The dovecot 2.4 release branch has made breaking changes which result
in it being incompatible with any <= 2.3 configuration file.
Thus, the dovecot service will no longer be able to start until the
configuration file was migrated, requiring manual intervention.
For guidance on the 2.3-to-2.4 migration, please refer to the
following upstream documentation:
[Upgrading Dovecot CE from 2.3 to 2.4](https://doc.dovecot.org/latest/installation/upgrade/2.3-to-2.4.html)
Furthermore, the dovecot 2.4 branch no longer supports their
replication feature, it was removed.
For users relying on the replication feature or who are unable to
perform the 2.4 migration right now, we provide alternative packages
available in [extra]:
- dovecot23
- pigeonhole23
- dovecot23-fts-elastic
- dovecot23-fts-xapian
The dovecot 2.3 release branch is going to [receive critical security
fixes](https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/thread/3P45L76DOC3NKUNSSPIXQNKINGOCYH5K/)
from upstream until stated otherwise.
URL: https://archlinux.org/news/dovecot-24-requires-manual-intervention/
Friday, October 31, 2025
[USN-7835-4] Linux kernel (HWE) vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkE9UIFAwAAAAAACgkQZ0GeRcM5nt20
YwgAnqe94315J5UzDvRiBUeiJtb0KVdCxMIUNRzvSJoZkFJ/fwoNUb8abhAmaA5upk7RGc6RVVVp
aCjmQ7hJcVyo/ClOcWomqoQiqtEMoFXzZMduXcQDH2WSssXtFvTmxskzsyeHRC1saZjepKdXB+m4
/n/85NihQWFX1IgJujLuLmfxZiZOxWxfcqkcfAcRtDJqOFgZo/biS5IMxlr/RAi2kWofHfWOxn18
1qp5H0QzZMmBtjmFppoCZfDagPLp3+JyyqQPM+CEg4nQpb0zq5lrVSPcem3DzpMVfFIXNrfwfSRr
la9EIJPjrkhfnadTlHsPWkNCxHIMC+SdtsSicXyL3g==
=U6JO
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7835-4
October 31, 2025
linux-hwe-6.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-hwe-6.8: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Ublk userspace block driver;
- Clock framework and drivers;
- GPU drivers;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- Remote Processor subsystem;
- Thermal drivers;
- Virtio Host (VHOST) subsystem;
- 9P distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Memory management;
- RDMA verbs API;
- Kernel fork() syscall;
- Tracing infrastructure;
- Watch queue notification mechanism;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- SoC Audio for Freescale CPUs drivers;
(CVE-2025-39728, CVE-2025-23136, CVE-2025-22062, CVE-2025-22035,
CVE-2025-22020, CVE-2025-22083, CVE-2025-22071, CVE-2025-22060,
CVE-2025-22073, CVE-2025-22044, CVE-2025-22063, CVE-2025-22079,
CVE-2025-22057, CVE-2025-22095, CVE-2025-39735, CVE-2025-39682,
CVE-2025-22058, CVE-2025-22021, CVE-2025-22018, CVE-2025-22056,
CVE-2025-22054, CVE-2025-22080, CVE-2025-22039, CVE-2025-22019,
CVE-2025-22038, CVE-2025-22028, CVE-2023-53034, CVE-2024-58092,
CVE-2025-38637, CVE-2025-22089, CVE-2025-40114, CVE-2025-22068,
CVE-2025-37937, CVE-2025-22070, CVE-2025-22072, CVE-2025-22086,
CVE-2025-22050, CVE-2025-22040, CVE-2025-22065, CVE-2025-38575,
CVE-2025-22064, CVE-2025-22033, CVE-2025-22041, CVE-2025-22090,
CVE-2025-22036, CVE-2025-23138, CVE-2025-22047, CVE-2025-38240,
CVE-2025-22066, CVE-2025-22042, CVE-2025-38152, CVE-2025-22055,
CVE-2025-22081, CVE-2025-22045, CVE-2025-22053, CVE-2025-22075,
CVE-2025-22027, CVE-2025-22025, CVE-2025-22097)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-6.8.0-86-generic 6.8.0-86.87~22.04.1
linux-image-6.8.0-86-generic-64k 6.8.0-86.87~22.04.1
