Advisories: Ubuntu

Here are the latest advisories specifically for Ubuntu Linux:

  • USN-7703-3: Linux kernel (Oracle) vulnerabilities
    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - HID subsystem; - Input Device (Mouse) drivers; - Multiple devices driver; - Media drivers; - Network drivers; - PCI subsystem; - S/390 drivers; - SPI subsystem; - Trusted Execution Environment drivers; - UFS subsystem; - USB Device Class drivers; - USB core drivers; - USB Gadget drivers; - Framebuffer layer; - Network file system (NFS) client; - Network file system (NFS) server daemon; - File systems infrastructure; - SMB network file system; - Networking core; - L3 Master device support module; - TCP network protocol; - io_uring subsystem; - Process Accounting mechanism; - BPF subsystem; - Timer subsystem; - Workqueue subsystem; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Open vSwitch; - Network traffic control; - SOF drivers; (CVE-2025-21776, CVE-2025-21768, CVE-2025-21848, CVE-2025-21855, CVE-2025-21791, CVE-2025-21838, CVE-2025-21762, CVE-2025-21846, CVE-2025-21765, CVE-2025-21869, CVE-2025-21783, CVE-2025-21868, CVE-2025-21857, CVE-2025-21773, CVE-2024-54458, CVE-2025-21871, CVE-2025-21763, CVE-2024-58088, CVE-2025-21835, CVE-2025-21793, CVE-2025-21867, CVE-2025-21784, CVE-2025-21839, CVE-2025-21786, CVE-2025-21764, CVE-2025-21761, CVE-2025-21767, CVE-2024-58020, CVE-2025-21847, CVE-2025-21792, CVE-2025-21785, CVE-2025-21863, CVE-2025-21854, CVE-2025-21704, CVE-2024-52559, CVE-2025-21775, CVE-2025-21758, CVE-2025-21858, CVE-2025-21866, CVE-2025-21870, CVE-2024-57977, CVE-2024-54456, CVE-2025-21759, CVE-2025-21781, CVE-2025-21760, CVE-2025-21706, CVE-2024-57834, CVE-2025-21712, CVE-2025-21864, CVE-2025-21780, CVE-2025-21790, CVE-2025-21856, CVE-2025-21796, CVE-2025-21859, CVE-2025-21782, CVE-2024-58093, CVE-2025-21844, CVE-2025-21795, CVE-2025-21823, CVE-2025-21853, CVE-2025-21772, CVE-2025-21746, CVE-2025-21821, CVE-2024-58086, CVE-2025-21787, CVE-2025-21836, CVE-2025-21861, CVE-2025-21766, CVE-2025-21862, CVE-2025-21779)
  • USN-7704-4: Linux kernel (NVIDIA) vulnerabilities
    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-A(FFA); - Multiple devices driver; - Media drivers; - Network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - x86 platform drivers; - TCM subsystem; - Virtio drivers; - File systems infrastructure; - SMB network file system; - LZO compression library; - Digital Audio (PCM) driver; - Tracing infrastructure; - Padata parallel execution mechanism; - CAN network layer; - Networking core; - TIPC protocol; - ALSA framework; (CVE-2025-38079, CVE-2025-38048, CVE-2025-38075, CVE-2025-38077, CVE-2025-38035, CVE-2025-38037, CVE-2025-38034, CVE-2025-38058, CVE-2025-38004, CVE-2025-38031, CVE-2025-38078, CVE-2025-38044, CVE-2025-38066, CVE-2025-38052, CVE-2025-38043, CVE-2025-38065, CVE-2025-38003, CVE-2025-38061, CVE-2025-38051, CVE-2025-38072, CVE-2025-38068)
  • USN-7648-2: PHP vulnerabilities
    USN-7648-1 fixed several vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use this issue to bypass certain hostname validation checks. (CVE-2025-1220) It was discovered that PHP incorrectly handled the pgsql and pdo_pgsql escaping functions. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2025-1735) It was discovered that PHP incorrectly handled parsing certain XML data in SOAP extensions. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2025-6491)
  • USN-7710-1: Python vulnerabilities
    It was discovered that Python inefficiently parsed maliciously crafted HTML input. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-6069) It was discovered that Python incorrectly parsed maliciously crafted Tar archives. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-8194)
  • USN-7709-1: WEBrick vulnerability
    It was discovered that WEBrick incorrectly parsed HTTP headers. In configurations where WEBrick is placed behind an HTTP proxy, a remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack.
  • USN-7701-3: Linux kernel (IoT) vulnerabilities
    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - SMB network file system; - Bluetooth subsystem; - Network traffic control; (CVE-2023-52975, CVE-2024-38541, CVE-2025-37797, CVE-2024-49950, CVE-2024-50073, CVE-2023-52757, CVE-2025-38083)
  • USN-7704-3: Linux kernel vulnerabilities
