Ubuntu Security Advisories

USN-7506-4: Linux kernel (Xenial HWE) vulnerabilities

15 hours 11 minutes ago
Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23041) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Hardware crypto device drivers; - GPU drivers; - IIO subsystem; - Media drivers; - Network drivers; - SCSI subsystem; - SPI subsystem; - USB Gadget drivers; - Ceph distributed file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - SMB network file system; - CAN network layer; - IPv6 networking; - MAC80211 subsystem; - Netfilter; - Netlink; - Network traffic control; - SCTP protocol; - TIPC protocol; (CVE-2024-46771, CVE-2021-47500, CVE-2024-56631, CVE-2021-47219, CVE-2021-47163, CVE-2024-50256, CVE-2024-56650, CVE-2024-46780, CVE-2021-47506, CVE-2024-26996, CVE-2025-21971, CVE-2021-47587, CVE-2021-47245, CVE-2024-56598, CVE-2021-46959, CVE-2024-26974, CVE-2024-56642, CVE-2023-52741, CVE-2021-47150, CVE-2024-53173, CVE-2024-26915, CVE-2024-36934, CVE-2024-56770, CVE-2024-53063, CVE-2021-47191, CVE-2024-26689, CVE-2024-53066, CVE-2024-35864, CVE-2024-50237, CVE-2024-53140, CVE-2024-49944)

USN-7506-3: Linux kernel (FIPS) vulnerabilities

1 day 9 hours ago
Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23041) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Hardware crypto device drivers; - GPU drivers; - IIO subsystem; - Media drivers; - Network drivers; - SCSI subsystem; - SPI subsystem; - USB Gadget drivers; - Ceph distributed file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - SMB network file system; - CAN network layer; - IPv6 networking; - MAC80211 subsystem; - Netfilter; - Netlink; - Network traffic control; - SCTP protocol; - TIPC protocol; (CVE-2024-56598, CVE-2024-56650, CVE-2024-46771, CVE-2024-53173, CVE-2024-53063, CVE-2024-26974, CVE-2021-46959, CVE-2024-53066, CVE-2021-47163, CVE-2024-50237, CVE-2021-47587, CVE-2024-56631, CVE-2024-50256, CVE-2021-47150, CVE-2021-47506, CVE-2021-47219, CVE-2023-52741, CVE-2024-49944, CVE-2025-21971, CVE-2024-26689, CVE-2024-46780, CVE-2024-53140, CVE-2021-47245, CVE-2024-56642, CVE-2021-47500, CVE-2024-36934, CVE-2024-26996, CVE-2024-35864, CVE-2021-47191, CVE-2024-26915, CVE-2024-56770)

USN-7506-2: Linux kernel (AWS) vulnerabilities

1 day 9 hours ago
Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23041) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Hardware crypto device drivers; - GPU drivers; - IIO subsystem; - Media drivers; - Network drivers; - SCSI subsystem; - SPI subsystem; - USB Gadget drivers; - Ceph distributed file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - SMB network file system; - CAN network layer; - IPv6 networking; - MAC80211 subsystem; - Netfilter; - Netlink; - Network traffic control; - SCTP protocol; - TIPC protocol; (CVE-2024-56650, CVE-2024-26915, CVE-2024-50237, CVE-2024-53140, CVE-2024-26996, CVE-2021-47506, CVE-2024-26974, CVE-2025-21971, CVE-2024-56770, CVE-2024-53063, CVE-2021-47245, CVE-2024-36934, CVE-2021-47500, CVE-2024-53173, CVE-2021-47219, CVE-2024-46771, CVE-2024-56631, CVE-2024-46780, CVE-2024-35864, CVE-2021-46959, CVE-2021-47191, CVE-2021-47587, CVE-2024-53066, CVE-2024-56642, CVE-2021-47163, CVE-2024-50256, CVE-2021-47150, CVE-2024-56598, CVE-2024-26689, CVE-2023-52741, CVE-2024-49944)