linux-image-generic-6.8 6.8.0-86.87~22.04.1
linux-image-generic-64k-6.8 6.8.0-86.87~22.04.1
linux-image-generic-64k-hwe-22.04 6.8.0-86.87~22.04.1
linux-image-generic-hwe-22.04 6.8.0-86.87~22.04.1
linux-image-oem-22.04 6.8.0-86.87~22.04.1
linux-image-oem-22.04a 6.8.0-86.87~22.04.1
linux-image-oem-22.04b 6.8.0-86.87~22.04.1
linux-image-oem-22.04c 6.8.0-86.87~22.04.1
linux-image-oem-22.04d 6.8.0-86.87~22.04.1
linux-image-virtual-6.8 6.8.0-86.87~22.04.1
linux-image-virtual-hwe-22.04 6.8.0-86.87~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7835-4
https://ubuntu.com/security/notices/USN-7835-3
https://ubuntu.com/security/notices/USN-7835-2
https://ubuntu.com/security/notices/USN-7835-1
CVE-2023-53034, CVE-2024-58092, CVE-2025-22018, CVE-2025-22019,
CVE-2025-22020, CVE-2025-22021, CVE-2025-22025, CVE-2025-22027,
CVE-2025-22028, CVE-2025-22033, CVE-2025-22035, CVE-2025-22036,
CVE-2025-22038, CVE-2025-22039, CVE-2025-22040, CVE-2025-22041,
CVE-2025-22042, CVE-2025-22044, CVE-2025-22045, CVE-2025-22047,
CVE-2025-22050, CVE-2025-22053, CVE-2025-22054, CVE-2025-22055,
CVE-2025-22056, CVE-2025-22057, CVE-2025-22058, CVE-2025-22060,
CVE-2025-22062, CVE-2025-22063, CVE-2025-22064, CVE-2025-22065,
CVE-2025-22066, CVE-2025-22068, CVE-2025-22070, CVE-2025-22071,
CVE-2025-22072, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079,
CVE-2025-22080, CVE-2025-22081, CVE-2025-22083, CVE-2025-22086,
CVE-2025-22089, CVE-2025-22090, CVE-2025-22095, CVE-2025-22097,
CVE-2025-23136, CVE-2025-23138, CVE-2025-37937, CVE-2025-38152,
CVE-2025-38240, CVE-2025-38575, CVE-2025-38637, CVE-2025-39682,
CVE-2025-39728, CVE-2025-39735, CVE-2025-40114
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-86.87~22.04.1
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkE9UIFAwAAAAAACgkQZ0GeRcM5nt20
YwgAnqe94315J5UzDvRiBUeiJtb0KVdCxMIUNRzvSJoZkFJ/fwoNUb8abhAmaA5upk7RGc6RVVVp
aCjmQ7hJcVyo/ClOcWomqoQiqtEMoFXzZMduXcQDH2WSssXtFvTmxskzsyeHRC1saZjepKdXB+m4
/n/85NihQWFX1IgJujLuLmfxZiZOxWxfcqkcfAcRtDJqOFgZo/biS5IMxlr/RAi2kWofHfWOxn18
1qp5H0QzZMmBtjmFppoCZfDagPLp3+JyyqQPM+CEg4nQpb0zq5lrVSPcem3DzpMVfFIXNrfwfSRr
la9EIJPjrkhfnadTlHsPWkNCxHIMC+SdtsSicXyL3g==
=U6JO
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7835-4
October 31, 2025
linux-hwe-6.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-hwe-6.8: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Ublk userspace block driver;
- Clock framework and drivers;
- GPU drivers;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- Remote Processor subsystem;
- Thermal drivers;
- Virtio Host (VHOST) subsystem;
- 9P distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Memory management;
- RDMA verbs API;
- Kernel fork() syscall;
- Tracing infrastructure;
- Watch queue notification mechanism;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- SoC Audio for Freescale CPUs drivers;
(CVE-2025-39728, CVE-2025-23136, CVE-2025-22062, CVE-2025-22035,
CVE-2025-22020, CVE-2025-22083, CVE-2025-22071, CVE-2025-22060,
CVE-2025-22073, CVE-2025-22044, CVE-2025-22063, CVE-2025-22079,
CVE-2025-22057, CVE-2025-22095, CVE-2025-39735, CVE-2025-39682,
CVE-2025-22058, CVE-2025-22021, CVE-2025-22018, CVE-2025-22056,
CVE-2025-22054, CVE-2025-22080, CVE-2025-22039, CVE-2025-22019,
CVE-2025-22038, CVE-2025-22028, CVE-2023-53034, CVE-2024-58092,
CVE-2025-38637, CVE-2025-22089, CVE-2025-40114, CVE-2025-22068,
