Canonical USN OVAL Generator 1 5.11.1 2025-05-30T18:41:34 Copyright (C) 2025 Canonical LTD. All rights reserved. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for more details. You should have received a copy of the GNU General Public License version 3 along with this program. If not, see http://www.gnu.org/licenses/. Check that Ubuntu 25.04 (plucky) is installed. USN-7364-1 -- OpenSAML vulnerability Ubuntu 25.04 Alexander Tan discovered that the OpenSAML C++ library was susceptible to forging of signed SAML messages. An attacker could possibly use this issue to gain unauthorized access to a system and manipulate sensitive information. Update Instructions: Run `sudo pro fix USN-7364-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libsaml-dev - 3.3.0-2ubuntu1 libsaml-doc - 3.3.0-2ubuntu1 libsaml13 - 3.3.0-2ubuntu1 opensaml-schemas - 3.3.0-2ubuntu1 opensaml-tools - 3.3.0-2ubuntu1 No subscription required None https://launchpad.net/bugs/2103420 USN-7431-2 -- HAProxy vulnerability Ubuntu 25.04 USN-7431-1 fixed a vulnerability in HAProxy. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a longer one. A remote attacker could use this issue to cause HAProxy to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7431-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 3.0.8-1ubuntu1.1 haproxy-doc - 3.0.8-1ubuntu1.1 vim-haproxy - 3.0.8-1ubuntu1.1 No subscription required Medium CVE-2025-32464 USN-7434-2 -- Perl vulnerability Ubuntu 25.04 USN-7434-1 fixed a vulnerability in Perl. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: It was discovered that Perl incorrectly handled transliterating non-ASCII bytes. A remote attacker could use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7434-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libperl-dev - 5.40.1-2ubuntu0.1 libperl5.40 - 5.40.1-2ubuntu0.1 perl - 5.40.1-2ubuntu0.1 perl-base - 5.40.1-2ubuntu0.1 perl-debug - 5.40.1-2ubuntu0.1 perl-doc - 5.40.1-2ubuntu0.1 perl-modules-5.40 - 5.40.1-2ubuntu0.1 No subscription required Medium CVE-2024-56406 USN-7443-2 -- Erlang vulnerability Ubuntu 25.04 USN-7443-1 fixed a vulnerability in Erlang. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk discovered that Erlang OTP’s SSH module incorrect handled authentication. A remote attacker could use this issue to execute arbitrary commands without authentication, possibly leading to a system compromise. Update Instructions: Run `sudo pro fix USN-7443-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: erlang - 1:27.3+dfsg-1ubuntu1.1 erlang-asn1 - 1:27.3+dfsg-1ubuntu1.1 erlang-base - 1:27.3+dfsg-1ubuntu1.1 erlang-common-test - 1:27.3+dfsg-1ubuntu1.1 erlang-crypto - 1:27.3+dfsg-1ubuntu1.1 erlang-debugger - 1:27.3+dfsg-1ubuntu1.1 erlang-dev - 1:27.3+dfsg-1ubuntu1.1 erlang-dialyzer - 1:27.3+dfsg-1ubuntu1.1 erlang-diameter - 1:27.3+dfsg-1ubuntu1.1 erlang-doc - 1:27.3+dfsg-1ubuntu1.1 erlang-edoc - 1:27.3+dfsg-1ubuntu1.1 erlang-eldap - 1:27.3+dfsg-1ubuntu1.1 erlang-et - 1:27.3+dfsg-1ubuntu1.1 erlang-eunit - 1:27.3+dfsg-1ubuntu1.1 erlang-examples - 1:27.3+dfsg-1ubuntu1.1 erlang-ftp - 1:27.3+dfsg-1ubuntu1.1 erlang-inets - 1:27.3+dfsg-1ubuntu1.1 erlang-jinterface - 1:27.3+dfsg-1ubuntu1.1 erlang-megaco - 1:27.3+dfsg-1ubuntu1.1 erlang-mnesia - 1:27.3+dfsg-1ubuntu1.1 erlang-mode - 1:27.3+dfsg-1ubuntu1.1 erlang-nox - 1:27.3+dfsg-1ubuntu1.1 erlang-observer - 1:27.3+dfsg-1ubuntu1.1 erlang-odbc - 1:27.3+dfsg-1ubuntu1.1 erlang-os-mon - 1:27.3+dfsg-1ubuntu1.1 erlang-parsetools - 1:27.3+dfsg-1ubuntu1.1 erlang-public-key - 1:27.3+dfsg-1ubuntu1.1 erlang-reltool - 1:27.3+dfsg-1ubuntu1.1 erlang-runtime-tools - 1:27.3+dfsg-1ubuntu1.1 erlang-snmp - 1:27.3+dfsg-1ubuntu1.1 erlang-src - 1:27.3+dfsg-1ubuntu1.1 erlang-ssh - 1:27.3+dfsg-1ubuntu1.1 erlang-ssl - 1:27.3+dfsg-1ubuntu1.1 erlang-syntax-tools - 1:27.3+dfsg-1ubuntu1.1 erlang-tftp - 1:27.3+dfsg-1ubuntu1.1 erlang-tools - 1:27.3+dfsg-1ubuntu1.1 erlang-wx - 1:27.3+dfsg-1ubuntu1.1 erlang-x11 - 1:27.3+dfsg-1ubuntu1.1 erlang-xmerl - 1:27.3+dfsg-1ubuntu1.1 No subscription required High CVE-2025-32433 USN-7446-1 -- mod_auth_openidc vulnerability Ubuntu 25.04 It was discovered that mod_auth_openidc incorrectly handled certain POST requests. An attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-7446-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libapache2-mod-auth-openidc - 2.4.16.10-1ubuntu1 No subscription required Medium CVE-2025-31492 USN-7447-1 -- Yelp vulnerability Ubuntu 25.04 It was discovered that Yelp incorrectly handled paths in ghelp URLs. A remote attacker could use this issue to trick users into opening malicious downloaded help files and exfiltrate sensitive information. Update Instructions: Run `sudo pro fix USN-7447-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: yelp-xsl - 42.1-3ubuntu0.1 No subscription required libyelp-dev - 42.2-2ubuntu0.1 libyelp0 - 42.2-2ubuntu0.1 yelp - 42.2-2ubuntu0.1 No subscription required Medium CVE-2025-3155 USN-7454-1 -- libarchive vulnerabilities Ubuntu 25.04 It was discovered that the libarchive bsdunzip utility incorrectly handled certain ZIP archive files. If a user or automated system were tricked into processing a specially crafted ZIP archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-1632) It was discovered that libarchive incorrectly handled certain TAR archive files. If a user or automated system were tricked into processing a specially crafted TAR archive, an attacker could use this issue to cause libarchive to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-25724) Update Instructions: Run `sudo