Canonical USN OVAL Generator
1
5.11.1
2025-05-30T18:41:34
Copyright (C) 2025 Canonical LTD. All rights reserved. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for more details. You should have received a copy of the GNU General Public License version 3 along with this program. If not, see http://www.gnu.org/licenses/.
Check that Ubuntu 25.04 (plucky) is installed.
USN-7364-1 -- OpenSAML vulnerability
Ubuntu 25.04
Alexander Tan discovered that the OpenSAML C++ library was susceptible to forging of signed SAML messages. An attacker could possibly use this issue to gain unauthorized access to a system and manipulate sensitive information. Update Instructions: Run `sudo pro fix USN-7364-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsaml-dev - 3.3.0-2ubuntu1 libsaml-doc - 3.3.0-2ubuntu1 libsaml13 - 3.3.0-2ubuntu1 opensaml-schemas - 3.3.0-2ubuntu1 opensaml-tools - 3.3.0-2ubuntu1 No subscription required
None
https://launchpad.net/bugs/2103420
USN-7431-2 -- HAProxy vulnerability
Ubuntu 25.04
USN-7431-1 fixed a vulnerability in HAProxy. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a longer one. A remote attacker could use this issue to cause HAProxy to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7431-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 3.0.8-1ubuntu1.1 haproxy-doc - 3.0.8-1ubuntu1.1 vim-haproxy - 3.0.8-1ubuntu1.1 No subscription required
Medium
CVE-2025-32464
USN-7434-2 -- Perl vulnerability
Ubuntu 25.04
USN-7434-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: It was discovered that Perl incorrectly handled transliterating non-ASCII bytes. A remote attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7434-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.40.1-2ubuntu0.1 libperl5.40 - 5.40.1-2ubuntu0.1 perl - 5.40.1-2ubuntu0.1 perl-base - 5.40.1-2ubuntu0.1 perl-debug - 5.40.1-2ubuntu0.1 perl-doc - 5.40.1-2ubuntu0.1 perl-modules-5.40 - 5.40.1-2ubuntu0.1 No subscription required
Medium
CVE-2024-56406
USN-7443-2 -- Erlang vulnerability
Ubuntu 25.04
USN-7443-1 fixed a vulnerability in Erlang. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk discovered that Erlang OTP’s SSH module incorrect handled authentication. A remote attacker could use this issue to execute arbitrary commands without authentication, possibly leading to a system compromise. Update Instructions: Run `sudo pro fix USN-7443-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: erlang - 1:27.3+dfsg-1ubuntu1.1 erlang-asn1 - 1:27.3+dfsg-1ubuntu1.1 erlang-base - 1:27.3+dfsg-1ubuntu1.1 erlang-common-test - 1:27.3+dfsg-1ubuntu1.1 erlang-crypto - 1:27.3+dfsg-1ubuntu1.1 erlang-debugger - 1:27.3+dfsg-1ubuntu1.1 erlang-dev - 1:27.3+dfsg-1ubuntu1.1 erlang-dialyzer - 1:27.3+dfsg-1ubuntu1.1 erlang-diameter - 1:27.3+dfsg-1ubuntu1.1 erlang-doc - 1:27.3+dfsg-1ubuntu1.1 erlang-edoc - 1:27.3+dfsg-1ubuntu1.1 erlang-eldap - 1:27.3+dfsg-1ubuntu1.1 erlang-et - 1:27.3+dfsg-1ubuntu1.1 erlang-eunit - 1:27.3+dfsg-1ubuntu1.1 erlang-examples - 1:27.3+dfsg-1ubuntu1.1 erlang-ftp - 1:27.3+dfsg-1ubuntu1.1 erlang-inets - 1:27.3+dfsg-1ubuntu1.1 erlang-jinterface - 1:27.3+dfsg-1ubuntu1.1 erlang-megaco - 1:27.3+dfsg-1ubuntu1.1 erlang-mnesia - 1:27.3+dfsg-1ubuntu1.1 erlang-mode - 1:27.3+dfsg-1ubuntu1.1 erlang-nox - 1:27.3+dfsg-1ubuntu1.1 erlang-observer - 1:27.3+dfsg-1ubuntu1.1 erlang-odbc - 1:27.3+dfsg-1ubuntu1.1 erlang-os-mon - 1:27.3+dfsg-1ubuntu1.1 erlang-parsetools - 1:27.3+dfsg-1ubuntu1.1 erlang-public-key - 1:27.3+dfsg-1ubuntu1.1 erlang-reltool - 1:27.3+dfsg-1ubuntu1.1 erlang-runtime-tools - 1:27.3+dfsg-1ubuntu1.1 erlang-snmp - 1:27.3+dfsg-1ubuntu1.1 erlang-src - 1:27.3+dfsg-1ubuntu1.1 erlang-ssh - 1:27.3+dfsg-1ubuntu1.1 erlang-ssl - 1:27.3+dfsg-1ubuntu1.1 erlang-syntax-tools - 1:27.3+dfsg-1ubuntu1.1 erlang-tftp - 1:27.3+dfsg-1ubuntu1.1 erlang-tools - 1:27.3+dfsg-1ubuntu1.1 erlang-wx - 1:27.3+dfsg-1ubuntu1.1 erlang-x11 - 1:27.3+dfsg-1ubuntu1.1 erlang-xmerl - 1:27.3+dfsg-1ubuntu1.1 No subscription required
High
CVE-2025-32433
USN-7446-1 -- mod_auth_openidc vulnerability
Ubuntu 25.04
It was discovered that mod_auth_openidc incorrectly handled certain POST requests. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-7446-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-auth-openidc - 2.4.16.10-1ubuntu1 No subscription required
Medium
CVE-2025-31492
USN-7447-1 -- Yelp vulnerability
Ubuntu 25.04
It was discovered that Yelp incorrectly handled paths in ghelp URLs. A remote attacker could use this issue to trick users into opening malicious downloaded help files and exfiltrate sensitive information. Update Instructions: Run `sudo pro fix USN-7447-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: yelp-xsl - 42.1-3ubuntu0.1 No subscription required libyelp-dev - 42.2-2ubuntu0.1 libyelp0 - 42.2-2ubuntu0.1 yelp - 42.2-2ubuntu0.1 No subscription required
Medium
CVE-2025-3155
USN-7454-1 -- libarchive vulnerabilities
Ubuntu 25.04
It was discovered that the libarchive bsdunzip utility incorrectly handled certain ZIP archive files. If a user or automated system were tricked into processing a specially crafted ZIP archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-1632) It was discovered that libarchive incorrectly handled certain TAR archive files. If a user or automated system were tricked into processing a specially crafted TAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-25724) Update Instructions: Run `sudo pro fix USN-7454-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libarchive-dev - 3.7.7-0ubuntu2.1 libarchive-tools - 3.7.7-0ubuntu2.1 libarchive13t64 - 3.7.7-0ubuntu2.1 No subscription required