CVE-2025-37937, CVE-2025-22070, CVE-2025-22072, CVE-2025-22086,
CVE-2025-22050, CVE-2025-22040, CVE-2025-22065, CVE-2025-38575,
CVE-2025-22064, CVE-2025-22033, CVE-2025-22041, CVE-2025-22090,
CVE-2025-22036, CVE-2025-23138, CVE-2025-22047, CVE-2025-38240,
CVE-2025-22066, CVE-2025-22042, CVE-2025-38152, CVE-2025-22055,
CVE-2025-22081, CVE-2025-22045, CVE-2025-22053, CVE-2025-22075,
CVE-2025-22027, CVE-2025-22025, CVE-2025-22097)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-6.8.0-86-generic 6.8.0-86.87~22.04.1
linux-image-6.8.0-86-generic-64k 6.8.0-86.87~22.04.1
linux-image-generic-6.8 6.8.0-86.87~22.04.1
linux-image-generic-64k-6.8 6.8.0-86.87~22.04.1
linux-image-generic-64k-hwe-22.04 6.8.0-86.87~22.04.1
linux-image-generic-hwe-22.04 6.8.0-86.87~22.04.1
linux-image-oem-22.04 6.8.0-86.87~22.04.1
linux-image-oem-22.04a 6.8.0-86.87~22.04.1
linux-image-oem-22.04b 6.8.0-86.87~22.04.1
linux-image-oem-22.04c 6.8.0-86.87~22.04.1
linux-image-oem-22.04d 6.8.0-86.87~22.04.1
linux-image-virtual-6.8 6.8.0-86.87~22.04.1
linux-image-virtual-hwe-22.04 6.8.0-86.87~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7835-4
https://ubuntu.com/security/notices/USN-7835-3
https://ubuntu.com/security/notices/USN-7835-2
https://ubuntu.com/security/notices/USN-7835-1
CVE-2023-53034, CVE-2024-58092, CVE-2025-22018, CVE-2025-22019,
CVE-2025-22020, CVE-2025-22021, CVE-2025-22025, CVE-2025-22027,
CVE-2025-22028, CVE-2025-22033, CVE-2025-22035, CVE-2025-22036,
CVE-2025-22038, CVE-2025-22039, CVE-2025-22040, CVE-2025-22041,
CVE-2025-22042, CVE-2025-22044, CVE-2025-22045, CVE-2025-22047,
CVE-2025-22050, CVE-2025-22053, CVE-2025-22054, CVE-2025-22055,
CVE-2025-22056, CVE-2025-22057, CVE-2025-22058, CVE-2025-22060,
CVE-2025-22062, CVE-2025-22063, CVE-2025-22064, CVE-2025-22065,
CVE-2025-22066, CVE-2025-22068, CVE-2025-22070, CVE-2025-22071,
CVE-2025-22072, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079,
CVE-2025-22080, CVE-2025-22081, CVE-2025-22083, CVE-2025-22086,
CVE-2025-22089, CVE-2025-22090, CVE-2025-22095, CVE-2025-22097,
CVE-2025-23136, CVE-2025-23138, CVE-2025-37937, CVE-2025-38152,
CVE-2025-38240, CVE-2025-38575, CVE-2025-38637, CVE-2025-39682,
CVE-2025-39728, CVE-2025-39735, CVE-2025-40114
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-86.87~22.04.1
[USN-7833-4] Linux kernel (GCP) vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkEy5kFAwAAAAAACgkQZ0GeRcM5nt1I
+Af/Tn1pdLsjCYxdxFQ9uRvSnO7pfZWLN9rzaPzo+HMIp26z5sWjEEhD63GsZd/aJDSxO0kJgNin
EYcmAZUq1olzDWuIOfrxN1g5xgC/6CGeFvCXd8zbcc4Dti+fqqLbkoRLq5+38x3O4JW80BIpU/z4
5WQcAw3AIiYPZThjMylu3hoFJU6HYAQ9NYiy/Qj1BTG59df8b1EzY/gMUA2kFFLUUHVTb3yawSa6
ym321Xw8+zLCFGuGbFJFhho+l8XFs2mYMAgQGULzFC+yxDH38CWeUx4Sq2Mmy25LdBxffYVx6qsV
ImpuD+2ngAroARHNE8+LvmWrbGrgbPwqJQIf+uPPxw==
=3M/a
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7833-4
October 31, 2025
linux-gcp-6.14 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gcp-6.14: Linux kernel for Google Cloud Platform (GCP) systems
Details:
Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive information. (CVE-2024-36350, CVE-2024-36357)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- Ublk userspace block driver;
- Bus devices;
- DMA engine subsystem;
- Arm Firmware Framework for ARMv8-A(FFA);
- Cirrus firmware drivers;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I2C subsystem;
- InfiniBand drivers;
