Ubuntu Security Advisories

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Sun RPC protocol; (CVE-2024-56551, CVE-2024-56608, CVE-2024-53168)

Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

It was discovered that libsoup did not correctly handle memory while performing UTF-8 conversions. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2024-52531) It was discovered that libsoup could enter an infinite loop when reading certain websocket data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. (CVE-2024-52532) It was discovered that libsoup could be made to read out of bounds. An attacker could possibly use this issue to cause applications using libsoup to crash, resulting in a denial of service. (CVE-2025-2784, CVE-2025-32050, CVE-2025-32052, CVE-2025-32053)

It was discovered that .NET did not properly validate search path in Microsoft.NETCore.App.Runtime. An attacker could possibly use this issue to execute arbitrary code.

It was discovered that Samba incorrectly handled certain group membership changes when using Kerberos authentication. A remote user could possibly use this issue to continue to access resources after being removed by an administrator.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2 file system; - JFS file system; - File systems infrastructure; - Sun RPC protocol; - USB sound devices; (CVE-2024-56551, CVE-2024-47701, CVE-2024-57850, CVE-2024-26966, CVE-2021-47211, CVE-2024-56596, CVE-2024-53155, CVE-2024-42301, CVE-2024-53168)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2 file system; - JFS file system; - File systems infrastructure; - Sun RPC protocol; - USB sound devices; (CVE-2024-56596, CVE-2024-47701, CVE-2024-26966, CVE-2021-47211, CVE-2024-42301, CVE-2024-57850, CVE-2024-53168, CVE-2024-53155, CVE-2024-56551)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2 file system; - JFS file system; - File systems infrastructure; - Sun RPC protocol; - USB sound devices; (CVE-2024-57850, CVE-2024-42301, CVE-2024-53155, CVE-2024-53168, CVE-2024-26966, CVE-2021-47211, CVE-2024-56596, CVE-2024-56551, CVE-2024-47701)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Sun RPC protocol; (CVE-2024-56608, CVE-2024-53168, CVE-2024-56551)

It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2023-28708) It was discovered that Tomcat incorrectly recycled certain objects, which could lead to information leaking from one request to the next. An attacker could potentially use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2023-42795) It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04. (CVE-2023-45648) It was discovered that Tomcat incorrectly handled incomplete POST requests, which could cause error responses to contain data from previous requests. An attacker could potentially use this issue to leak sensitive information. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS and for tomcat9 on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2024-21733) It was discovered that Tomcat incorrectly handled socket cleanup, which could lead to websocket connections staying open. An attacker could possibly use this issue to cause a denial of service. This issue was fixed for tomcat8 on Ubuntu 18.04 LTS, tomcat9 on Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on Ubuntu 24.04 LTS. (CVE-2024-23672) It was discovered that Tomcat incorrectly handled HTTP/2 requests that exceeded configured header limits. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-24549) It was discovered that Tomcat incorrectly handled some cases of excessive HTTP headers when processing HTTP/2 streams. This led to miscounting of active streams and incorrect timeout handling. An attacker could possibly use this issue to cause connections to remain open indefinitely, leading to a denial of service. This issue was fixed for tomcat9 on Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on Ubuntu 24.04 LTS. (CVE-2024-34750) It was discovered that Tomcat incorrectly handled TLS handshake processes under certain configurations. An attacker could possibly use this issue to cause a denial of service. This issue was fixed for tomcat9 on Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04, and for tomcat10 on Ubuntu 24.04 LTS. (CVE-2024-38286)

It was discovered that AMD Microcode incorrectly handled memory addresses. An attacker with local administrator privilege could possibly use this issue to cause loss of integrity of a confidential guest running under AMD SEV-SNP. (CVE-2023-20584, CVE-2023-31356) Josh Eads, Kristoffer Janke, Eduardo Nava, Tavis Ormandy and Matteo Rizzo discovered that AMD Microcode incorrectly verified signatures. An attacker with local administrator privilege could possibly use this issue to cause loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP. (CVE-2024-56161)

Josh Eads, Kristoffer Janke, Eduardo Nava, Tavis Ormandy and Matteo Rizzo discovered that AMD Microcode incorrectly verified signatures. An attacker with local administrator privilege could possibly use this issue to cause loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

Qualys discovered that systemd incorrectly handled metadata when processing application crashes. An attacker could possibly use this issue to expose sensitive information.

USN-7545-1 fixed a vulnerability in Apport. The update introduced a regression that prevented core dumps from being generated inside containers. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Qualys discovered that Apport incorrectly handled metadata when processing application crashes. An attacker could possibly use this issue to leak sensitive information.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2 file system; - JFS file system; - File systems infrastructure; - Sun RPC protocol; - USB sound devices; (CVE-2024-56551, CVE-2024-53155, CVE-2024-53168, CVE-2024-42301, CVE-2021-47211, CVE-2024-47701, CVE-2024-26966, CVE-2024-57850, CVE-2024-56596)

It was discovered that the AV1 codec plugin in GStreamer could be made to write out of bounds. An attacker could possibly use this issue to cause applications using the plugin to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-50186, CVE-2024-0444) It was discovered that the H265 codec plugin in GStreamer could be made to write out of bounds. An attacker could possibly use this issue to cause applications using the plugin to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-3887)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Sun RPC protocol; (CVE-2024-56608, CVE-2024-56551, CVE-2024-53168)

It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2024-6484, CVE-2024-6531) It was discovered that Bootstrap did not correctly sanitize certain input in the button plugin. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. (CVE-2024-6485)

It was discovered that Django incorrectly handled certain unescaped request paths. An attacker could possibly use this issue to perform a log injection.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; - Clock framework and drivers; - GPU drivers; - Parport drivers; - Ext4 file system; - JFFS2 file system; - JFS file system; - File systems infrastructure; - Sun RPC protocol; - USB sound devices; (CVE-2024-42301, CVE-2024-26966, CVE-2023-52458, CVE-2024-47701, CVE-2024-53155, CVE-2021-47211, CVE-2024-57850, CVE-2024-56551, CVE-2021-47353, CVE-2024-56596, CVE-2024-53168)