Advisories: Ubuntu

Here are the latest advisories specifically for Ubuntu Linux:

  • USN-7608-4: Linux kernel vulnerabilities
    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - SMB network file system; - Memory management; - Netfilter; - Network traffic control; (CVE-2025-37890, CVE-2024-46787, CVE-2025-37798, CVE-2025-38000, CVE-2025-37932, CVE-2025-38001, CVE-2025-37997, CVE-2024-50047, CVE-2024-53051)
  • USN-7617-1: libtpms vulnerability
    It was discovered that libtpms did not properly manage memory when performing crafted cryptographic operations. An attacker could possibly use this issue to cause a denial of service.
  • USN-7585-6: Linux kernel (BlueField) vulnerabilities
    It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. (CVE-2025-2312) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - iSCSI Boot Firmware Table Attributes driver; - GPU drivers; - HID subsystem; - InfiniBand drivers; - Media drivers; - MemoryStick subsystem; - Network drivers; - NTB driver; - PCI subsystem; - SCSI subsystem; - Thermal drivers; - JFS file system; - File systems infrastructure; - Tracing infrastructure; - 802.1Q VLAN protocol; - Asynchronous Transfer Mode (ATM) subsystem; - Bluetooth subsystem; - IPv6 networking; - Netfilter; - Network traffic control; - Sun RPC protocol; - USB sound devices; (CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063, CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020, CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991, CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034, CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551, CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086, CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018, CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)
  • USN-7616-1: logback vulnerabilities
    It was discovered that logback could read malicious configuration files from LDAP servers. An attacker with the required permissions could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-42550) It was discovered that logback contained a serialization vulnerability. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-6378)
  • USN-7615-1: ClamAV vulnerabilities
    It was discovered that ClamAV incorrectly handled scanning UDF files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2025-20234) It was discovered that ClamAV incorrectly handled scanning PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-20260)
  • USN-7614-1: pcs vulnerabilities
    Cedric Buissart discovered that pcs did not correctly handle certain parameters. An attacker could possibly use this issue to leak sensitive information or elevate their privileges. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-1086) Ondrej Mular discovered that pcs did not correctly handle Unix socket permissions. An attacker could possibly use this issue to elevate their privileges. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2735) It was discovered that pcs did not correctly handle PAM authentication. An attacker could possibly use this issue to bypass authentication mechanisms. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1049) It was discovered that pcs did not correctly handle the validation of Node names. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-2661)
  • USN-7613-1: mongo-c-driver vulnerabilities
    Karman Liu discovered that mongo-c-driver did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2024-6381) Karman Liu discovered that mongo-c-driver did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-6383, CVE-2025-0755)
  • USN-7612-1: Flask-CORS vulnerabilities
    It was discovered that Flask-CORS did not correctly handle certain regular expressions. A remote attacker could possibly use this issue to leak sensitive information or bypass authentication mechanisms. (CVE-2024-6839) It was discovered that Flask-CORS allowed certain CORS headers to be enabled by default. A remote attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-6221) It was discovered that Flask-CORS did not correctly handle case sensitivity when matching paths. A remote attacker could possibly use this issue to leak sensitive information. (CVE-2024-6866) It was discovered that Flask-CORS did not correctly handle certain characters in URL paths. A remote attacker could possibly use this issue to leak sensitive information or bypass authentication mechanisms. (CVE-2024-6844) Elias Hohl was discovered that Flask-CORS did not correctly sanitize log entries. A remote attacker could possibly use this issue to corrupt log files. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-1681)
  • USN-7609-2: Linux kernel (Real-time) vulnerabilities
    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - Netfilter; - Network traffic control; (CVE-2025-38001, CVE-2025-37798, CVE-2025-37932, CVE-2025-37997, CVE-2025-38000, CVE-2025-22088, CVE-2025-37890)
  • USN-7609-1: Linux kernel vulnerabilities
    Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - Netfilter; - Network traffic control; (CVE-2025-38001, CVE-2025-37798, CVE-2025-37932, CVE-2025-37997, CVE-2025-38000, CVE-2025-22088, CVE-2025-37890)
  • More...

One thought on “Advisories: Ubuntu

  1. Hello !J aimerais svaoir, j ai essaye9 en machine virtuel et me manque l onglet administration, est-ce a cause de la VM ou bien c est Gnome 3.0 ?Merci 😉

Tell me what you are thinking?