pro fix USN-7454-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libarchive-dev - 3.7.7-0ubuntu2.1 libarchive-tools - 3.7.7-0ubuntu2.1 libarchive13t64 - 3.7.7-0ubuntu2.1 No subscription required Medium CVE-2025-1632 CVE-2025-25724 USN-7457-1 -- OpenSSH vulnerability Ubuntu 25.04 It was discovered that OpenSSH incorrectly handled the DisableForwarding directive. The directive would fail to disable X11 and agent forwarding, contrary to documentation and expectations. Update Instructions: Run `sudo pro fix USN-7457-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:9.9p1-3ubuntu3.1 openssh-client-gssapi - 1:9.9p1-3ubuntu3.1 openssh-server - 1:9.9p1-3ubuntu3.1 openssh-server-gssapi - 1:9.9p1-3ubuntu3.1 openssh-sftp-server - 1:9.9p1-3ubuntu3.1 openssh-tests - 1:9.9p1-3ubuntu3.1 ssh - 1:9.9p1-3ubuntu3.1 ssh-askpass-gnome - 1:9.9p1-3ubuntu3.1 No subscription required Medium CVE-2025-32728 USN-7464-1 -- Jupyter Notebook vulnerability Ubuntu 25.04 It was discovered that Jupyter Notebook did not properly parse HTML comments under certain circumstances. An attacker could possibly use this issue to cause a regular expression denial of service (ReDoS). Update Instructions: Run `sudo pro fix USN-7464-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jupyter-notebook - 6.4.13-5ubuntu0.1 python-notebook-doc - 6.4.13-5ubuntu0.1 python3-notebook - 6.4.13-5ubuntu0.1 No subscription required Medium CVE-2022-25887 USN-7467-1 -- libxml2 vulnerabilities Ubuntu 25.04 It was discovered that the libxml2 Python bindings incorrectly handled certain return values. An attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service. (CVE-2025-32414) It was discovered that libxml2 incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service. (CVE-2025-32415) Update Instructions: Run `sudo pro fix USN-7467-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.12.7+dfsg+really2.9.14-0.4ubuntu0.1 libxml2-dev - 2.12.7+dfsg+really2.9.14-0.4ubuntu0.1 libxml2-doc - 2.12.7+dfsg+really2.9.14-0.4ubuntu0.1 libxml2-utils - 2.12.7+dfsg+really2.9.14-0.4ubuntu0.1 python3-libxml2 - 2.12.7+dfsg+really2.9.14-0.4ubuntu0.1 No subscription required Medium CVE-2025-32414 CVE-2025-32415 USN-7471-1 -- poppler vulnerabilities Ubuntu 25.04 It was discovered that poppler did not properly verify adbe.pkcs7.sha1 signatures in PDF documents. An attacker could possibly use this issue to create documents with forged signatures that are treated as legitimately signed. Update Instructions: Run `sudo pro fix USN-7471-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-poppler-0.18 - 25.03.0-3ubuntu1 libpoppler-cpp-dev - 25.03.0-3ubuntu1 libpoppler-cpp2 - 25.03.0-3ubuntu1 libpoppler-dev - 25.03.0-3ubuntu1 libpoppler-glib-dev - 25.03.0-3ubuntu1 libpoppler-glib-doc - 25.03.0-3ubuntu1 libpoppler-glib8t64 - 25.03.0-3ubuntu1 libpoppler-private-dev - 25.03.0-3ubuntu1 libpoppler-qt5-1t64 - 25.03.0-3ubuntu1 libpoppler-qt5-dev - 25.03.0-3ubuntu1 libpoppler-qt6-3t64 - 25.03.0-3ubuntu1 libpoppler-qt6-dev - 25.03.0-3ubuntu1 libpoppler147 - 25.03.0-3ubuntu1 poppler-utils - 25.03.0-3ubuntu1 No subscription required Medium CVE-2025-43903 USN-7477-1 -- c-ares vulnerability Ubuntu 25.04 It was discovered that c-ares incorrectly handled re-enqueuing certain queries. A remote attacker could possibly use this issue to cause c-ares to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-7477-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libc-ares-dev - 1.34.4-2.1ubuntu0.1 libc-ares2 - 1.34.4-2.1ubuntu0.1 libcares2 - 1.34.4-2.1ubuntu0.1 No subscription required Medium CVE-2025-31498 USN-7479-1 -- MySQL vulnerabilities Ubuntu 25.04 Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.42 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. Ubuntu 25.04 has been updated to MySQL 8.4.5. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-42.html https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-5.html https://www.oracle.com/security-alerts/cpuapr2025.html Update Instructions: Run `sudo pro fix USN-7479-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libmysqlclient-dev - 8.4.5-0ubuntu0.1 libmysqlclient24 - 8.4.5-0ubuntu0.1 mysql-client - 8.4.5-0ubuntu0.1 mysql-client-core - 8.4.5-0ubuntu0.1 mysql-router - 8.4.5-0ubuntu0.1 mysql-server - 8.4.5-0ubuntu0.1 mysql-server-core - 8.4.5-0ubuntu0.1 mysql-source - 8.4.5-0ubuntu0.1 mysql-testsuite - 8.4.5-0ubuntu0.1 No subscription required Medium CVE-2025-21574 CVE-2025-21575 CVE-2025-21577 CVE-2025-21579 CVE-2025-21580 CVE-2025-21581 CVE-2025-21584 CVE-2025-21585 CVE-2025-21588 CVE-2025-30681 CVE-2025-30682 CVE-2025-30683 CVE-2025-30684 CVE-2025-30685 CVE-2025-30687 CVE-2025-30688 CVE-2025-30689 CVE-2025-30693 CVE-2025-30695 CVE-2025-30696 CVE-2025-30699 CVE-2025-30703 CVE-2025-30704 CVE-2025-30705 CVE-2025-30715 CVE-2025-30721 CVE-2025-30722 USN-7480-1 -- OpenJDK 8 vulnerabilities Ubuntu 25.04 Alicja Kario discovered that the JSSE component of OpenJDK 8 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 8 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 8 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7480-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-8-demo - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-doc - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-jdk - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-jdk-headless - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-jre - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-jre-headless - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-jre-zero - 8u452-ga~us1-0ubuntu1~25.04 