USN-7506-1: Linux kernel vulnerabilities

1 day 10 hours ago
Demi Marie Obenour and Simon Gaiser discovered that several Xen para- virtualization device frontends did not properly restrict the access rights of device backends. An attacker could possibly use a malicious Xen backend to gain access to memory pages of a guest VM or cause a denial of service in the guest. (CVE-2022-23041) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Hardware crypto device drivers; - GPU drivers; - IIO subsystem; - Media drivers; - Network drivers; - SCSI subsystem; - SPI subsystem; - USB Gadget drivers; - Ceph distributed file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - NILFS2 file system; - SMB network file system; - CAN network layer; - IPv6 networking; - MAC80211 subsystem; - Netfilter; - Netlink; - Network traffic control; - SCTP protocol; - TIPC protocol; (CVE-2024-46780, CVE-2021-47163, CVE-2024-46771, CVE-2021-47506, CVE-2024-36934, CVE-2024-35864, CVE-2024-26915, CVE-2021-47150, CVE-2024-50256, CVE-2024-53173, CVE-2024-53066, CVE-2024-53063, CVE-2021-47245, CVE-2024-26996, CVE-2024-56642, CVE-2021-47219, CVE-2024-56631, CVE-2021-47587, CVE-2021-47191, CVE-2023-52741, CVE-2021-46959, CVE-2024-26689, CVE-2024-26974, CVE-2024-56770, CVE-2024-56598, CVE-2024-49944, CVE-2024-50237, CVE-2024-53140, CVE-2024-56650, CVE-2021-47500, CVE-2025-21971)

USN-7503-1: h11 vulnerability

5 days 11 hours ago
Jeppe Bonde Weikop discovered that h11 incorrectly handled crafted HTTP requests. A remote attacker could possibly use this issue to smuggle malicious HTTP requests, which could potentially lead to security control bypass and information leakage.

USN-7501-2: Django vulnerability

6 days 3 hours ago
USN-7501-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Elias Myllymäki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.

USN-7501-1: Django vulnerability

6 days 7 hours ago
Elias Myllymäki discovered that Django incorrectly handled stripping large sequences of incomplete HTML tags. A remote attacker could possibly use this issue to cause Django to consume resources, leading to a denial of service.

USN-7490-3: libsoup vulnerabilities

6 days 10 hours ago
USN-7490-1 fixed vulnerabilities in libsoup2.4. This update provides the corresponding updates for libsoup3. Original advisory details: Tan Wei Chong discovered that libsoup incorrectly handled memory when parsing HTTP request headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. (CVE-2025-32906) Alon Zahavi discovered that libsoup incorrectly parsed video files. An attacker could possibly use this issue to send a maliciously crafted HTTP response back to the client, causing a denial of service, or leading to undefined behavior. (CVE-2025-32909) Jan Różański discovered that libsoup incorrectly handled memory when parsing authentication headers. An attacker could possibly use this issue to send a maliciously crafted HTTP response back to the client, causing a denial of service. (CVE-2025-32910, CVE-2025-32912) It was discovered that libsoup incorrectly handled data in the hash table data type. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service or remote code execution. (CVE-2025-32911) Jan Różański discovered that libsoup incorrectly handled memory when parsing the content disposition HTTP header. An attacker could possibly use this issue to send maliciously crafted data to a client or server, causing a denial of service. (CVE-2025-32913) Alon Zahavi discovered that libsoup incorrectly handled memory when parsing HTTP requests. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service or obtaining sensitive information. (CVE-2025-32914) It was discovered that libsoup incorrectly handled memory when parsing quality-list headers. An attacker could possibly use this issue to send a maliciously crafted HTTP request to the server, causing a denial of service. (CVE-2025-46420) Jan Różański discovered that libsoup did not strip authorization information upon redirects. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-46421)

USN-7500-2: Linux kernel (Azure) vulnerabilities

6 days 11 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Bluetooth drivers; - Microsoft Azure Network Adapter (MANA) driver; (CVE-2024-56653, CVE-2025-21953)

