscript did not correctly handle large image files. If a user or system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu...

USN-7622-1: jQuery vulnerabilities

It was discovered that jQuery did not correctly handle HTML tags. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 14.04 LTS. CVE-2012-6708 It was discovered that jQuery did not correctly handle unsanitized source objects due ...

USN-7620-1: File::Find::Rule vulnerability

Kevin Ryde discovered that File::Find::Rule incorrectly handled certain file names. An attacker could possibly use this issue to execute arbitrary code...

USN-7619-1: libssh vulnerabilities

Ronald Crane discovered that libssh incorrectly handled certain base64 conversions. An attacker could use this issue to cause libssh to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2025-4877 Ronald Crane discovered that libssh incorrectly handled the...