Medium
CVE-2025-1632
CVE-2025-25724
USN-7457-1 -- OpenSSH vulnerability
Ubuntu 25.04
It was discovered that OpenSSH incorrectly handled the DisableForwarding directive. The directive would fail to disable X11 and agent forwarding, contrary to documentation and expectations. Update Instructions: Run `sudo pro fix USN-7457-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:9.9p1-3ubuntu3.1 openssh-client-gssapi - 1:9.9p1-3ubuntu3.1 openssh-server - 1:9.9p1-3ubuntu3.1 openssh-server-gssapi - 1:9.9p1-3ubuntu3.1 openssh-sftp-server - 1:9.9p1-3ubuntu3.1 openssh-tests - 1:9.9p1-3ubuntu3.1 ssh - 1:9.9p1-3ubuntu3.1 ssh-askpass-gnome - 1:9.9p1-3ubuntu3.1 No subscription required
Medium
CVE-2025-32728
USN-7464-1 -- Jupyter Notebook vulnerability
Ubuntu 25.04
It was discovered that Jupyter Notebook did not properly parse HTML comments under certain circumstances. An attacker could possibly use this issue to cause a regular expression denial of service (ReDoS). Update Instructions: Run `sudo pro fix USN-7464-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jupyter-notebook - 6.4.13-5ubuntu0.1 python-notebook-doc - 6.4.13-5ubuntu0.1 python3-notebook - 6.4.13-5ubuntu0.1 No subscription required
Medium
CVE-2022-25887
USN-7467-1 -- libxml2 vulnerabilities
Ubuntu 25.04
It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service. (CVE-2025-32414) It was discovered that libxml2 incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service. (CVE-2025-32415) Update Instructions: Run `sudo pro fix USN-7467-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.12.7+dfsg+really2.9.14-0.4ubuntu0.1 libxml2-dev - 2.12.7+dfsg+really2.9.14-0.4ubuntu0.1 libxml2-doc - 2.12.7+dfsg+really2.9.14-0.4ubuntu0.1 libxml2-utils - 2.12.7+dfsg+really2.9.14-0.4ubuntu0.1 python3-libxml2 - 2.12.7+dfsg+really2.9.14-0.4ubuntu0.1 No subscription required
Medium
CVE-2025-32414
CVE-2025-32415
USN-7471-1 -- poppler vulnerabilities
Ubuntu 25.04
It was discovered that poppler did not properly verify adbe.pkcs7.sha1 signatures in PDF documents. An attacker could possibly use this issue to create documents with forged signatures that are treated as legitimately signed. Update Instructions: Run `sudo pro fix USN-7471-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-poppler-0.18 - 25.03.0-3ubuntu1 libpoppler-cpp-dev - 25.03.0-3ubuntu1 libpoppler-cpp2 - 25.03.0-3ubuntu1 libpoppler-dev - 25.03.0-3ubuntu1 libpoppler-glib-dev - 25.03.0-3ubuntu1 libpoppler-glib-doc - 25.03.0-3ubuntu1 libpoppler-glib8t64 - 25.03.0-3ubuntu1 libpoppler-private-dev - 25.03.0-3ubuntu1 libpoppler-qt5-1t64 - 25.03.0-3ubuntu1 libpoppler-qt5-dev - 25.03.0-3ubuntu1 libpoppler-qt6-3t64 - 25.03.0-3ubuntu1 libpoppler-qt6-dev - 25.03.0-3ubuntu1 libpoppler147 - 25.03.0-3ubuntu1 poppler-utils - 25.03.0-3ubuntu1 No subscription required
Medium
CVE-2025-43903
USN-7477-1 -- c-ares vulnerability
Ubuntu 25.04
It was discovered that c-ares incorrectly handled re-enqueuing certain queries. A remote attacker could possibly use this issue to cause c-ares to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-7477-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares-dev - 1.34.4-2.1ubuntu0.1 libc-ares2 - 1.34.4-2.1ubuntu0.1 libcares2 - 1.34.4-2.1ubuntu0.1 No subscription required
Medium
CVE-2025-31498
USN-7479-1 -- MySQL vulnerabilities
Ubuntu 25.04
Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.42 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. Ubuntu 25.04 has been updated to MySQL 8.4.5. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-42.html https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-5.html https://www.oracle.com/security-alerts/cpuapr2025.html Update Instructions: Run `sudo pro fix USN-7479-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmysqlclient-dev - 8.4.5-0ubuntu0.1 libmysqlclient24 - 8.4.5-0ubuntu0.1 mysql-client - 8.4.5-0ubuntu0.1 mysql-client-core - 8.4.5-0ubuntu0.1 mysql-router - 8.4.5-0ubuntu0.1 mysql-server - 8.4.5-0ubuntu0.1 mysql-server-core - 8.4.5-0ubuntu0.1 mysql-source - 8.4.5-0ubuntu0.1 mysql-testsuite - 8.4.5-0ubuntu0.1 No subscription required
Medium
CVE-2025-21574
CVE-2025-21575
CVE-2025-21577
CVE-2025-21579
CVE-2025-21580
CVE-2025-21581
CVE-2025-21584
CVE-2025-21585
CVE-2025-21588
CVE-2025-30681
CVE-2025-30682
CVE-2025-30683
CVE-2025-30684
CVE-2025-30685
CVE-2025-30687
CVE-2025-30688
CVE-2025-30689
CVE-2025-30693
CVE-2025-30695
CVE-2025-30696
CVE-2025-30699
CVE-2025-30703
CVE-2025-30704
CVE-2025-30705
CVE-2025-30715
CVE-2025-30721
CVE-2025-30722
USN-7480-1 -- OpenJDK 8 vulnerabilities
Ubuntu 25.04
Alicja Kario discovered that the JSSE component of OpenJDK 8 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 8 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 8 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7480-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-demo - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-doc - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-jdk - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-jdk-headless - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-jre - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-jre-headless - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-jre-zero - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-source - 8u452-ga~us1-0ubuntu1~25.04 No subscription required
