Ubuntu Security Advisories

A security issues was discovered in the Linux kernel. An attacker could possibly use this to compromise the system. This update corrects flaws in the following subsystem: - Network traffic control; (CVE-2025-38350)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - SPI subsystem; - USB core drivers; - NILFS2 file system; - IPv6 networking; - Network traffic control; (CVE-2024-53130, CVE-2025-38350, CVE-2024-50202, CVE-2024-47685, CVE-2025-37752, CVE-2024-50051, CVE-2024-57996, CVE-2023-52477, CVE-2024-27074, CVE-2024-53131)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - SPI subsystem; - USB core drivers; - NILFS2 file system; - IPv6 networking; - Network traffic control; (CVE-2024-53130, CVE-2025-38350, CVE-2024-50202, CVE-2024-47685, CVE-2025-37752, CVE-2024-50051, CVE-2024-57996, CVE-2023-52477, CVE-2024-27074, CVE-2024-53131)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network traffic control; (CVE-2025-38350, CVE-2025-37752, CVE-2024-57996)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network traffic control; (CVE-2025-38350, CVE-2025-37752, CVE-2024-57996)

Camilo Vera discovered that xmltodict parsed maliciously crafted XML input, contrary to expectations. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information, or execute arbitrary code.

It was discovered that libyang incorrectly handled certain memory operations when parsing YANG strings. An attacker could possibly use this issue to cause libyang to crash, resulting in a denial of service.

It was discovered that the FTS5 SQLite extension incorrectly calculated certain array lengths. An attacker could use this issue to cause SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code.

It was discovered that JSON-XS incorrectly handled parsing certain JSON data. An attacker could possibly use this issue to cause JSON-XS to crash, resulting in a denial of service.

It was discovered that Cpanel-JSON-XS incorrectly handled parsing certain JSON data. An attacker could possibly use this issue to cause Cpanel-JSON-XS to crash, resulting in a denial of service.

It was discovered that RubyGems incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause RubyGems to consume resources, leading to a regular expression denial of service (ReDoS).

It was discovered that Vim incorrectly handled file extraction when opening maliciously crafted zip or tar archives. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code.

Nikita Skovoroda discovered that cipher-base did not properly manage certain inputs. An attacker could possibly use this issue to manipulate the internal state of hash functions, resulting in hash collisions, denial of service, or other unspecified impact.

It was discovered that CUPS incorrectly handled authentication types other than Basic. An attacker could possibly use this issue to bypass authentication. (CVE-2025-58060) It was discovered that CUPS incorrectly handled deserialization and validation of printer attributes. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-58364)

It was discovered that QEMU incorrectly handled certain virtio devices. A privileged guest attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3446) It was discovered that QEMU incorrectly handled SDHCI device emulation. A guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3447) It was discovered that QEMU incorrectly handled calculating the checksum of a short-sized fragmented packet. A guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-3567) It was discovered that the QEMU qemu-img utility incorrectly handled certain crafted image files. An attacker could use this issue to cause QEMU to consume resources, leading to a denial of service, or possibly read and write to an existing external file. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-4467) It was discovered that QEMU incorrectly handled the RSS feature on virtio-net devices. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-6505) It was discovered that QEMU incorrectly handled the NBD server. An attacker could use this issue to cause QEMU to consume resources, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-7409) It was discovered that QEMU incorrectly handled certain USB devices. A guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-8354) It was discovered that the QEMU package incorrectly set up a binfmt_misc registration with the C (Credential) flag. A local attacker could use this with a suid/sgid binary to escalate privileges. This update will no longer run foreign-architecture binaries with suid/sgid with elevated privileges.

Nikita Sveshnikov discovered that libxml2 incorrectly handled recursion when processing XPath expressions. An attacker could possibly use this issue to cause a denial of service.

It was discovered that GnuTLS incorrectly handled exporting Subject Alternative Name (SAN) entries containing an otherName. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-32988) It was discovered that the GnuTLS certtool utility incorrectly handled parsing certain template files. An attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-32990) Stefan Bühler discovered that GnuTLS incorrectly handled parsing certain template files. An attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2025-6395)

Dean Rasheed discovered that PostgreSQL incorrectly handled access control lists. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-8713) Martin Rakhmanov, Matthieu Denais, and RyotaK discovered that the PostgreSQL pg_dump utility allowed untrusted data inclusion. A malicious superuser could use this issue to execute arbitrary code when a dump script is reloaded. (CVE-2025-8714) Noah Misch discovered that the PostgreSQL pg_dump utility incorrectly filtered line breaks in object names. An attacker could create object names that execute arbitrary SQL commands when a dump script is reloaded. (CVE-2025-8715)

It was discovered that LibEtPan incorrectly handled memory when parsing IMAP STATUS responses. A remote attacker could possibly use this issue to cause LibEtPan to crash, resulting in a denial of service.

Greg Kuechle discovered that Bind incorrectly handled certain incremental zone updates. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25214) Siva Kakarla discovered that Bind incorrectly handled certain DNAME records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2021-25215) It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-25216)