openjdk-8-source - 8u452-ga~us1-0ubuntu1~25.04 No subscription required Medium CVE-2025-21587 CVE-2025-30691 CVE-2025-30698 USN-7481-1 -- OpenJDK 11 vulnerabilities Ubuntu 25.04 Alicja Kario discovered that the JSSE component of OpenJDK 11 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 11 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 11 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7481-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-11-demo - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-doc - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-jdk - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-jdk-headless - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-jre - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-jre-headless - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-jre-zero - 11.0.27+6~us1-0ubuntu1~25.04 openjdk-11-source - 11.0.27+6~us1-0ubuntu1~25.04 No subscription required Medium CVE-2025-21587 CVE-2025-30691 CVE-2025-30698 USN-7482-1 -- OpenJDK 17 vulnerabilities Ubuntu 25.04 Alicja Kario discovered that the JSSE component of OpenJDK 17 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 17 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7482-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-17-demo - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-doc - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jdk - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jdk-headless - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jre - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jre-headless - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-jre-zero - 17.0.15+6~us1-0ubuntu1~25.04 openjdk-17-source - 17.0.15+6~us1-0ubuntu1~25.04 No subscription required Medium CVE-2025-21587 CVE-2025-30691 CVE-2025-30698 USN-7483-1 -- OpenJDK 21 vulnerabilities Ubuntu 25.04 Alicja Kario discovered that the JSSE component of OpenJDK 21 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 21 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 21 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7483-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-21-demo - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-doc - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-jdk - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-jdk-headless - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-jre - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-jre-headless - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-jre-zero - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-source - 21.0.7+6~us1-0ubuntu1~25.04 openjdk-21-testsupport - 21.0.7+6~us1-0ubuntu1~25.04 No subscription required Medium CVE-2025-21587 CVE-2025-30691 CVE-2025-30698 USN-7484-1 -- OpenJDK 24 vulnerabilities Ubuntu 25.04 Alicja Kario discovered that the JSSE component of OpenJDK 24 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of OpenJDK 24 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of OpenJDK 24 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7484-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-24-demo - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-doc - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jdk - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jdk-headless - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jre - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jre-headless - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jre-zero - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-jvmci-jdk - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-source - 24.0.1+9~us1-0ubuntu1~25.04 openjdk-24-testsupport - 24.0.1+9~us1-0ubuntu1~25.04 No subscription required Medium CVE-2025-21587 CVE-2025-30691 CVE-2025-30698 USN-7485-1 -- LibRaw vulnerabilities Ubuntu 25.04 It was discovered that LibRaw could be made to read out of bounds. An attacker could possibly use this issue to cause applications using LibRaw to crash, resulting in a denial of service. (CVE-2025-43961, CVE-2025-43962, CVE-2025-43963, CVE-2025-43964) Update Instructions: Run `sudo pro fix USN-7485-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libraw-bin - 0.21.3-1ubuntu0.25.04.1 libraw-dev - 0.21.3-1ubuntu0.25.04.1 libraw-doc - 0.21.3-1ubuntu0.25.04.1 libraw23t64 - 0.21.3-1ubuntu0.25.04.1 No subscription required Medium CVE-2025-43961 CVE-2025-43962 CVE-2025-43963 CVE-2025-43964 USN-7486-1 -- FastCGI vulnerability Ubuntu 25.04 It was discovered that FastCGI incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7486-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libfcgi-bin - 2.4.2-2.1ubuntu0.25.04.1 libfcgi-dev - 2.4.2-2.1ubuntu0.25.04.1 libfcgi0t64 - 2.4.2-2.1ubuntu0.25.04.1 No subscription required Medium CVE-2025-23016 USN-7490-1 -- libsoup vulnerabilities Ubuntu 25.04 Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. (CVE-2025-32906) Alon Zahavi discovered that libsoup incorrectly parsed video files. An attacker could possibly use this issue to send a maliciously crafted HTTP response back to the client, causing a denial of service, or leading to undefined behavior. (CVE-2025-32909) Jan Różański discovered that libsoup incorrectly handled memory when parsing authentication headers. An attacker could possibly use this issue to send a maliciously crafted HTTP response back to the client, causing a denial of service. (CVE-2025-32910, CVE-2025-32912) It was discovered that libsoup incorrectly handled data in the hash table data type. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service or remote code execution. (CVE-2025-32911) Jan Różański discovered that libsoup incorrectly handled memory when parsing the content disposition HTTP header. An attacker could possibly use this issue to send maliciously crafted data to a client or server, causing a denial of service. (CVE-2025-32913) Alon Zahavi discovered that libsoup incorrectly handled memory when parsing HTTP requests. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service or obtaining sensitive information. (CVE-2025-32914) It was discovered that libsoup incorrectly handled memory when parsing quality-list headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. (CVE-2025-46420) Jan Różański discovered that libsoup did not strip authorization information upon redirects. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-46421) Update Instructions: Run `sudo pro fix USN-7490-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-soup-2.4 - 2.74.3-10ubuntu0.1 libsoup-2.4-1 - 2.74.3-10ubuntu0.1 libsoup-gnome-2.4-1 - 2.74.3-10ubuntu0.1 libsoup-gnome2.4-dev - 2.74.3-10ubuntu0.1 libsoup2.4-common - 2.74.3-10ubuntu0.1 libsoup2.4-dev - 2.74.3-10ubuntu0.1 libsoup2.4-doc - 2.74.3-10ubuntu0.1 libsoup2.4-tests - 2.74.3-10ubuntu0.1 No subscription required Medium CVE-2025-32906 CVE-2025-32909 CVE-2025-32910 CVE-2025-32911 CVE-2025-32912 CVE-2025-32913 CVE-2025-32914 CVE-2025-46420 CVE-2025-46421 USN-7490-2 -- libsoup regression Ubuntu 25.04 USN-7490-1 fixed vulnerabilities in libsoup. It was discovered that the fix for CVE-2025-32912 was incomplete. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. (CVE-2025-32906) Alon Zahavi discovered that libsoup incorrectly parsed video files. An attacker could possibly use this issue to send a maliciously crafted HTTP response back to the client, causing a denial of service, or leading to undefined behavior. (CVE-2025-32909) Jan Różański discovered that libsoup incorrectly handled memory when parsing authentication headers. An attacker could possibly use this issue to send a maliciously crafted HTTP response back to the client, causing a denial of service. (CVE-2025-32910, CVE-2025-32912) It was discovered that libsoup incorrectly handled data in the hash table data type. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service or remote code execution. (CVE-2025-32911) Jan Różański discovered that libsoup incorrectly handled memory when parsing the content disposition HTTP header. An attacker could possibly use this issue to send maliciously crafted data to a client or server, causing a denial of service. (CVE-2025-32913) Alon Zahavi discovered that libsoup incorrectly handled memory when parsing HTTP requests. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service or obtaining sensitive information. (CVE-2025-32914) It was discovered that libsoup incorrectly handled memory when parsing quality-list headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. (CVE-2025-46420) Jan Różański discovered that libsoup did not strip authorization information upon redirects. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-46421) Update Instructions: Run `sudo pro fix USN-7490-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-soup-2.4 - 2.74.3-10ubuntu0.2 libsoup-2.4-1 - 2.74.3-10ubuntu0.2 libsoup-gnome-2.4-1 - 2.74.3-10ubuntu0.2 libsoup-gnome2.4-dev - 2.74.3-10ubuntu0.2 libsoup2.4-common - 2.74.3-10ubuntu0.2 libsoup2.4-dev - 2.74.3-10ubuntu0.2 libsoup2.4-doc - 2.74.3-10ubuntu0.2 libsoup2.4-tests - 2.74.3-10ubuntu0.2 No subscription required Medium CVE-2025-32912 https://launchpad.net/bugs/2110056 USN-7501-1 -- Django vulnerability Ubuntu 25.04 Elias Myllymäki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-7501-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 3:4.2.18-1ubuntu1.1 python3-django - 3:4.2.18-1ubuntu1.1 No subscription required Medium CVE-2025-32873 USN-7503-1 -- h11 vulnerability Ubuntu 25.04 Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle malicious HTTP requests, which could potentially lead to security control bypass and information leakage. Update Instructions: Run `sudo pro fix USN-7503-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-h11 - 0.14.0-1ubuntu0.25.04.1 No subscription required Medium CVE-2025-43859 USN-7505-1 -- Abseil vulnerability Ubuntu 25.04 It was discovered that Abseil incorrectly handled memory with the upper bound of the size argument. An attacker could possibly use this issue to cause a denial of service or memory corruption. Update Instructions: Run `sudo pro fix USN-7505-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libabsl-dev - 20230802.1-4.2ubuntu0.2 libabsl20230802 - 20230802.1-4.2ubuntu0.2 No subscription required Medium CVE-2025-0838 USN-7507-1 -- Rack vulnerabilities Ubuntu 25.04 It was discovered that Rack incorrectly handled deleted rack sessions. An attacker could possibly use this issue to expose sensitive information or to gain unauthorized access to user accounts. (CVE-2025-32441) It was discovered that Rack incorrectly limited the number of parameters in a web request. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-46727) Update Instructions: Run `sudo pro fix USN-7507-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack - 2.2.7-1.1ubuntu0.25.04.1 No subscription required Medium CVE-2025-46727 CVE-2025-32441 USN-7508-1 -- Open VM Tools vulnerability Ubuntu 25.04 It was discovered that Open VM Tools incorrectly handled certain file operations. An attacker in a guest could use this issue to perform insecure file operations and possibly elevate privileges in the guest. Update Instructions: Run `sudo pro fix USN-7508-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: open-vm-tools - 2:12.5.0-1ubuntu0.1 open-vm-tools-containerinfo - 2:12.5.0-1ubuntu0.1 open-vm-tools-desktop - 2:12.5.0-1ubuntu0.1 open-vm-tools-dev - 2:12.5.0-1ubuntu0.1 open-vm-tools-salt-minion - 2:12.5.0-1ubuntu0.1 open-vm-tools-sdmp - 2:12.5.0-1ubuntu0.1 No subscription required Medium CVE-2025-22247 USN-7509-1 -- .NET vulnerability Ubuntu 25.04 It was discovered that .NET did not properly handle file names and paths under certain conditions. An attacker could possibly use this issue to perform spoofing over a network. Update Instructions: Run `sudo pro fix USN-7509-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dotnet-sdk-8.0 - 8.0.116-0ubuntu1~25.04.1 dotnet-sdk-8.0-source-built-artifacts - 8.0.116-0ubuntu1~25.04.1 dotnet-sdk-dbg-8.0 - 8.0.116-0ubuntu1~25.04.1 dotnet-templates-8.0 - 8.0.116-0ubuntu1~25.04.1 netstandard-targeting-pack-2.1-8.0 - 8.0.116-0ubuntu1~25.04.1 No subscription required dotnet8 - 8.0.116-8.0.16-0ubuntu1~25.04.1 No subscription required aspnetcore-runtime-8.0 - 8.0.16-0ubuntu1~25.04.1 aspnetcore-runtime-dbg-8.0 - 8.0.16-0ubuntu1~25.04.1 aspnetcore-targeting-pack-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-apphost-pack-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-host-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-hostfxr-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-runtime-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-runtime-dbg-8.0 - 8.0.16-0ubuntu1~25.04.1 dotnet-targeting-pack-8.0 - 8.0.16-0ubuntu1~25.04.1 No subscription required dotnet-sdk-9.0 - 9.0.106-0ubuntu1~25.04.1 dotnet-sdk-9.0-source-built-artifacts - 9.0.106-0ubuntu1~25.04.1 dotnet-sdk-aot-9.0 - 9.0.106-0ubuntu1~25.04.1 dotnet-sdk-dbg-9.0 - 9.0.106-0ubuntu1~25.04.1 dotnet-templates-9.0 - 9.0.106-0ubuntu1~25.04.1 netstandard-targeting-pack-2.1-9.0 - 9.0.106-0ubuntu1~25.04.1 No subscription required dotnet9 - 9.0.106-9.0.5-0ubuntu1~25.04.1 No subscription required aspnetcore-runtime-9.0 - 9.0.5-0ubuntu1~25.04.1 aspnetcore-runtime-dbg-9.0 - 9.0.5-0ubuntu1~25.04.1 aspnetcore-targeting-pack-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-apphost-pack-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-host-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-hostfxr-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-runtime-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-runtime-dbg-9.0 - 9.0.5-0ubuntu1~25.04.1 dotnet-targeting-pack-9.0 - 9.0.5-0ubuntu1~25.04.1 No subscription required Medium CVE-2025-26646 USN-7520-2 -- PostgreSQL vulnerability Ubuntu 25.04 USN-7520-1 fixed a vulnerability in PostgreSQL. This update provides the corresponding updates for Ubuntu 25.04. Original advisory details: It was discovered that PostgreSQL incorrectly handled the GB18030 encoding. An attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-7520-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecpg-compat3 - 17.5-0ubuntu0.25.04.1 libecpg-dev - 17.5-0ubuntu0.25.04.1 libecpg6 - 17.5-0ubuntu0.25.04.1 libpgtypes3 - 17.5-0ubuntu0.25.04.1 libpq-dev - 17.5-0ubuntu0.25.04.1 libpq5 - 17.5-0ubuntu0.25.04.1 postgresql-17 - 17.5-0ubuntu0.25.04.1 postgresql-client-17 - 17.5-0ubuntu0.25.04.1 postgresql-doc-17 - 17.5-0ubuntu0.25.04.1 postgresql-plperl-17 - 17.5-0ubuntu0.25.04.1 postgresql-plpython3-17 - 17.5-0ubuntu0.25.04.1 postgresql-pltcl-17 - 17.5-0ubuntu0.25.04.1 postgresql-server-dev-17 - 17.5-0ubuntu0.25.04.1 No subscription required Medium CVE-2025-4207 USN-7525-2 -- Tomcat vulnerability Ubuntu 25.04 USN-7525-1 fixed CVE-2025-24813 for tomcat9 in Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. This update fixes it for tomcat9 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.10. These versions include only the tomcat library (libtomcat9-java) and not the full tomcat server stack. Original advisory details: It was discovered that Apache Tomcat incorrectly implemented partial PUT functionality by replacing path separators with dots in temporary files. A remote attacker could possibly use this issue to access sensitive files, inject malicious content, or execute remote code. Update Instructions: Run `sudo pro fix USN-7525-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libtomcat9-java - 9.0.70-2ubuntu1.25.04.1 No subscription required High CVE-2025-24813 USN-7526-1 -- Bind vulnerability Ubuntu 25.04 It was discovered that Bind incorrectly handled certain DNS messages with invalid TSIG. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-7526-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.20.4-3ubuntu1.1 bind9-dev - 1:9.20.4-3ubuntu1.1 bind9-dnsutils - 1:9.20.4-3ubuntu1.1 bind9-doc - 1:9.20.4-3ubuntu1.1 bind9-host - 1:9.20.4-3ubuntu1.1 bind9-libs - 1:9.20.4-3ubuntu1.1 bind9-utils - 1:9.20.4-3ubuntu1.1 bind9utils - 1:9.20.4-3ubuntu1.1 dnsutils - 1:9.20.4-3ubuntu1.1 No subscription required Medium CVE-2025-40775 USN-7528-1 -- SQLite vulnerabilities Ubuntu 25.04 It was discovered that SQLite incorrectly handled the concat_ws() function. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, and Ubuntu 24.10. (CVE-2025-29087, CVE-2025-3277) It was discovered that SQLite incorrectly handled certain argument values to sqlite3_db_config(). An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-29088) Update Instructions: Run `sudo pro fix USN-7528-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: lemon - 3.46.1-3ubuntu0.1 libsqlite3-0 - 3.46.1-3ubuntu0.1 libsqlite3-dev - 3.46.1-3ubuntu0.1 libsqlite3-ext-csv - 3.46.1-3ubuntu0.1 libsqlite3-ext-icu - 3.46.1-3ubuntu0.1 libsqlite3-tcl - 3.46.1-3ubuntu0.1 sqlite3 - 3.46.1-3ubuntu0.1 sqlite3-doc - 3.46.1-3ubuntu0.1 sqlite3-tools - 3.46.1-3ubuntu0.1 No subscription required Medium CVE-2025-29087 CVE-2025-29088 CVE-2025-3277 USN-7530-1 -- ADOdb vulnerability Ubuntu 25.04 It was discovered that ADOdb incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands. Update Instructions: Run `sudo pro fix USN-7530-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libphp-adodb - 5.22.8-0.1ubuntu0.1 No subscription required Medium CVE-2025-46337 USN-7531-1 -- CRaC JDK 21 vulnerabilities Ubuntu 25.04 Alicja Kario discovered that the JSSE component of CRaC JDK 21 incorrectly handled RSA padding. An Attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of CRaC JDK 21 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of CRaC JDK 21 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7531-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-21-crac-demo - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-doc - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jdk - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jdk-headless - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre-headless - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-jre-zero - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-source - 21.0.7+6.1-0ubuntu1~25.04 openjdk-21-crac-testsupport - 21.0.7+6.1-0ubuntu1~25.04 No subscription required Medium CVE-2025-30698 CVE-2025-21587 CVE-2025-30691 USN-7532-1 -- GLib vulnerability Ubuntu 25.04 It was discovered that Glib incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7532-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-girepository-3.0 - 2.84.1-1ubuntu0.1 gir1.2-girepository-3.0-dev - 2.84.1-1ubuntu0.1 gir1.2-glib-2.0 - 2.84.1-1ubuntu0.1 gir1.2-glib-2.0-dev - 2.84.1-1ubuntu0.1 girepository-tools - 2.84.1-1ubuntu0.1 libgio-2.0-dev - 2.84.1-1ubuntu0.1 libgio-2.0-dev-bin - 2.84.1-1ubuntu0.1 libgirepository-2.0-0 - 2.84.1-1ubuntu0.1 libgirepository-2.0-dev - 2.84.1-1ubuntu0.1 libglib2.0-0t64 - 2.84.1-1ubuntu0.1 libglib2.0-bin - 2.84.1-1ubuntu0.1 libglib2.0-data - 2.84.1-1ubuntu0.1 libglib2.0-dev - 2.84.1-1ubuntu0.1 libglib2.0-dev-bin - 2.84.1-1ubuntu0.1 libglib2.0-doc - 2.84.1-1ubuntu0.1 libglib2.0-tests - 2.84.1-1ubuntu0.1 No subscription required Medium CVE-2025-4373 USN-7533-1 -- CRaC JDK 17 vulnerabilities Ubuntu 25.04 Alicja Kario discovered that the JSSE component of CRaC JDK 17 incorrectly handled RSA padding. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-21587) It was discovered that the Compiler component of CRaC JDK 17 incorrectly handled compiler transformations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30691) It was discovered that the 2D component of CRaC JDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30698) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following link for more information: https://openjdk.org/groups/vulnerability/advisories/2025-04-15 Update Instructions: Run `sudo pro fix USN-7533-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openjdk-17-crac-demo - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-doc - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-jdk - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-jdk-headless - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-jre - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-jre-headless - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-jre-zero - 17.0.15+6-0ubuntu1~25.04 openjdk-17-crac-source - 17.0.15+6-0ubuntu1~25.04 No subscription required Medium CVE-2025-21587 CVE-2025-30691 CVE-2025-30698 USN-7534-1 -- Flask vulnerability Ubuntu 25.04 It was discovered that Flask incorrectly handled key rotation. An attacker could possibly use this issue to sign sessions with stale keys. Update Instructions: Run `sudo pro fix USN-7534-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-flask-doc - 3.1.0-2ubuntu1.1 python3-flask - 3.1.0-2ubuntu1.1 No subscription required Medium CVE-2025-47278 USN-7535-1 -- Intel Microcode vulnerabilities Ubuntu 25.04 Sander Wiebing and Cristiano Giuffrida discovered that some Intel® Processors did not properly handle data in Shared Microarchitectural Structures during Transient Execution. An authenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2024-28956) It was discovered that some Intel® Processors did not properly handle prediction calculations. An authenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2024-43420, CVE-2024-45332, CVE-2025-20623) It was discovered that some Intel® Processors did not properly initialize resources in the branch prediction unit. An authenticated attacker could possibly use this issue to obtain sensitive information. (CVE-2025-20012, CVE-2025-24495) Michal Raviv and Jeff Gilbert discovered that some Intel® Processors did not properly handle resources and exceptions in the core management mechanism. An authenticated attacker could possibly use this issue to cause a denial of service. (CVE-2025-20054, CVE-2025-20103) Update Instructions: Run `sudo pro fix USN-7535-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: intel-microcode - 3.20250512.0ubuntu0.25.04.1 No subscription required Medium CVE-2024-28956 CVE-2024-43420 CVE-2024-45332 CVE-2025-20012 CVE-2025-20054 CVE-2025-20103 CVE-2025-20623 CVE-2025-24495 USN-7537-1 -- net-tools vulnerability Ubuntu 25.04 It was discovered that net-tools incorrectly