- Input Device (Miscellaneous) drivers;
- Multiple devices driver;
- Media drivers;
- TI TPS6594 PFSM driver;
- MMC subsystem;
- MTD block device drivers;
- Network drivers;
- NVME drivers;
- x86 platform drivers;
- RapidIO drivers;
- Voltage and Current Regulator drivers;
- Remote Processor subsystem;
- S/390 drivers;
- SCSI subsystem;
- TCM subsystem;
- Trusted Execution Environment drivers;
- TTY drivers;
- ChipIdea USB driver;
- USB Type-C support driver;
- Framebuffer layer;
- TSM Common Guest driver;
- File systems infrastructure;
- BTRFS file system;
- Ceph distributed file system;
- Ext4 file system;
- F2FS file system;
- JFFS2 file system;
- JFS file system;
- Network file systems library;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- SMB network file system;
- Memory Management;
- Bluetooth subsystem;
- Tracing infrastructure;
- io_uring subsystem;
- IPC subsystem;
- BPF subsystem;
- Perf events;
- Kernel exit() syscall;
- IRQ subsystem;
- Scheduler infrastructure;
- Maple Tree data structure library;
- Memory management;
- Asynchronous Transfer Mode (ATM) subsystem;
- Ethernet bridge;
- Networking core;
- IPv6 networking;
- MultiProtocol Label Switching driver;
- Netfilter;
- NFC subsystem;
- Rose network layer;
- Network traffic control;
- Sun RPC protocol;
- TIPC protocol;
- TLS protocol;
- Unix domain sockets;
- VMware vSockets driver;
- WCD audio codecs;
- USB sound devices;
(CVE-2025-38339, CVE-2025-38391, CVE-2025-38262, CVE-2025-38345,
CVE-2025-38387, CVE-2025-38373, CVE-2025-38395, CVE-2025-38330,
CVE-2025-38425, CVE-2025-38210, CVE-2025-38206, CVE-2025-38219,
CVE-2025-38245, CVE-2025-38253, CVE-2025-38401, CVE-2025-38410,
CVE-2025-38086, CVE-2025-38340, CVE-2025-38368, CVE-2025-38385,
CVE-2025-38384, CVE-2025-38326, CVE-2025-38224, CVE-2025-38338,
CVE-2025-38191, CVE-2025-39682, CVE-2025-38343, CVE-2025-38090,
CVE-2025-38228, CVE-2025-38182, CVE-2025-38231, CVE-2025-38183,
CVE-2025-38184, CVE-2025-38237, CVE-2025-38413, CVE-2025-38356,
CVE-2025-38246, CVE-2025-38202, CVE-2025-38248, CVE-2025-38254,
CVE-2025-38426, CVE-2025-38429, CVE-2025-38364, CVE-2025-38388,
CVE-2025-38435, CVE-2025-38403, CVE-2025-38186, CVE-2025-38199,
CVE-2025-38402, CVE-2025-38181, CVE-2025-38264, CVE-2025-38362,
CVE-2025-38341, CVE-2025-38422, CVE-2025-38331, CVE-2025-38423,
CVE-2025-38233, CVE-2025-38337, CVE-2025-38328, CVE-2025-38196,
CVE-2025-38412, CVE-2025-38205, CVE-2025-38242, CVE-2025-38324,
CVE-2025-38354, CVE-2025-38347, CVE-2025-38217, CVE-2025-38393,
CVE-2025-38392, CVE-2025-38390, CVE-2025-38321, CVE-2025-38541,
CVE-2025-38363, CVE-2025-38203, CVE-2025-38250, CVE-2025-38418,
CVE-2025-38336, CVE-2025-38333, CVE-2025-38194, CVE-2025-38372,
CVE-2025-38348, CVE-2025-38370, CVE-2025-38411, CVE-2025-38188,
CVE-2025-38365, CVE-2025-38241, CVE-2025-38201, CVE-2025-38259,
CVE-2025-38355, CVE-2025-38227, CVE-2025-38225, CVE-2025-38405,
CVE-2025-38329, CVE-2025-38232, CVE-2025-38344, CVE-2025-38238,
CVE-2025-38239, CVE-2025-38260, CVE-2025-38257, CVE-2025-38399,
CVE-2025-38419, CVE-2025-38430, CVE-2025-38251, CVE-2025-38332,
CVE-2025-38220, CVE-2025-38417, CVE-2025-38396, CVE-2025-38234,
CVE-2025-38434, CVE-2025-38197, CVE-2025-38436, CVE-2025-38408,
CVE-2025-38204, CVE-2025-38222, CVE-2025-38361, CVE-2025-38218,
CVE-2025-38212, CVE-2025-38198, CVE-2025-38255, CVE-2025-38389,
CVE-2025-38085, CVE-2025-38244, CVE-2025-38089, CVE-2025-38428,