Medium
CVE-2025-21587
CVE-2025-30691
CVE-2025-30698
USN-7481-1 -- OpenJDK 11 vulnerabilities
Ubuntu 25.04
Alicja Kario discovered that the JSSE component of OpenJDK 11 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 11 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 11 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7481-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-demo - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-doc - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-jdk - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-jdk-headless - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-jre - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-jre-headless - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-jre-zero - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-source - 11.0.27+6~us1-0ubuntu1~25.04 No subscription required
Medium
CVE-2025-21587
CVE-2025-30691
CVE-2025-30698
USN-7482-1 -- OpenJDK 17 vulnerabilities
Ubuntu 25.04
Alicja Kario discovered that the JSSE component of OpenJDK 17 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 17 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7482-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-17-demo - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-doc - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jdk - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jdk-headless - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jre - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jre-headless - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jre-zero - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-source - 17.0.15+6~us1-0ubuntu1~25.04 No subscription required
Medium
CVE-2025-21587
CVE-2025-30691
CVE-2025-30698
USN-7483-1 -- OpenJDK 21 vulnerabilities
Ubuntu 25.04
Alicja Kario discovered that the JSSE component of OpenJDK 21 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 21 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 21 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7483-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-21-demo - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-doc - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-jdk - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-jdk-headless - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-jre - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-jre-headless - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-jre-zero - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-source - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-testsupport - 21.0.7+6~us1-0ubuntu1~25.04 No subscription required
Medium
CVE-2025-21587
CVE-2025-30691
CVE-2025-30698
USN-7484-1 -- OpenJDK 24 vulnerabilities
Ubuntu 25.04
Alicja Kario discovered that the JSSE component of OpenJDK 24 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 24 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 24 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7484-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-24-demo - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-doc - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jdk - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jdk-headless - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jre - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jre-headless - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jre-zero - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jvmci-jdk - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-source - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-testsupport - 24.0.1+9~us1-0ubuntu1~25.04 No subscription required
Medium
CVE-2025-21587
CVE-2025-30691
CVE-2025-30698
USN-7485-1 -- LibRaw vulnerabilities
Ubuntu 25.04
It was discovered that LibRaw could be made to read out of bounds. An attacker could possibly use this issue to cause applications using LibRaw to crash, resulting in a denial of service. (CVE-2025-43961, CVE-2025-43962, CVE-2025-43963, CVE-2025-43964) Update Instructions: Run `sudo pro fix USN-7485-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw-bin - 0.21.3-1ubuntu0.25.04.1 libraw-dev - 0.21.3-1ubuntu0.25.04.1 libraw-doc - 0.21.3-1ubuntu0.25.04.1 libraw23t64 - 0.21.3-1ubuntu0.25.04.1 No subscription required
Medium
CVE-2025-43961
CVE-2025-43962
CVE-2025-43963
CVE-2025-43964
USN-7486-1 -- FastCGI vulnerability
Ubuntu 25.04
It was discovered that FastCGI incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7486-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfcgi-bin - 2.4.2-2.1ubuntu0.25.04.1 libfcgi-dev - 2.4.2-2.1ubuntu0.25.04.1 libfcgi0t64 - 2.4.2-2.1ubuntu0.25.04.1 No subscription required
Medium
CVE-2025-23016
USN-7490-1 -- libsoup vulnerabilities
Ubuntu 25.04
Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. (CVE-2025-32906) Alon Zahavi discovered that libsoup incorrectly parsed video files. An attacker could possibly use this issue to send a maliciously crafted HTTP response back to the client, causing a denial of service, or leading to undefined behavior. (CVE-2025-32909) Jan Różański discovered that libsoup incorrectly handled memory when parsing authentication headers. An attacker could possibly use this issue to send a maliciously crafted HTTP response back to the client, causing a denial of service. (CVE-2025-32910, CVE-2025-32912) It was discovered that libsoup incorrectly handled data in the hash table data type. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service or remote code execution. (CVE-2025-32911) Jan Różański discovered that libsoup incorrectly handled memory when parsing the content disposition HTTP header. An attacker could possibly use this issue to send maliciously crafted data to a client or server, causing a denial of service. (CVE-2025-32913) Alon Zahavi discovered that libsoup incorrectly handled memory when parsing HTTP requests. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service or obtaining sensitive information. (CVE-2025-32914) It was discovered that libsoup incorrectly handled memory when parsing quality-list headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. (CVE-2025-46420) Jan Różański discovered that libsoup did not strip authorization information upon redirects. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-46421) Update Instructions: Run `sudo pro fix USN-7490-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-soup-2.4 - 2.74.3-10ubuntu0.1 libsoup-2.4-1 - 2.74.3-10ubuntu0.1 libsoup-gnome-2.4-1 - 2.74.3-10ubuntu0.1 libsoup-gnome2.4-dev - 2.74.3-10ubuntu0.1 libsoup2.4-common - 2.74.3-10ubuntu0.1 libsoup2.4-dev - 2.74.3-10ubuntu0.1 libsoup2.4-doc - 2.74.3-10ubuntu0.1 libsoup2.4-tests - 2.74.3-10ubuntu0.1 No subscription required
Medium
CVE-2025-32906
CVE-2025-32909
CVE-2025-32910
CVE-2025-32911
CVE-2025-32912
CVE-2025-32913
CVE-2025-32914
CVE-2025-46420
CVE-2025-46421
USN-7490-2 -- libsoup regression
Ubuntu 25.04
USN-7490-1 fixed vulnerabilities in libsoup. It was discovered that the fix for CVE-2025-32912 was incomplete. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. (CVE-2025-32906) Alon Zahavi discovered that libsoup incorrectly parsed video files. An attacker could possibly use this issue to send a maliciously crafted HTTP response back to the client, causing a denial of service, or leading to undefined behavior. (CVE-2025-32909) Jan Różański discovered that libsoup incorrectly handled memory when parsing authentication headers. An attacker could possibly use this issue to send a maliciously crafted HTTP response back to the client, causing a denial of service. (CVE-2025-32910, CVE-2025-32912) It was discovered that libsoup incorrectly handled data in the hash table data type. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service or remote code execution. (CVE-2025-32911) Jan Różański discovered that libsoup incorrectly handled memory when parsing the content disposition HTTP header. An attacker could possibly use this issue to send maliciously crafted data to a client or server, causing a denial of service. (CVE-2025-32913) Alon Zahavi discovered that libsoup incorrectly handled memory when parsing HTTP requests. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service or obtaining sensitive information. (CVE-2025-32914) It was discovered that libsoup incorrectly handled memory when parsing quality-list headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. (CVE-2025-46420) Jan Różański discovered that libsoup did not strip authorization information upon redirects. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-46421) Update Instructions: Run `sudo pro fix USN-7490-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-soup-2.4 - 2.74.3-10ubuntu0.2 libsoup-2.4-1 - 2.74.3-10ubuntu0.2 libsoup-gnome-2.4-1 - 2.74.3-10ubuntu0.2 libsoup-gnome2.4-dev - 2.74.3-10ubuntu0.2 libsoup2.4-common - 2.74.3-10ubuntu0.2 libsoup2.4-dev - 2.74.3-10ubuntu0.2 libsoup2.4-doc - 2.74.3-10ubuntu0.2 libsoup2.4-tests - 2.74.3-10ubuntu0.2 No subscription required
Medium
CVE-2025-32912
https://launchpad.net/bugs/2110056
USN-7501-1 -- Django vulnerability
Ubuntu 25.04
Elias Myllymäki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-7501-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 3:4.2.18-1ubuntu1.1 python3-django - 3:4.2.18-1ubuntu1.1 No subscription required
Medium
CVE-2025-32873
USN-7503-1 -- h11 vulnerability
Ubuntu 25.04
Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle malicious HTTP requests, which could potentially lead to security control bypass and information leakage. Update Instructions: Run `sudo pro fix USN-7503-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-h11 - 0.14.0-1ubuntu0.25.04.1 No subscription required
Medium
CVE-2025-43859
USN-7505-1 -- Abseil vulnerability
Ubuntu 25.04
It was discovered that Abseil incorrectly handled memory with the upper bound of the size argument. An attacker could possibly use this issue to cause a denial of service or memory corruption. Update Instructions: Run `sudo pro fix USN-7505-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libabsl-dev - 20230802.1-4.2ubuntu0.2 libabsl20230802 - 20230802.1-4.2ubuntu0.2 No subscription required
Medium
CVE-2025-0838
USN-7507-1 -- Rack vulnerabilities
Ubuntu 25.04
It was discovered that Rack incorrectly handled deleted rack sessions. An attacker could possibly use this issue to expose sensitive information or to gain unauthorized access to user accounts. (CVE-2025-32441) It was discovered that Rack incorrectly limited the number of parameters in a web request. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-46727) Update Instructions: Run `sudo pro fix USN-7507-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack - 2.2.7-1.1ubuntu0.25.04.1 No subscription required
Medium
CVE-2025-46727
CVE-2025-32441
USN-7508-1 -- Open VM Tools vulnerability
Ubuntu 25.04