handled certain inputs. An attacker could possible use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7537-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: net-tools - 2.10-1.1ubuntu1.25.04.1 No subscription required Medium CVE-2025-46836 USN-7537-2 -- net-tools regression Ubuntu 25.04 USN-7537-1 fixed a vulnerability in net-tools that caused a regression. This update fixes the problem. Original advisory details: It was discovered that net-tools incorrectly handled certain inputs. An attacker could possible use this issue to cause a crash or execute arbitrary code. Update Instructions: Run `sudo pro fix USN-7537-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: net-tools - 2.10-1.1ubuntu1.25.04.4 No subscription required None https://launchpad.net/bugs/2111912 USN-7538-1 -- FFmpeg vulnerabilities Ubuntu 25.04 Simcha Kosman discovered that FFmpeg did not correctly handle certain return values. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-0518) It was discovered that FFmpeg did not correctly handle certain memory operations. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.10. (CVE-2025-1816) It was discovered that FFmpeg contained a reachable assertion, which could lead to a failure when processing certain AAC files. If a user or automated system were tricked into opening a specially crafted AAC file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-22919) It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10 and Ubuntu 25.04. (CVE-2025-22921) It was discovered that FFmpeg did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10 and Ubuntu 25.04. (CVE-2025-25473) Update Instructions: Run `sudo pro fix USN-7538-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ffmpeg - 7:7.1.1-1ubuntu1.1 ffmpeg-doc - 7:7.1.1-1ubuntu1.1 libavcodec-dev - 7:7.1.1-1ubuntu1.1 libavcodec-extra - 7:7.1.1-1ubuntu1.1 libavcodec-extra61 - 7:7.1.1-1ubuntu1.1 libavcodec61 - 7:7.1.1-1ubuntu1.1 libavdevice-dev - 7:7.1.1-1ubuntu1.1 libavdevice61 - 7:7.1.1-1ubuntu1.1 libavfilter-dev - 7:7.1.1-1ubuntu1.1 libavfilter-extra - 7:7.1.1-1ubuntu1.1 libavfilter-extra10 - 7:7.1.1-1ubuntu1.1 libavfilter10 - 7:7.1.1-1ubuntu1.1 libavformat-dev - 7:7.1.1-1ubuntu1.1 libavformat-extra - 7:7.1.1-1ubuntu1.1 libavformat-extra61 - 7:7.1.1-1ubuntu1.1 libavformat61 - 7:7.1.1-1ubuntu1.1 libavutil-dev - 7:7.1.1-1ubuntu1.1 libavutil59 - 7:7.1.1-1ubuntu1.1 libpostproc-dev - 7:7.1.1-1ubuntu1.1 libpostproc58 - 7:7.1.1-1ubuntu1.1 libswresample-dev - 7:7.1.1-1ubuntu1.1 libswresample5 - 7:7.1.1-1ubuntu1.1 libswscale-dev - 7:7.1.1-1ubuntu1.1 libswscale8 - 7:7.1.1-1ubuntu1.1 No subscription required Medium CVE-2025-22919 CVE-2025-0518 CVE-2025-22921 CVE-2025-25473 CVE-2025-1816 USN-7543-1 -- libsoup vulnerabilities Ubuntu 25.04 Jan Różański discovered that libsoup incorrectly handled certain headers when sending HTTP/2 requests over TLS. An attacker could possibly use this issue to cause a denial of service. This issue only affected libsoup3 in Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2025-32908) Jan Różański discovered that libsoup incorrectly parsed certain response headers. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-4476) Update Instructions: Run `sudo pro fix USN-7543-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-soup-2.4 - 2.74.3-10ubuntu0.3 libsoup-2.4-1 - 2.74.3-10ubuntu0.3 libsoup-gnome-2.4-1 - 2.74.3-10ubuntu0.3 libsoup-gnome2.4-dev - 2.74.3-10ubuntu0.3 libsoup2.4-common - 2.74.3-10ubuntu0.3 libsoup2.4-dev - 2.74.3-10ubuntu0.3 libsoup2.4-doc - 2.74.3-10ubuntu0.3 libsoup2.4-tests - 2.74.3-10ubuntu0.3 No subscription required gir1.2-soup-3.0 - 3.6.5-1ubuntu0.1 libsoup-3.0-0 - 3.6.5-1ubuntu0.1 libsoup-3.0-common - 3.6.5-1ubuntu0.1 libsoup-3.0-dev - 3.6.5-1ubuntu0.1 libsoup-3.0-doc - 3.6.5-1ubuntu0.1 libsoup-3.0-tests - 3.6.5-1ubuntu0.1 No subscription required Medium CVE-2025-4476 CVE-2025-32908 USN-7544-1 -- Setuptools vulnerability Ubuntu 25.04 It was discovered that setuptools did not properly sanitize paths. An attacker could possibly use this issue to write files to arbitrary locations on the filesystem. Update Instructions: Run `sudo pro fix USN-7544-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-setuptools-doc - 75.8.0-1ubuntu1 python3-pkg-resources - 75.8.0-1ubuntu1 python3-setuptools - 75.8.0-1ubuntu1 python3-setuptools-whl - 75.8.0-1ubuntu1 No subscription required Medium CVE-2025-47273 /etc/lsb-release ^[\s\S]*DISTRIB_CODENAME=([a-z]+)$ 1 unix plucky 0:3.3.0-2ubuntu1 0:3.0.8-1ubuntu1.1 0:5.40.1-2ubuntu0.1 1:27.3+dfsg-1ubuntu1.1 0:2.4.16.10-1ubuntu1 0:42.1-3ubuntu0.1 0:42.2-2ubuntu0.1 0:3.7.7-0ubuntu2.1 1:9.9p1-3ubuntu3.1 0:6.4.13-5ubuntu0.1 0:2.12.7+dfsg+really2.9.14-0.4ubuntu0.1 0:25.03.0-3ubuntu1 0:1.34.4-2.1ubuntu0.1 0:8.4.5-0ubuntu0.1 0:8u452-ga~us1-0ubuntu1~25.04 0:11.0.27+6~us1-0ubuntu1~25.04 0:17.0.15+6~us1-0ubuntu1~25.04 0:21.0.7+6~us1-0ubuntu1~25.04 0:24.0.1+9~us1-0ubuntu1~25.04 0:0.21.3-1ubuntu0.25.04.1 0:2.4.2-2.1ubuntu0.25.04.1 0:2.74.3-10ubuntu0.1 0:2.74.3-10ubuntu0.2 3:4.2.18-1ubuntu1.1 0:0.14.0-1ubuntu0.25.04.1 0:20230802.1-4.2ubuntu0.2 0:2.2.7-1.1ubuntu0.25.04.1 2:12.5.0-1ubuntu0.1 0:8.0.116-0ubuntu1~25.04.1 0:8.0.116-8.0.16-0ubuntu1~25.04.1 0:8.0.16-0ubuntu1~25.04.1 0:9.0.106-0ubuntu1~25.04.1 0:9.0.106-9.0.5-0ubuntu1~25.04.1 0:9.0.5-0ubuntu1~25.04.1 0:17.5-0ubuntu0.25.04.1 0:9.0.70-2ubuntu1.25.04.1 1:9.20.4-3ubuntu1.1 0:3.46.1-3ubuntu0.1 0:5.22.8-0.1ubuntu0.1 0:21.0.7+6.1-0ubuntu1~25.04 0:2.84.1-1ubuntu0.1 0:17.0.15+6-0ubuntu1~25.04 0:3.1.0-2ubuntu1.1 0:3.20250512.0ubuntu0.25.04.1 0:2.10-1.1ubuntu1.25.04.1 