CVE-2025-38369, CVE-2025-38189, CVE-2025-38084, CVE-2025-38400,
CVE-2025-38382, CVE-2025-38223, CVE-2025-38325, CVE-2025-38263,
CVE-2025-38249, CVE-2025-38346, CVE-2025-38320, CVE-2025-38409,
CVE-2025-38374, CVE-2025-38208, CVE-2025-38256, CVE-2025-38371,
CVE-2025-38192, CVE-2025-38406, CVE-2025-38360, CVE-2025-38258,
CVE-2025-38226, CVE-2025-38376, CVE-2025-38375, CVE-2025-38200,
CVE-2025-38523, CVE-2025-38334, CVE-2025-38236, CVE-2025-38386,
CVE-2025-38421, CVE-2025-38087, CVE-2025-38416, CVE-2025-38179,
CVE-2025-38420, CVE-2025-38424, CVE-2025-38377, CVE-2025-38359,
CVE-2025-38342, CVE-2025-38431, CVE-2025-38407, CVE-2025-38427,
CVE-2025-38229, CVE-2025-38353, CVE-2025-38383, CVE-2025-38211,
CVE-2025-38322, CVE-2025-38381, CVE-2025-38261)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.14.0-1018-gcp 6.14.0-1018.19~24.04.1
linux-image-6.14.0-1018-gcp-64k 6.14.0-1018.19~24.04.1
linux-image-gcp 6.14.0-1018.19~24.04.1
linux-image-gcp-6.14 6.14.0-1018.19~24.04.1
linux-image-gcp-64k 6.14.0-1018.19~24.04.1
linux-image-gcp-64k-6.14 6.14.0-1018.19~24.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7833-4
https://ubuntu.com/security/notices/USN-7833-3
https://ubuntu.com/security/notices/USN-7833-2
https://ubuntu.com/security/notices/USN-7833-1
CVE-2024-36350, CVE-2024-36357, CVE-2025-38084, CVE-2025-38085,
CVE-2025-38086, CVE-2025-38087, CVE-2025-38089, CVE-2025-38090,
CVE-2025-38179, CVE-2025-38181, CVE-2025-38182, CVE-2025-38183,
CVE-2025-38184, CVE-2025-38186, CVE-2025-38188, CVE-2025-38189,
CVE-2025-38191, CVE-2025-38192, CVE-2025-38194, CVE-2025-38196,
CVE-2025-38197, CVE-2025-38198, CVE-2025-38199, CVE-2025-38200,
CVE-2025-38201, CVE-2025-38202, CVE-2025-38203, CVE-2025-38204,
CVE-2025-38205, CVE-2025-38206, CVE-2025-38208, CVE-2025-38210,
CVE-2025-38211, CVE-2025-38212, CVE-2025-38217, CVE-2025-38218,
CVE-2025-38219, CVE-2025-38220, CVE-2025-38222, CVE-2025-38223,
CVE-2025-38224, CVE-2025-38225, CVE-2025-38226, CVE-2025-38227,
CVE-2025-38228, CVE-2025-38229, CVE-2025-38231, CVE-2025-38232,
CVE-2025-38233, CVE-2025-38234, CVE-2025-38236, CVE-2025-38237,
CVE-2025-38238, CVE-2025-38239, CVE-2025-38241, CVE-2025-38242,
CVE-2025-38244, CVE-2025-38245, CVE-2025-38246, CVE-2025-38248,
CVE-2025-38249, CVE-2025-38250, CVE-2025-38251, CVE-2025-38253,
CVE-2025-38254, CVE-2025-38255, CVE-2025-38256, CVE-2025-38257,
CVE-2025-38258, CVE-2025-38259, CVE-2025-38260, CVE-2025-38261,
CVE-2025-38262, CVE-2025-38263, CVE-2025-38264, CVE-2025-38320,
CVE-2025-38321, CVE-2025-38322, CVE-2025-38324, CVE-2025-38325,
CVE-2025-38326, CVE-2025-38328, CVE-2025-38329, CVE-2025-38330,
CVE-2025-38331, CVE-2025-38332, CVE-2025-38333, CVE-2025-38334,
CVE-2025-38336, CVE-2025-38337, CVE-2025-38338, CVE-2025-38339,
CVE-2025-38340, CVE-2025-38341, CVE-2025-38342, CVE-2025-38343,
CVE-2025-38344, CVE-2025-38345, CVE-2025-38346, CVE-2025-38347,
CVE-2025-38348, CVE-2025-38353, CVE-2025-38354, CVE-2025-38355,
CVE-2025-38356, CVE-2025-38359, CVE-2025-38360, CVE-2025-38361,
CVE-2025-38362, CVE-2025-38363, CVE-2025-38364, CVE-2025-38365,
CVE-2025-38368, CVE-2025-38369, CVE-2025-38370, CVE-2025-38371,
CVE-2025-38372, CVE-2025-38373, CVE-2025-38374, CVE-2025-38375,
CVE-2025-38376, CVE-2025-38377, CVE-2025-38381, CVE-2025-38382,
CVE-2025-38383, CVE-2025-38384, CVE-2025-38385, CVE-2025-38386,
CVE-2025-38387, CVE-2025-38388, CVE-2025-38389, CVE-2025-38390,