It was discovered that Open VM Tools incorrectly handled certain file operations. An attacker in a guest could use this issue to perform insecure file operations and possibly elevate privileges in the guest. Update Instructions: Run `sudo pro fix USN-7508-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: open-vm-tools - 2:12.5.0-1ubuntu0.1 open-vm-tools-containerinfo - 2:12.5.0-1ubuntu0.1 open-vm-tools-desktop - 2:12.5.0-1ubuntu0.1 open-vm-tools-dev - 2:12.5.0-1ubuntu0.1 open-vm-tools-salt-minion - 2:12.5.0-1ubuntu0.1 open-vm-tools-sdmp - 2:12.5.0-1ubuntu0.1 No subscription required
Medium
CVE-2025-22247
USN-7509-1 -- .NET vulnerability
Ubuntu 25.04
It was discovered that .NET did not properly handle file names and paths under certain conditions. An attacker could possibly use this issue to perform spoofing over a network. Update Instructions: Run `sudo pro fix USN-7509-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dotnet-sdk-8.0 - 8.0.116-0ubuntu1~25.04.1 dotnet-sdk-8.0-source-built-artifacts - 8.0.116-0ubuntu1~25.04.1 dotnet-sdk-dbg-8.0 - 8.0.116-0ubuntu1~25.04.1 dotnet-templates-8.0 - 8.0.116-0ubuntu1~25.04.1 netstandard-targeting-pack-2.1-8.0 - 8.0.116-0ubuntu1~25.04.1 No subscription required dotnet8 - 8.0.116-8.0.16-0ubuntu1~25.04.1 No subscription required aspnetcore-runtime-8.0 - 8.0.16-0ubuntu1~25.04.1 aspnetcore-runtime-dbg-8.0 - 8.0.16-0ubuntu1~25.04.1 aspnetcore-targeting-pack-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-apphost-pack-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-host-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-hostfxr-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-runtime-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-runtime-dbg-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-targeting-pack-8.0 - 8.0.16-0ubuntu1~25.04.1 No subscription required dotnet-sdk-9.0 - 9.0.106-0ubuntu1~25.04.1 dotnet-sdk-9.0-source-built-artifacts - 9.0.106-0ubuntu1~25.04.1 dotnet-sdk-aot-9.0 - 9.0.106-0ubuntu1~25.04.1 dotnet-sdk-dbg-9.0 - 9.0.106-0ubuntu1~25.04.1 dotnet-templates-9.0 - 9.0.106-0ubuntu1~25.04.1 netstandard-targeting-pack-2.1-9.0 - 9.0.106-0ubuntu1~25.04.1 No subscription required dotnet9 - 9.0.106-9.0.5-0ubuntu1~25.04.1 No subscription required aspnetcore-runtime-9.0 - 9.0.5-0ubuntu1~25.04.1 aspnetcore-runtime-dbg-9.0 - 9.0.5-0ubuntu1~25.04.1 aspnetcore-targeting-pack-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-apphost-pack-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-host-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-hostfxr-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-runtime-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-runtime-dbg-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-targeting-pack-9.0 - 9.0.5-0ubuntu1~25.04.1 No subscription required
Medium
CVE-2025-26646
USN-7520-2 -- PostgreSQL vulnerability
Ubuntu 25.04
USN-7520-1 fixed a vulnerability in PostgreSQL. This update provides the corresponding updates for Ubuntu 25.04. Original advisory details: It was discovered that PostgreSQL incorrectly handled the GB18030 encoding. An attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-7520-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecpg-compat3 - 17.5-0ubuntu0.25.04.1 libecpg-dev - 17.5-0ubuntu0.25.04.1 libecpg6 - 17.5-0ubuntu0.25.04.1 libpgtypes3 - 17.5-0ubuntu0.25.04.1 libpq-dev - 17.5-0ubuntu0.25.04.1 libpq5 - 17.5-0ubuntu0.25.04.1 postgresql-17 - 17.5-0ubuntu0.25.04.1 postgresql-client-17 - 17.5-0ubuntu0.25.04.1 postgresql-doc-17 - 17.5-0ubuntu0.25.04.1 postgresql-plperl-17 - 17.5-0ubuntu0.25.04.1 postgresql-plpython3-17 - 17.5-0ubuntu0.25.04.1 postgresql-pltcl-17 - 17.5-0ubuntu0.25.04.1 postgresql-server-dev-17 - 17.5-0ubuntu0.25.04.1 No subscription required
Medium
CVE-2025-4207
USN-7525-2 -- Tomcat vulnerability
Ubuntu 25.04
USN-7525-1 fixed CVE-2025-24813 for tomcat9 in Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. This update fixes it for tomcat9 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.10. These versions include only the tomcat library (libtomcat9-java) and not the full tomcat server stack. Original advisory details: It was discovered that Apache Tomcat incorrectly implemented partial PUT functionality by replacing path separators with dots in temporary files. A remote attacker could possibly use this issue to access sensitive files, inject malicious content, or execute remote code. Update Instructions: Run `sudo pro fix USN-7525-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtomcat9-java - 9.0.70-2ubuntu1.25.04.1 No subscription required
High
CVE-2025-24813
USN-7526-1 -- Bind vulnerability
Ubuntu 25.04
It was discovered that Bind incorrectly handled certain DNS messages with invalid TSIG. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-7526-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.20.4-3ubuntu1.1 bind9-dev - 1:9.20.4-3ubuntu1.1 bind9-dnsutils - 1:9.20.4-3ubuntu1.1 bind9-doc - 1:9.20.4-3ubuntu1.1 bind9-host - 1:9.20.4-3ubuntu1.1 bind9-libs - 1:9.20.4-3ubuntu1.1 bind9-utils - 1:9.20.4-3ubuntu1.1 bind9utils - 1:9.20.4-3ubuntu1.1 dnsutils - 1:9.20.4-3ubuntu1.1 No subscription required
Medium
CVE-2025-40775
USN-7528-1 -- SQLite vulnerabilities
Ubuntu 25.04