USN-7496-5: Linux kernel (Azure FIPS) vulnerabilities

6 days 12 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Character device driver; - Hardware crypto device drivers; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - USB Gadget drivers; - Framebuffer layer; - Ceph distributed file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - NILFS2 file system; - SMB network file system; - Netfilter; - CAN network layer; - IPv6 networking; - MAC80211 subsystem; - Netlink; - Network traffic control; - SCTP protocol; - TIPC protocol; (CVE-2024-49944, CVE-2024-26996, CVE-2024-46771, CVE-2024-56651, CVE-2023-52927, CVE-2021-47191, CVE-2024-56642, CVE-2023-52664, CVE-2024-53173, CVE-2021-47150, CVE-2024-56770, CVE-2024-50237, CVE-2024-46780, CVE-2024-36015, CVE-2023-52458, CVE-2024-49925, CVE-2024-53063, CVE-2024-53066, CVE-2025-21971, CVE-2024-50296, CVE-2024-50256, CVE-2024-35864, CVE-2024-56631, CVE-2024-53140, CVE-2021-47219, CVE-2024-56598, CVE-2024-36934, CVE-2021-47163, CVE-2024-26915, CVE-2024-56650, CVE-2024-26974, CVE-2023-52741, CVE-2024-26689)

USN-7496-4: Linux kernel (Azure) vulnerabilities

6 days 12 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Character device driver; - Hardware crypto device drivers; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - USB Gadget drivers; - Framebuffer layer; - Ceph distributed file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - NILFS2 file system; - SMB network file system; - Netfilter; - CAN network layer; - IPv6 networking; - MAC80211 subsystem; - Netlink; - Network traffic control; - SCTP protocol; - TIPC protocol; (CVE-2025-21971, CVE-2024-50237, CVE-2023-52927, CVE-2023-52458, CVE-2021-47163, CVE-2024-26689, CVE-2024-53066, CVE-2021-47191, CVE-2021-47219, CVE-2024-56770, CVE-2024-46780, CVE-2024-56598, CVE-2023-52741, CVE-2024-53173, CVE-2021-47150, CVE-2024-50296, CVE-2024-56631, CVE-2024-53063, CVE-2024-56642, CVE-2024-50256, CVE-2024-26974, CVE-2024-56651, CVE-2024-36934, CVE-2023-52664, CVE-2024-26996, CVE-2024-26915, CVE-2024-46771, CVE-2024-56650, CVE-2024-53140, CVE-2024-49925, CVE-2024-36015, CVE-2024-49944, CVE-2024-35864)

USN-7496-3: Linux kernel (Azure) vulnerabilities

6 days 12 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Character device driver; - Hardware crypto device drivers; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - USB Gadget drivers; - Framebuffer layer; - Ceph distributed file system; - File systems infrastructure; - JFS file system; - Network file system (NFS) client; - NILFS2 file system; - SMB network file system; - Netfilter; - CAN network layer; - IPv6 networking; - MAC80211 subsystem; - Netlink; - Network traffic control; - SCTP protocol; - TIPC protocol; (CVE-2023-52741, CVE-2024-56631, CVE-2024-50296, CVE-2024-50256, CVE-2024-50237, CVE-2021-47219, CVE-2024-49944, CVE-2024-26915, CVE-2024-56642, CVE-2023-52664, CVE-2024-36934, CVE-2023-52458, CVE-2024-35864, CVE-2024-56598, CVE-2025-21971, CVE-2024-53063, CVE-2023-52927, CVE-2024-46771, CVE-2024-49925, CVE-2024-53140, CVE-2024-36015, CVE-2024-26689, CVE-2024-53173, CVE-2021-47191, CVE-2024-56770, CVE-2024-56650, CVE-2021-47150, CVE-2021-47163, CVE-2024-46780, CVE-2024-56651, CVE-2024-26996, CVE-2024-26974, CVE-2024-53066)

USN-7495-3: Linux kernel (Azure) vulnerabilities

6 days 12 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Ceph distributed file system; - Netfilter; (CVE-2023-52664, CVE-2024-26689, CVE-2023-52927)

USN-7500-1: Linux kernel (Azure) vulnerabilities

6 days 13 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Bluetooth drivers; - Microsoft Azure Network Adapter (MANA) driver; (CVE-2025-21953, CVE-2024-56653)
Checked
51 minutes 55 seconds ago