CVE-2025-38391, CVE-2025-38392, CVE-2025-38393, CVE-2025-38395,
CVE-2025-38396, CVE-2025-38399, CVE-2025-38400, CVE-2025-38401,
CVE-2025-38402, CVE-2025-38403, CVE-2025-38405, CVE-2025-38406,
CVE-2025-38407, CVE-2025-38408, CVE-2025-38409, CVE-2025-38410,
CVE-2025-38411, CVE-2025-38412, CVE-2025-38413, CVE-2025-38416,
CVE-2025-38417, CVE-2025-38418, CVE-2025-38419, CVE-2025-38420,
CVE-2025-38421, CVE-2025-38422, CVE-2025-38423, CVE-2025-38424,
CVE-2025-38425, CVE-2025-38426, CVE-2025-38427, CVE-2025-38428,
CVE-2025-38429, CVE-2025-38430, CVE-2025-38431, CVE-2025-38434,
CVE-2025-38435, CVE-2025-38436, CVE-2025-38523, CVE-2025-38541,
CVE-2025-39682
Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp-6.14/6.14.0-1018.19~24.04.1
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkEy5kFAwAAAAAACgkQZ0GeRcM5nt1I
+Af/Tn1pdLsjCYxdxFQ9uRvSnO7pfZWLN9rzaPzo+HMIp26z5sWjEEhD63GsZd/aJDSxO0kJgNin
EYcmAZUq1olzDWuIOfrxN1g5xgC/6CGeFvCXd8zbcc4Dti+fqqLbkoRLq5+38x3O4JW80BIpU/z4
5WQcAw3AIiYPZThjMylu3hoFJU6HYAQ9NYiy/Qj1BTG59df8b1EzY/gMUA2kFFLUUHVTb3yawSa6
ym321Xw8+zLCFGuGbFJFhho+l8XFs2mYMAgQGULzFC+yxDH38CWeUx4Sq2Mmy25LdBxffYVx6qsV
ImpuD+2ngAroARHNE8+LvmWrbGrgbPwqJQIf+uPPxw==
=3M/a
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7833-4
October 31, 2025
linux-gcp-6.14 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-gcp-6.14: Linux kernel for Google Cloud Platform (GCP) systems
Details:
Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive information. (CVE-2024-36350, CVE-2024-36357)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- Ublk userspace block driver;
- Bus devices;
- DMA engine subsystem;
- Arm Firmware Framework for ARMv8-A(FFA);
- Cirrus firmware drivers;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I2C subsystem;
- InfiniBand drivers;
- Input Device (Miscellaneous) drivers;
- Multiple devices driver;
- Media drivers;
- TI TPS6594 PFSM driver;
- MMC subsystem;
- MTD block device drivers;
- Network drivers;
- NVME drivers;
- x86 platform drivers;
- RapidIO drivers;
- Voltage and Current Regulator drivers;
- Remote Processor subsystem;
- S/390 drivers;
- SCSI subsystem;
- TCM subsystem;
- Trusted Execution Environment drivers;
- TTY drivers;
- ChipIdea USB driver;
- USB Type-C support driver;
- Framebuffer layer;
- TSM Common Guest driver;
- File systems infrastructure;
- BTRFS file system;
- Ceph distributed file system;
- Ext4 file system;
- F2FS file system;
- JFFS2 file system;
- JFS file system;
- Network file systems library;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- SMB network file system;
- Memory Management;
- Bluetooth subsystem;
- Tracing infrastructure;
- io_uring subsystem;
- IPC subsystem;
- BPF subsystem;
- Perf events;
- Kernel exit() syscall;
- IRQ subsystem;
- Scheduler infrastructure;
- Maple Tree data structure library;
- Memory management;
- Asynchronous Transfer Mode (ATM) subsystem;
- Ethernet bridge;
- Networking core;
- IPv6 networking;
- MultiProtocol Label Switching driver;
- Netfilter;
- NFC subsystem;
- Rose network layer;
- Network traffic control;
- Sun RPC protocol;
- TIPC protocol;
- TLS protocol;
- Unix domain sockets;
- VMware vSockets driver;
- WCD audio codecs;
- USB sound devices;
(CVE-2025-38339, CVE-2025-38391, CVE-2025-38262, CVE-2025-38345,
CVE-2025-38387, CVE-2025-38373, CVE-2025-38395, CVE-2025-38330,