0:2.10-1.1ubuntu1.25.04.4 7:7.1.1-1ubuntu1.1 0:2.74.3-10ubuntu0.3 0:3.6.5-1ubuntu0.1 0:75.8.0-1ubuntu1 libsaml-dev libsaml-doc libsaml13 opensaml-schemas opensaml-tools haproxy haproxy-doc vim-haproxy libperl-dev libperl5.40 perl perl-base perl-debug perl-doc perl-modules-5.40 erlang erlang-asn1 erlang-base erlang-common-test erlang-crypto erlang-debugger erlang-dev erlang-dialyzer erlang-diameter erlang-doc erlang-edoc erlang-eldap erlang-et erlang-eunit erlang-examples erlang-ftp erlang-inets erlang-jinterface erlang-megaco erlang-mnesia erlang-mode erlang-nox erlang-observer erlang-odbc erlang-os-mon erlang-parsetools erlang-public-key erlang-reltool erlang-runtime-tools erlang-snmp erlang-src erlang-ssh erlang-ssl erlang-syntax-tools erlang-tftp erlang-tools erlang-wx erlang-x11 erlang-xmerl libapache2-mod-auth-openidc yelp-xsl libyelp-dev libyelp0 yelp libarchive-dev libarchive-tools libarchive13t64 openssh-client openssh-client-gssapi openssh-server openssh-server-gssapi openssh-sftp-server openssh-tests ssh ssh-askpass-gnome jupyter-notebook python-notebook-doc python3-notebook libxml2 libxml2-dev libxml2-doc libxml2-utils python3-libxml2 gir1.2-poppler-0.18 libpoppler-cpp-dev libpoppler-cpp2 libpoppler-dev libpoppler-glib-dev libpoppler-glib-doc libpoppler-glib8t64 libpoppler-private-dev libpoppler-qt5-1t64 libpoppler-qt5-dev libpoppler-qt6-3t64 libpoppler-qt6-dev libpoppler147 poppler-utils libc-ares-dev libc-ares2 libcares2 libmysqlclient-dev libmysqlclient24 mysql-client mysql-client-core mysql-router mysql-server mysql-server-core mysql-source mysql-testsuite openjdk-8-demo openjdk-8-doc openjdk-8-jdk openjdk-8-jdk-headless openjdk-8-jre openjdk-8-jre-headless openjdk-8-jre-zero openjdk-8-source openjdk-11-demo openjdk-11-doc openjdk-11-jdk openjdk-11-jdk-headless openjdk-11-jre openjdk-11-jre-headless openjdk-11-jre-zero openjdk-11-source openjdk-17-demo openjdk-17-doc openjdk-17-jdk openjdk-17-jdk-headless openjdk-17-jre openjdk-17-jre-headless openjdk-17-jre-zero openjdk-17-source openjdk-21-demo openjdk-21-doc openjdk-21-jdk openjdk-21-jdk-headless openjdk-21-jre openjdk-21-jre-headless openjdk-21-jre-zero openjdk-21-source openjdk-21-testsupport openjdk-24-demo openjdk-24-doc openjdk-24-jdk openjdk-24-jdk-headless openjdk-24-jre openjdk-24-jre-headless openjdk-24-jre-zero openjdk-24-jvmci-jdk openjdk-24-source openjdk-24-testsupport libraw-bin libraw-dev libraw-doc libraw23t64 libfcgi-bin libfcgi-dev libfcgi0t64 gir1.2-soup-2.4 libsoup-2.4-1 libsoup-gnome-2.4-1 libsoup-gnome2.4-dev libsoup2.4-common libsoup2.4-dev libsoup2.4-doc libsoup2.4-tests gir1.2-soup-2.4 libsoup-2.4-1 libsoup-gnome-2.4-1 libsoup-gnome2.4-dev libsoup2.4-common libsoup2.4-dev libsoup2.4-doc libsoup2.4-tests python-django-doc python3-django python3-h11 libabsl-dev libabsl20230802 ruby-rack open-vm-tools open-vm-tools-containerinfo open-vm-tools-desktop open-vm-tools-dev open-vm-tools-salt-minion open-vm-tools-sdmp dotnet-sdk-8.0 dotnet-sdk-8.0-source-built-artifacts dotnet-sdk-dbg-8.0 dotnet-templates-8.0 netstandard-targeting-pack-2.1-8.0 dotnet8 aspnetcore-runtime-8.0 aspnetcore-runtime-dbg-8.0 aspnetcore-targeting-pack-8.0 dotnet-apphost-pack-8.0 dotnet-host-8.0 dotnet-hostfxr-8.0 dotnet-runtime-8.0 dotnet-runtime-dbg-8.0 dotnet-targeting-pack-8.0 dotnet-sdk-9.0 dotnet-sdk-9.0-source-built-artifacts dotnet-sdk-aot-9.0 dotnet-sdk-dbg-9.0 dotnet-templates-9.0 netstandard-targeting-pack-2.1-9.0 dotnet9 aspnetcore-runtime-9.0 aspnetcore-runtime-dbg-9.0 aspnetcore-targeting-pack-9.0 dotnet-apphost-pack-9.0 dotnet-host-9.0 dotnet-hostfxr-9.0 dotnet-runtime-9.0 dotnet-runtime-dbg-9.0 dotnet-targeting-pack-9.0 libecpg-compat3 libecpg-dev libecpg6 libpgtypes3 libpq-dev libpq5 postgresql-17 postgresql-client-17 postgresql-doc-17 postgresql-plperl-17 postgresql-plpython3-17 postgresql-pltcl-17 postgresql-server-dev-17 libtomcat9-java bind9 bind9-dev bind9-dnsutils bind9-doc bind9-host bind9-libs bind9-utils bind9utils dnsutils lemon libsqlite3-0 libsqlite3-dev libsqlite3-ext-csv libsqlite3-ext-icu libsqlite3-tcl sqlite3 sqlite3-doc sqlite3-tools libphp-adodb openjdk-21-crac-demo openjdk-21-crac-doc openjdk-21-crac-jdk openjdk-21-crac-jdk-headless openjdk-21-crac-jre openjdk-21-crac-jre-headless openjdk-21-crac-jre-zero openjdk-21-crac-source openjdk-21-crac-testsupport gir1.2-girepository-3.0 gir1.2-girepository-3.0-dev gir1.2-glib-2.0 gir1.2-glib-2.0-dev girepository-tools libgio-2.0-dev libgio-2.0-dev-bin libgirepository-2.0-0 libgirepository-2.0-dev libglib2.0-0t64 libglib2.0-bin libglib2.0-data libglib2.0-dev libglib2.0-dev-bin libglib2.0-doc libglib2.0-tests openjdk-17-crac-demo openjdk-17-crac-doc openjdk-17-crac-jdk openjdk-17-crac-jdk-headless openjdk-17-crac-jre openjdk-17-crac-jre-headless openjdk-17-crac-jre-zero openjdk-17-crac-source python-flask-doc python3-flask intel-microcode net-tools net-tools ffmpeg ffmpeg-doc libavcodec-dev libavcodec-extra libavcodec-extra61 libavcodec61 libavdevice-dev libavdevice61 libavfilter-dev libavfilter-extra libavfilter-extra10 libavfilter10 libavformat-dev libavformat-extra libavformat-extra61 libavformat61 libavutil-dev libavutil59 libpostproc-dev libpostproc58 libswresample-dev libswresample5 libswscale-dev libswscale8 gir1.2-soup-2.4 libsoup-2.4-1 libsoup-gnome-2.4-1 libsoup-gnome2.4-dev libsoup2.4-common libsoup2.4-dev libsoup2.4-doc libsoup2.4-tests gir1.2-soup-3.0 libsoup-3.0-0 libsoup-3.0-common libsoup-3.0-dev libsoup-3.0-doc libsoup-3.0-tests python-setuptools-doc python3-pkg-resources python3-setuptools python3-setuptools-whl