Ubuntu Security Advisories

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - Hardware monitoring drivers; - InfiniBand drivers; - Mailbox framework; - Network drivers; - AFS file system; - Ceph distributed file system; - Network file system (NFS) server daemon; - NILFS2 file system; - File systems infrastructure; - KVM subsystem; - L3 Master device support module; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Netfilter; - Open vSwitch; (CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935, CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179, CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083, CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791, CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-40018)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - Network drivers; - Netfilter; - TLS protocol; (CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - Cryptographic API; - Android drivers; - TTY drivers; - F2FS file system; - 9P file system network protocol; (CVE-2025-40025, CVE-2025-40026, CVE-2025-40027, CVE-2025-40028, CVE-2025-40108, CVE-2025-40109)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Network drivers; - AFS file system; - F2FS file system; - Tracing infrastructure; - Netfilter; (CVE-2022-49390, CVE-2024-47691, CVE-2024-50067, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Network drivers; - AFS file system; - F2FS file system; - Tracing infrastructure; - Netfilter; (CVE-2022-49390, CVE-2024-47691, CVE-2024-50067, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Network drivers; - AFS file system; - F2FS file system; - Tracing infrastructure; - Netfilter; (CVE-2022-49390, CVE-2024-47691, CVE-2024-50067, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers subsystem; - AFS file system; - F2FS file system; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Netfilter; (CVE-2022-49026, CVE-2022-49390, CVE-2024-47691, CVE-2024-49935, CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

Illia Volochii discovered that urllib3 did not limit the steps in a decompression chain. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. (CVE-2025-66418) Rui Xi discovered that urllib3 incorrectly handled highly compressed data. An attacker could possibly use this issue to cause urllib3 to use excessive resources, causing a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471) For the brotli encoding, the fix for CVE-2025-66471 requires an additional security update in the brotli package.

Kay discovered that OpenStack Keystone incorrectly handled the ec2tokens and s3tokens APIs. A remote attacker could possibly use this issue to obtain unauthorized access and escalate privileges. (CVE-2025-65073) It was discovered that OpenStack Keystone only validated the first 72 bytes of an application secret. An attacker could possibly use this issue to bypass password complexity. (CVE-2021-3563) It was discovered that OpenStack Keystone had a time lag before a token should be revoked by the security policy. A remote administrator could use this issue to maintain access for longer than expected. (CVE-2022-2447)

It was discovered that c-ares incorrectly handled terminating certain queries after a maximum number of attempts. An attacker could possibly use this issue to cause c-ares to crash, resulting in a denial of service.

It was discovered that libpng incorrectly handled memory when processing certain PNG files, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64505) It was discovered that libpng incorrectly handled memory when processing 8-bit images through the simplified write API with 'convert_to_8bit' enabled, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted 8-bit PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64506) It was discovered that libpng incorrectly handled memory when processing palette images with 'PNG_FLAG_OPTIMIZE_ALPHA' enabled, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-64720) It was discovered that libpng incorrectly handled memory when processing 6-bit interlaced PNGs with 8-bit output format, which could result in an out-of-bounds memory access. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-65018)

It was discovered that Qt did not correctly handle certain memory operations. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code.

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - ACPI drivers; - InfiniBand drivers; - Media drivers; - Network drivers; - Pin controllers subsystem; - AFS file system; - F2FS file system; - Tracing infrastructure; - Memory management; - Appletalk network protocol; - Netfilter; (CVE-2022-49026, CVE-2022-49390, CVE-2024-47691, CVE-2024-49935, CVE-2024-50067, CVE-2024-50095, CVE-2024-50196, CVE-2024-53090, CVE-2024-53218, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Media drivers; - Netfilter; - TLS protocol; (CVE-2025-39946, CVE-2025-39964, CVE-2025-39993, CVE-2025-40018)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Tracing infrastructure; - Netfilter; (CVE-2025-40018, CVE-2025-40232)

It was discovered that GNU binutils' dump_dwarf_section function could be manipulated to perform an out-of-bounds read. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2025-11081) It was discovered that GNU binutils incorrectly handled certain files. A local attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 25.10. (CVE-2025-11082) It was discovered that GNU binutils incorrectly handled certain inputs. A local attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue was only fixed in Ubuntu 25.10. (CVE-2025-11083) It was discovered that certain GNU binutils functions could be manipulated to perform out-of-bounds reads. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. (CVE-2025-11412, CVE-2025-11413, CVE-2025-11414) It was discovered that GNU binutils' _bfd_x86_elf_late_size_sections function could be manipulated to perform an out-of-bounds read. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-11494) It was discovered that GNU binutils' elf_x86_64_relocate_section function could be manipulated to cause a heap-based buffer overflow. A local attacker could possibly use this issue to cause GNU binutils to crash, resulting in a denial of service. This issue was only fixed in Ubuntu 25.04 and Ubuntu 25.10. (CVE-2025-11495)

Jeppe Bonde Weikop discovered that Netty incorrectly parsed HTTP messages. When Netty is used with certain reverse proxies, a remote attacker could possibly use this issue to perform HTTP request smuggling attacks. (CVE-2025-58056) Jonas Konrad discovered that Netty did not properly manage memory when decoding compressed data. A remote attacker could possibly use this issue to cause Netty to consume excessive memory, resulting in a denial of service. This issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-58057)

It was discovered that the subsetting module of fontTools was vulnerable to an XML External Entity (XEE) attack. An unauthenticated remote attacker could possibly use this issue to include arbitrary files from the file system or make web requests from the host system. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-45139) It was discovered that fontTools was vulnerable to path traversal attacks. If a user or automated system were tricked into extracting a specially crafted .designspace file, an attacker could possibly use this issue to write arbitrary files outside the target directory, resulting in remote code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04 and Ubuntu 25.10. (CVE-2025-66034)

Julian Andres Klode discovered that python-apt incorrectly handled deb822 configuration files. An attacker could use this issue to cause python-apt to crash, resulting in a denial of service.

USN-7412-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that GnuPG incorrectly handled importing keys with certain crafted subkey data. If a user or automated system were tricked into importing a specially crafted key, a remote attacker may prevent users from importing other keys in the future.