    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-A(FFA); - Multiple devices driver; - Media drivers; - Network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - x86 platform drivers; - TCM subsystem; - Virtio drivers; - File systems infrastructure; - SMB network file system; - LZO compression library; - Digital Audio (PCM) driver; - Tracing infrastructure; - Padata parallel execution mechanism; - CAN network layer; - Networking core; - TIPC protocol; - ALSA framework; (CVE-2025-38079, CVE-2025-38048, CVE-2025-38075, CVE-2025-38077, CVE-2025-38035, CVE-2025-38037, CVE-2025-38034, CVE-2025-38058, CVE-2025-38004, CVE-2025-38031, CVE-2025-38078, CVE-2025-38044, CVE-2025-38066, CVE-2025-38052, CVE-2025-38043, CVE-2025-38065, CVE-2025-38003, CVE-2025-38061, CVE-2025-38051, CVE-2025-38072, CVE-2025-38068)
  • USN-7703-2: Linux kernel vulnerabilities
    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - HID subsystem; - Input Device (Mouse) drivers; - Multiple devices driver; - Media drivers; - Network drivers; - PCI subsystem; - S/390 drivers; - SPI subsystem; - Trusted Execution Environment drivers; - UFS subsystem; - USB Device Class drivers; - USB core drivers; - USB Gadget drivers; - Framebuffer layer; - Network file system (NFS) client; - Network file system (NFS) server daemon; - File systems infrastructure; - SMB network file system; - Networking core; - L3 Master device support module; - TCP network protocol; - io_uring subsystem; - Process Accounting mechanism; - BPF subsystem; - Timer subsystem; - Workqueue subsystem; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Open vSwitch; - Network traffic control; - SOF drivers; (CVE-2025-21776, CVE-2025-21768, CVE-2025-21848, CVE-2025-21855, CVE-2025-21791, CVE-2025-21838, CVE-2025-21762, CVE-2025-21846, CVE-2025-21765, CVE-2025-21869, CVE-2025-21783, CVE-2025-21868, CVE-2025-21857, CVE-2025-21773, CVE-2024-54458, CVE-2025-21871, CVE-2025-21763, CVE-2024-58088, CVE-2025-21835, CVE-2025-21793, CVE-2025-21867, CVE-2025-21784, CVE-2025-21839, CVE-2025-21786, CVE-2025-21764, CVE-2025-21761, CVE-2025-21767, CVE-2024-58020, CVE-2025-21847, CVE-2025-21792, CVE-2025-21785, CVE-2025-21863, CVE-2025-21854, CVE-2025-21704, CVE-2024-52559, CVE-2025-21775, CVE-2025-21758, CVE-2025-21858, CVE-2025-21866, CVE-2025-21870, CVE-2024-57977, CVE-2024-54456, CVE-2025-21759, CVE-2025-21781, CVE-2025-21760, CVE-2025-21706, CVE-2024-57834, CVE-2025-21712, CVE-2025-21864, CVE-2025-21780, CVE-2025-21790, CVE-2025-21856, CVE-2025-21796, CVE-2025-21859, CVE-2025-21782, CVE-2024-58093, CVE-2025-21844, CVE-2025-21795, CVE-2025-21823, CVE-2025-21853, CVE-2025-21772, CVE-2025-21746, CVE-2025-21821, CVE-2024-58086, CVE-2025-21787, CVE-2025-21836, CVE-2025-21861, CVE-2025-21766, CVE-2025-21862, CVE-2025-21779)
  • USN-7699-2: Linux kernel (HWE) vulnerabilities
    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - GPU drivers; - HID subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - Network drivers; - Mellanox network drivers; - PHY drivers; - Voltage and Current Regulator drivers; - VideoCore services drivers; - USB Type-C Connector System Software Interface driver; - Xen hypervisor drivers; - EROFS file system; - Network file system (NFS) client; - File systems infrastructure; - SMB network file system; - Network traffic control; - io_uring subsystem; - Kernel command line parsing driver; - Scheduler infrastructure; - Memory management; - Networking core; - MAC80211 subsystem; - Management Component Transport Protocol (MCTP); - Netfilter; - Open vSwitch; - TLS protocol; - Wireless networking; - SOF drivers; (CVE-2025-38011, CVE-2025-38095, CVE-2025-37967, CVE-2025-38012, CVE-2025-38019, CVE-2025-37960, CVE-2025-37973, CVE-2025-37958, CVE-2025-38094, CVE-2025-37963, CVE-2025-37955, CVE-2025-38014, CVE-2025-38025, CVE-2025-37970, CVE-2025-37947, CVE-2025-37966, CVE-2025-37948, CVE-2025-38013, CVE-2025-37957, CVE-2025-38028, CVE-2025-37962, CVE-2025-38002, CVE-2025-37996, CVE-2025-37992, CVE-2025-37969, CVE-2025-38009, CVE-2025-38027, CVE-2025-38020, CVE-2025-38023, CVE-2025-38008, CVE-2025-38015, CVE-2025-37954, CVE-2025-38007, CVE-2025-38005, CVE-2025-37956, CVE-2025-37965, CVE-2025-37972, CVE-2025-38006, CVE-2025-37971, CVE-2025-38056, CVE-2025-37968, CVE-2025-38024, CVE-2025-37951, CVE-2025-38016, CVE-2025-38022, CVE-2025-37964, CVE-2025-37994, CVE-2025-37952, CVE-2025-37998, CVE-2025-37993, CVE-2025-38018, CVE-2025-38010, CVE-2025-37995, CVE-2025-38021, CVE-2025-37999, CVE-2025-37961, CVE-2025-37959, CVE-2025-37950, CVE-2025-37949)
  • USN-7708-1: poppler vulnerability
    It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.
  • More...

One thought on “Advisories: Ubuntu

  1. Hello !J aimerais svaoir, j ai essaye9 en machine virtuel et me manque l onglet administration, est-ce a cause de la VM ou bien c est Gnome 3.0 ?Merci 😉

Tell me what you are thinking?