It was discovered that SQLite incorrectly handled the concat_ws() function. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-29087, CVE-2025-3277) It was discovered that SQLite incorrectly handled certain argument values to sqlite3_db_config(). An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-29088) Update Instructions: Run `sudo pro fix USN-7528-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.46.1-3ubuntu0.1 libsqlite3-0 - 3.46.1-3ubuntu0.1 libsqlite3-dev - 3.46.1-3ubuntu0.1 libsqlite3-ext-csv - 3.46.1-3ubuntu0.1 libsqlite3-ext-icu - 3.46.1-3ubuntu0.1 libsqlite3-tcl - 3.46.1-3ubuntu0.1 sqlite3 - 3.46.1-3ubuntu0.1 sqlite3-doc - 3.46.1-3ubuntu0.1 sqlite3-tools - 3.46.1-3ubuntu0.1 No subscription required
Medium
CVE-2025-29087
CVE-2025-29088
CVE-2025-3277
USN-7530-1 -- ADOdb vulnerability
Ubuntu 25.04
It was discovered that ADOdb incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. Update Instructions: Run `sudo pro fix USN-7530-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libphp-adodb - 5.22.8-0.1ubuntu0.1 No subscription required
Medium
CVE-2025-46337
USN-7531-1 -- CRaC JDK 21 vulnerabilities
Ubuntu 25.04
Alicja Kario discovered that the JSSE component of CRaC JDK 21 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of CRaC JDK 21 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of CRaC JDK 21 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7531-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-21-crac-demo - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-doc - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jdk - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jdk-headless - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre-headless - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre-zero - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-source - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-testsupport - 21.0.7+6.1-0ubuntu1~25.04 No subscription required
Medium
CVE-2025-30698
CVE-2025-21587
CVE-2025-30691
USN-7532-1 -- GLib vulnerability
Ubuntu 25.04
It was discovered that Glib incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7532-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-girepository-3.0 - 2.84.1-1ubuntu0.1 gir1.2-girepository-3.0-dev - 2.84.1-1ubuntu0.1 gir1.2-glib-2.0 - 2.84.1-1ubuntu0.1 gir1.2-glib-2.0-dev - 2.84.1-1ubuntu0.1 girepository-tools - 2.84.1-1ubuntu0.1 libgio-2.0-dev - 2.84.1-1ubuntu0.1 libgio-2.0-dev-bin - 2.84.1-1ubuntu0.1 libgirepository-2.0-0 - 2.84.1-1ubuntu0.1 libgirepository-2.0-dev - 2.84.1-1ubuntu0.1 libglib2.0-0t64 - 2.84.1-1ubuntu0.1 libglib2.0-bin - 2.84.1-1ubuntu0.1 libglib2.0-data - 2.84.1-1ubuntu0.1 libglib2.0-dev - 2.84.1-1ubuntu0.1 libglib2.0-dev-bin - 2.84.1-1ubuntu0.1 libglib2.0-doc - 2.84.1-1ubuntu0.1 libglib2.0-tests - 2.84.1-1ubuntu0.1 No subscription required
Medium
CVE-2025-4373
USN-7533-1 -- CRaC JDK 17 vulnerabilities
Ubuntu 25.04
Alicja Kario discovered that the JSSE component of CRaC JDK 17 incorrectly handled RSA padding. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of CRaC JDK 17 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of CRaC JDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following link for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7533-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-17-crac-demo - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-doc - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-jdk - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-jdk-headless - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-jre - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-jre-headless - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-jre-zero - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-source - 17.0.15+6-0ubuntu1~25.04 No subscription required
Medium
CVE-2025-21587
CVE-2025-30691
CVE-2025-30698
USN-7534-1 -- Flask vulnerability
Ubuntu 25.04
It was discovered that Flask incorrectly handled key rotation. An attacker could possibly use this issue to sign sessions with stale keys. Update Instructions: Run `sudo pro fix USN-7534-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-flask-doc - 3.1.0-2ubuntu1.1 python3-flask - 3.1.0-2ubuntu1.1 No subscription required
Medium
CVE-2025-47278
USN-7535-1 -- Intel Microcode vulnerabilities
Ubuntu 25.04
Sander Wiebing and Cristiano Giuffrida discovered that some Intel® Processors did not properly handle data in Shared Microarchitectural Structures during Transient Execution. An authenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2024-28956) It was discovered that some Intel® Processors did not properly handle prediction calculations. An authenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2024-43420, CVE-2024-45332, CVE-2025-20623) It was discovered that some Intel® Processors did not properly initialize resources in the branch prediction unit. An authenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2025-20012, CVE-2025-24495) Michal Raviv and Jeff Gilbert discovered that some Intel® Processors did not properly handle resources and exceptions in the core management mechanism. An authenticated attacker could possibly use this issue to cause a denial of service. (CVE-2025-20054, CVE-2025-20103) Update Instructions: Run `sudo pro fix USN-7535-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20250512.0ubuntu0.25.04.1 No subscription required
Medium
CVE-2024-28956
CVE-2024-43420
CVE-2024-45332
CVE-2025-20012
CVE-2025-20054
CVE-2025-20103
CVE-2025-20623
CVE-2025-24495
USN-7537-1 -- net-tools vulnerability
Ubuntu 25.04