CVE-2025-38425, CVE-2025-38210, CVE-2025-38206, CVE-2025-38219,
CVE-2025-38245, CVE-2025-38253, CVE-2025-38401, CVE-2025-38410,
CVE-2025-38086, CVE-2025-38340, CVE-2025-38368, CVE-2025-38385,
CVE-2025-38384, CVE-2025-38326, CVE-2025-38224, CVE-2025-38338,
CVE-2025-38191, CVE-2025-39682, CVE-2025-38343, CVE-2025-38090,
CVE-2025-38228, CVE-2025-38182, CVE-2025-38231, CVE-2025-38183,
CVE-2025-38184, CVE-2025-38237, CVE-2025-38413, CVE-2025-38356,
CVE-2025-38246, CVE-2025-38202, CVE-2025-38248, CVE-2025-38254,
CVE-2025-38426, CVE-2025-38429, CVE-2025-38364, CVE-2025-38388,
CVE-2025-38435, CVE-2025-38403, CVE-2025-38186, CVE-2025-38199,
CVE-2025-38402, CVE-2025-38181, CVE-2025-38264, CVE-2025-38362,
CVE-2025-38341, CVE-2025-38422, CVE-2025-38331, CVE-2025-38423,
CVE-2025-38233, CVE-2025-38337, CVE-2025-38328, CVE-2025-38196,
CVE-2025-38412, CVE-2025-38205, CVE-2025-38242, CVE-2025-38324,
CVE-2025-38354, CVE-2025-38347, CVE-2025-38217, CVE-2025-38393,
CVE-2025-38392, CVE-2025-38390, CVE-2025-38321, CVE-2025-38541,
CVE-2025-38363, CVE-2025-38203, CVE-2025-38250, CVE-2025-38418,
CVE-2025-38336, CVE-2025-38333, CVE-2025-38194, CVE-2025-38372,
CVE-2025-38348, CVE-2025-38370, CVE-2025-38411, CVE-2025-38188,
CVE-2025-38365, CVE-2025-38241, CVE-2025-38201, CVE-2025-38259,
CVE-2025-38355, CVE-2025-38227, CVE-2025-38225, CVE-2025-38405,
CVE-2025-38329, CVE-2025-38232, CVE-2025-38344, CVE-2025-38238,
CVE-2025-38239, CVE-2025-38260, CVE-2025-38257, CVE-2025-38399,
CVE-2025-38419, CVE-2025-38430, CVE-2025-38251, CVE-2025-38332,
CVE-2025-38220, CVE-2025-38417, CVE-2025-38396, CVE-2025-38234,
CVE-2025-38434, CVE-2025-38197, CVE-2025-38436, CVE-2025-38408,
CVE-2025-38204, CVE-2025-38222, CVE-2025-38361, CVE-2025-38218,
CVE-2025-38212, CVE-2025-38198, CVE-2025-38255, CVE-2025-38389,
CVE-2025-38085, CVE-2025-38244, CVE-2025-38089, CVE-2025-38428,
CVE-2025-38369, CVE-2025-38189, CVE-2025-38084, CVE-2025-38400,
CVE-2025-38382, CVE-2025-38223, CVE-2025-38325, CVE-2025-38263,
CVE-2025-38249, CVE-2025-38346, CVE-2025-38320, CVE-2025-38409,
CVE-2025-38374, CVE-2025-38208, CVE-2025-38256, CVE-2025-38371,
CVE-2025-38192, CVE-2025-38406, CVE-2025-38360, CVE-2025-38258,
CVE-2025-38226, CVE-2025-38376, CVE-2025-38375, CVE-2025-38200,
CVE-2025-38523, CVE-2025-38334, CVE-2025-38236, CVE-2025-38386,
CVE-2025-38421, CVE-2025-38087, CVE-2025-38416, CVE-2025-38179,
CVE-2025-38420, CVE-2025-38424, CVE-2025-38377, CVE-2025-38359,
CVE-2025-38342, CVE-2025-38431, CVE-2025-38407, CVE-2025-38427,
CVE-2025-38229, CVE-2025-38353, CVE-2025-38383, CVE-2025-38211,
CVE-2025-38322, CVE-2025-38381, CVE-2025-38261)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.14.0-1018-gcp 6.14.0-1018.19~24.04.1
linux-image-6.14.0-1018-gcp-64k 6.14.0-1018.19~24.04.1
linux-image-gcp 6.14.0-1018.19~24.04.1
linux-image-gcp-6.14 6.14.0-1018.19~24.04.1
linux-image-gcp-64k 6.14.0-1018.19~24.04.1
linux-image-gcp-64k-6.14 6.14.0-1018.19~24.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7833-4
https://ubuntu.com/security/notices/USN-7833-3
https://ubuntu.com/security/notices/USN-7833-2
https://ubuntu.com/security/notices/USN-7833-1
CVE-2024-36350, CVE-2024-36357, CVE-2025-38084, CVE-2025-38085,
CVE-2025-38086, CVE-2025-38087, CVE-2025-38089, CVE-2025-38090,
CVE-2025-38179, CVE-2025-38181, CVE-2025-38182, CVE-2025-38183,
CVE-2025-38184, CVE-2025-38186, CVE-2025-38188, CVE-2025-38189,