It was discovered that net-tools incorrectly handled certain inputs. An attacker could possible use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7537-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: net-tools - 2.10-1.1ubuntu1.25.04.1 No subscription required
Medium
CVE-2025-46836
USN-7537-2 -- net-tools regression
Ubuntu 25.04
USN-7537-1 fixed a vulnerability in net-tools that caused a regression. This update fixes the problem. Original advisory details: It was discovered that net-tools incorrectly handled certain inputs. An attacker could possible use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7537-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: net-tools - 2.10-1.1ubuntu1.25.04.4 No subscription required
None
https://launchpad.net/bugs/2111912
USN-7538-1 -- FFmpeg vulnerabilities
Ubuntu 25.04
Simcha Kosman discovered that FFmpeg did not correctly handle certain return values. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-0518) It was discovered that FFmpeg did not correctly handle certain memory operations. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.10. (CVE-2025-1816) It was discovered that FFmpeg contained a reachable assertion, which could lead to a failure when processing certain AAC files. If a user or automated system were tricked into opening a specially crafted AAC file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-22919) It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10 and Ubuntu 25.04. (CVE-2025-22921) It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10 and Ubuntu 25.04. (CVE-2025-25473) Update Instructions: Run `sudo pro fix USN-7538-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ffmpeg - 7:7.1.1-1ubuntu1.1 ffmpeg-doc - 7:7.1.1-1ubuntu1.1 libavcodec-dev - 7:7.1.1-1ubuntu1.1 libavcodec-extra - 7:7.1.1-1ubuntu1.1 libavcodec-extra61 - 7:7.1.1-1ubuntu1.1 libavcodec61 - 7:7.1.1-1ubuntu1.1 libavdevice-dev - 7:7.1.1-1ubuntu1.1 libavdevice61 - 7:7.1.1-1ubuntu1.1 libavfilter-dev - 7:7.1.1-1ubuntu1.1 libavfilter-extra - 7:7.1.1-1ubuntu1.1 libavfilter-extra10 - 7:7.1.1-1ubuntu1.1 libavfilter10 - 7:7.1.1-1ubuntu1.1 libavformat-dev - 7:7.1.1-1ubuntu1.1 libavformat-extra - 7:7.1.1-1ubuntu1.1 libavformat-extra61 - 7:7.1.1-1ubuntu1.1 libavformat61 - 7:7.1.1-1ubuntu1.1 libavutil-dev - 7:7.1.1-1ubuntu1.1 libavutil59 - 7:7.1.1-1ubuntu1.1 libpostproc-dev - 7:7.1.1-1ubuntu1.1 libpostproc58 - 7:7.1.1-1ubuntu1.1 libswresample-dev - 7:7.1.1-1ubuntu1.1 libswresample5 - 7:7.1.1-1ubuntu1.1 libswscale-dev - 7:7.1.1-1ubuntu1.1 libswscale8 - 7:7.1.1-1ubuntu1.1 No subscription required
Medium
CVE-2025-22919
CVE-2025-0518
CVE-2025-22921
CVE-2025-25473
CVE-2025-1816
USN-7543-1 -- libsoup vulnerabilities
Ubuntu 25.04
Jan Różański discovered that libsoup incorrectly handled certain headers when sending HTTP/2 requests over TLS. An attacker could possibly use this issue to cause a denial of service. This issue only affected libsoup3 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-32908) Jan Różański discovered that libsoup incorrectly parsed certain response headers. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-4476) Update Instructions: Run `sudo pro fix USN-7543-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-soup-2.4 - 2.74.3-10ubuntu0.3 libsoup-2.4-1 - 2.74.3-10ubuntu0.3 libsoup-gnome-2.4-1 - 2.74.3-10ubuntu0.3 libsoup-gnome2.4-dev - 2.74.3-10ubuntu0.3 libsoup2.4-common - 2.74.3-10ubuntu0.3 libsoup2.4-dev - 2.74.3-10ubuntu0.3 libsoup2.4-doc - 2.74.3-10ubuntu0.3 libsoup2.4-tests - 2.74.3-10ubuntu0.3 No subscription required gir1.2-soup-3.0 - 3.6.5-1ubuntu0.1 libsoup-3.0-0 - 3.6.5-1ubuntu0.1 libsoup-3.0-common - 3.6.5-1ubuntu0.1 libsoup-3.0-dev - 3.6.5-1ubuntu0.1 libsoup-3.0-doc - 3.6.5-1ubuntu0.1 libsoup-3.0-tests - 3.6.5-1ubuntu0.1 No subscription required
Medium
CVE-2025-4476
CVE-2025-32908
USN-7544-1 -- Setuptools vulnerability
Ubuntu 25.04
It was discovered that setuptools did not properly sanitize paths. An attacker could possibly use this issue to write files to arbitrary locations on the filesystem. Update Instructions: Run `sudo pro fix USN-7544-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-setuptools-doc - 75.8.0-1ubuntu1 python3-pkg-resources - 75.8.0-1ubuntu1 python3-setuptools - 75.8.0-1ubuntu1 python3-setuptools-whl - 75.8.0-1ubuntu1 No subscription required
Medium
CVE-2025-47273
/etc/lsb-release
^[\s\S]*DISTRIB_CODENAME=([a-z]+)$
1
unix
plucky
0:3.3.0-2ubuntu1
0:3.0.8-1ubuntu1.1
0:5.40.1-2ubuntu0.1
1:27.3+dfsg-1ubuntu1.1
0:2.4.16.10-1ubuntu1
0:42.1-3ubuntu0.1
0:42.2-2ubuntu0.1
0:3.7.7-0ubuntu2.1
1:9.9p1-3ubuntu3.1
0:6.4.13-5ubuntu0.1
0:2.12.7+dfsg+really2.9.14-0.4ubuntu0.1
0:25.03.0-3ubuntu1
0:1.34.4-2.1ubuntu0.1
0:8.4.5-0ubuntu0.1
0:8u452-ga~us1-0ubuntu1~25.04
0:11.0.27+6~us1-0ubuntu1~25.04
0:17.0.15+6~us1-0ubuntu1~25.04
0:21.0.7+6~us1-0ubuntu1~25.04
0:24.0.1+9~us1-0ubuntu1~25.04
0:0.21.3-1ubuntu0.25.04.1
0:2.4.2-2.1ubuntu0.25.04.1
0:2.74.3-10ubuntu0.1
0:2.74.3-10ubuntu0.2
3:4.2.18-1ubuntu1.1
0:0.14.0-1ubuntu0.25.04.1
0:20230802.1-4.2ubuntu0.2
0:2.2.7-1.1ubuntu0.25.04.1
2:12.5.0-1ubuntu0.1
0:8.0.116-0ubuntu1~25.04.1
0:8.0.116-8.0.16-0ubuntu1~25.04.1
0:8.0.16-0ubuntu1~25.04.1
0:9.0.106-0ubuntu1~25.04.1
0:9.0.106-9.0.5-0ubuntu1~25.04.1
0:9.0.5-0ubuntu1~25.04.1
0:17.5-0ubuntu0.25.04.1
0:9.0.70-2ubuntu1.25.04.1
1:9.20.4-3ubuntu1.1
0:3.46.1-3ubuntu0.1
0:5.22.8-0.1ubuntu0.1
0:21.0.7+6.1-0ubuntu1~25.04
0:2.84.1-1ubuntu0.1
0:17.0.15+6-0ubuntu1~25.04
0:3.1.0-2ubuntu1.1
0:3.20250512.0ubuntu0.25.04.1
0:2.10-1.1ubuntu1.25.04.1
0:2.10-1.1ubuntu1.25.04.4
7:7.1.1-1ubuntu1.1
0:2.74.3-10ubuntu0.3
0:3.6.5-1ubuntu0.1
0:75.8.0-1ubuntu1
libsaml-dev
libsaml-doc
libsaml13
opensaml-schemas
opensaml-tools
haproxy
haproxy-doc
vim-haproxy
libperl-dev
libperl5.40
perl
perl-base
perl-debug
perl-doc
perl-modules-5.40
erlang
erlang-asn1
erlang-base
erlang-common-test
erlang-crypto
erlang-debugger
erlang-dev
erlang-dialyzer
erlang-diameter
erlang-doc
erlang-edoc
erlang-eldap
erlang-et
erlang-eunit
erlang-examples
erlang-ftp
erlang-inets
erlang-jinterface
erlang-megaco
erlang-mnesia
erlang-mode
erlang-nox
erlang-observer
erlang-odbc
erlang-os-mon
erlang-parsetools
erlang-public-key
erlang-reltool
erlang-runtime-tools
erlang-snmp
erlang-src
erlang-ssh
erlang-ssl
erlang-syntax-tools
erlang-tftp
erlang-tools
erlang-wx
erlang-x11
erlang-xmerl
libapache2-mod-auth-openidc
yelp-xsl
libyelp-dev
libyelp0
yelp
libarchive-dev
libarchive-tools
libarchive13t64
openssh-client
openssh-client-gssapi
openssh-server
openssh-server-gssapi
openssh-sftp-server
openssh-tests
ssh
ssh-askpass-gnome
jupyter-notebook
python-notebook-doc
python3-notebook
libxml2
libxml2-dev
libxml2-doc
libxml2-utils
python3-libxml2
gir1.2-poppler-0.18
libpoppler-cpp-dev
libpoppler-cpp2
libpoppler-dev
libpoppler-glib-dev
libpoppler-glib-doc
libpoppler-glib8t64
libpoppler-private-dev
libpoppler-qt5-1t64
libpoppler-qt5-dev
libpoppler-qt6-3t64
libpoppler-qt6-dev
libpoppler147
poppler-utils
libc-ares-dev
libc-ares2
libcares2
libmysqlclient-dev
libmysqlclient24
mysql-client
mysql-client-core
mysql-router
mysql-server
mysql-server-core
mysql-source
mysql-testsuite
openjdk-8-demo
openjdk-8-doc
openjdk-8-jdk
openjdk-8-jdk-headless
openjdk-8-jre
openjdk-8-jre-headless
openjdk-8-jre-zero
openjdk-8-source
openjdk-11-demo
openjdk-11-doc
openjdk-11-jdk
openjdk-11-jdk-headless
openjdk-11-jre
openjdk-11-jre-headless
openjdk-11-jre-zero
openjdk-11-source
openjdk-17-demo
openjdk-17-doc
openjdk-17-jdk
openjdk-17-jdk-headless
openjdk-17-jre
openjdk-17-jre-headless
openjdk-17-jre-zero
openjdk-17-source
openjdk-21-demo
openjdk-21-doc
openjdk-21-jdk
openjdk-21-jdk-headless
openjdk-21-jre
openjdk-21-jre-headless
openjdk-21-jre-zero
openjdk-21-source
openjdk-21-testsupport
openjdk-24-demo
openjdk-24-doc
openjdk-24-jdk
openjdk-24-jdk-headless
openjdk-24-jre
openjdk-24-jre-headless
openjdk-24-jre-zero
openjdk-24-jvmci-jdk
openjdk-24-source
openjdk-24-testsupport
libraw-bin
libraw-dev
libraw-doc
libraw23t64
libfcgi-bin
libfcgi-dev
libfcgi0t64
gir1.2-soup-2.4
libsoup-2.4-1
libsoup-gnome-2.4-1
libsoup-gnome2.4-dev
libsoup2.4-common
libsoup2.4-dev
libsoup2.4-doc
libsoup2.4-tests
gir1.2-soup-2.4
libsoup-2.4-1
libsoup-gnome-2.4-1
libsoup-gnome2.4-dev
libsoup2.4-common
libsoup2.4-dev
libsoup2.4-doc
libsoup2.4-tests
python-django-doc
python3-django
python3-h11
libabsl-dev
libabsl20230802
ruby-rack
open-vm-tools
open-vm-tools-containerinfo
open-vm-tools-desktop
open-vm-tools-dev
open-vm-tools-salt-minion
open-vm-tools-sdmp
dotnet-sdk-8.0
dotnet-sdk-8.0-source-built-artifacts
dotnet-sdk-dbg-8.0
dotnet-templates-8.0
netstandard-targeting-pack-2.1-8.0
dotnet8
aspnetcore-runtime-8.0
aspnetcore-runtime-dbg-8.0
aspnetcore-targeting-pack-8.0
dotnet-apphost-pack-8.0
dotnet-host-8.0
dotnet-hostfxr-8.0
dotnet-runtime-8.0
dotnet-runtime-dbg-8.0
dotnet-targeting-pack-8.0
dotnet-sdk-9.0
dotnet-sdk-9.0-source-built-artifacts
dotnet-sdk-aot-9.0
dotnet-sdk-dbg-9.0
dotnet-templates-9.0
netstandard-targeting-pack-2.1-9.0
dotnet9
aspnetcore-runtime-9.0
aspnetcore-runtime-dbg-9.0
aspnetcore-targeting-pack-9.0
dotnet-apphost-pack-9.0
dotnet-host-9.0
dotnet-hostfxr-9.0
dotnet-runtime-9.0
dotnet-runtime-dbg-9.0
dotnet-targeting-pack-9.0
libecpg-compat3
libecpg-dev
libecpg6
libpgtypes3
libpq-dev
libpq5
postgresql-17
postgresql-client-17
postgresql-doc-17
postgresql-plperl-17
postgresql-plpython3-17
postgresql-pltcl-17
postgresql-server-dev-17
libtomcat9-java
bind9
bind9-dev
bind9-dnsutils
bind9-doc
bind9-host
bind9-libs
bind9-utils
bind9utils
dnsutils
lemon
libsqlite3-0
libsqlite3-dev
libsqlite3-ext-csv
libsqlite3-ext-icu
libsqlite3-tcl
sqlite3
sqlite3-doc
sqlite3-tools
libphp-adodb
openjdk-21-crac-demo
openjdk-21-crac-doc
openjdk-21-crac-jdk
openjdk-21-crac-jdk-headless
openjdk-21-crac-jre
openjdk-21-crac-jre-headless
openjdk-21-crac-jre-zero
openjdk-21-crac-source
openjdk-21-crac-testsupport
gir1.2-girepository-3.0
gir1.2-girepository-3.0-dev
gir1.2-glib-2.0
gir1.2-glib-2.0-dev
girepository-tools
libgio-2.0-dev
libgio-2.0-dev-bin
libgirepository-2.0-0
libgirepository-2.0-dev
libglib2.0-0t64
libglib2.0-bin
libglib2.0-data
libglib2.0-dev
libglib2.0-dev-bin
libglib2.0-doc
libglib2.0-tests
openjdk-17-crac-demo
openjdk-17-crac-doc
openjdk-17-crac-jdk
openjdk-17-crac-jdk-headless
openjdk-17-crac-jre
openjdk-17-crac-jre-headless
openjdk-17-crac-jre-zero
openjdk-17-crac-source
python-flask-doc
python3-flask
intel-microcode
net-tools
net-tools
ffmpeg
ffmpeg-doc
libavcodec-dev
libavcodec-extra
libavcodec-extra61
libavcodec61
libavdevice-dev
libavdevice61
libavfilter-dev
libavfilter-extra
libavfilter-extra10
libavfilter10
libavformat-dev
libavformat-extra
libavformat-extra61
libavformat61
libavutil-dev
libavutil59
libpostproc-dev
libpostproc58
libswresample-dev
libswresample5
libswscale-dev
libswscale8
gir1.2-soup-2.4
libsoup-2.4-1
libsoup-gnome-2.4-1
libsoup-gnome2.4-dev
libsoup2.4-common
libsoup2.4-dev
libsoup2.4-doc
libsoup2.4-tests
gir1.2-soup-3.0
libsoup-3.0-0
libsoup-3.0-common
libsoup-3.0-dev
libsoup-3.0-doc
libsoup-3.0-tests
python-setuptools-doc
python3-pkg-resources
python3-setuptools
python3-setuptools-whl