CVE-2025-38191, CVE-2025-38192, CVE-2025-38194, CVE-2025-38196,
CVE-2025-38197, CVE-2025-38198, CVE-2025-38199, CVE-2025-38200,
CVE-2025-38201, CVE-2025-38202, CVE-2025-38203, CVE-2025-38204,
CVE-2025-38205, CVE-2025-38206, CVE-2025-38208, CVE-2025-38210,
CVE-2025-38211, CVE-2025-38212, CVE-2025-38217, CVE-2025-38218,
CVE-2025-38219, CVE-2025-38220, CVE-2025-38222, CVE-2025-38223,
CVE-2025-38224, CVE-2025-38225, CVE-2025-38226, CVE-2025-38227,
CVE-2025-38228, CVE-2025-38229, CVE-2025-38231, CVE-2025-38232,
CVE-2025-38233, CVE-2025-38234, CVE-2025-38236, CVE-2025-38237,
CVE-2025-38238, CVE-2025-38239, CVE-2025-38241, CVE-2025-38242,
CVE-2025-38244, CVE-2025-38245, CVE-2025-38246, CVE-2025-38248,
CVE-2025-38249, CVE-2025-38250, CVE-2025-38251, CVE-2025-38253,
CVE-2025-38254, CVE-2025-38255, CVE-2025-38256, CVE-2025-38257,
CVE-2025-38258, CVE-2025-38259, CVE-2025-38260, CVE-2025-38261,
CVE-2025-38262, CVE-2025-38263, CVE-2025-38264, CVE-2025-38320,
CVE-2025-38321, CVE-2025-38322, CVE-2025-38324, CVE-2025-38325,
CVE-2025-38326, CVE-2025-38328, CVE-2025-38329, CVE-2025-38330,
CVE-2025-38331, CVE-2025-38332, CVE-2025-38333, CVE-2025-38334,
CVE-2025-38336, CVE-2025-38337, CVE-2025-38338, CVE-2025-38339,
CVE-2025-38340, CVE-2025-38341, CVE-2025-38342, CVE-2025-38343,
CVE-2025-38344, CVE-2025-38345, CVE-2025-38346, CVE-2025-38347,
CVE-2025-38348, CVE-2025-38353, CVE-2025-38354, CVE-2025-38355,
CVE-2025-38356, CVE-2025-38359, CVE-2025-38360, CVE-2025-38361,
CVE-2025-38362, CVE-2025-38363, CVE-2025-38364, CVE-2025-38365,
CVE-2025-38368, CVE-2025-38369, CVE-2025-38370, CVE-2025-38371,
CVE-2025-38372, CVE-2025-38373, CVE-2025-38374, CVE-2025-38375,
CVE-2025-38376, CVE-2025-38377, CVE-2025-38381, CVE-2025-38382,
CVE-2025-38383, CVE-2025-38384, CVE-2025-38385, CVE-2025-38386,
CVE-2025-38387, CVE-2025-38388, CVE-2025-38389, CVE-2025-38390,
CVE-2025-38391, CVE-2025-38392, CVE-2025-38393, CVE-2025-38395,
CVE-2025-38396, CVE-2025-38399, CVE-2025-38400, CVE-2025-38401,
CVE-2025-38402, CVE-2025-38403, CVE-2025-38405, CVE-2025-38406,
CVE-2025-38407, CVE-2025-38408, CVE-2025-38409, CVE-2025-38410,
CVE-2025-38411, CVE-2025-38412, CVE-2025-38413, CVE-2025-38416,
CVE-2025-38417, CVE-2025-38418, CVE-2025-38419, CVE-2025-38420,
CVE-2025-38421, CVE-2025-38422, CVE-2025-38423, CVE-2025-38424,
CVE-2025-38425, CVE-2025-38426, CVE-2025-38427, CVE-2025-38428,
CVE-2025-38429, CVE-2025-38430, CVE-2025-38431, CVE-2025-38434,
CVE-2025-38435, CVE-2025-38436, CVE-2025-38523, CVE-2025-38541,
CVE-2025-39682
Package Information:
https://launchpad.net/ubuntu/+source/linux-gcp-6.14/6.14.0-1018.19~24.04.1
OpenSMTPD 7.8.0p0
OpenSMTPD is a FREE implementation of the SMTP protocol with some common
extensions. It allows ordinary machines to exchange e-mails with systems
speaking the SMTP protocol. It implements a fairly large part of RFC5321
and can already cover a large range of use-cases.
It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and macOS.
The archives are now available from the main site at www.OpenSMTPD.org
We would like to thank the OpenSMTPD community for their help in testing
the snapshots, reporting bugs, contributing code and packaging for other
systems.
Dependencies note:
==================
This release builds with LibreSSL, or OpenSSL >= 1.1.
It's preferable to depend on LibreSSL as OpenSMTPD is written and tested
with that dependency. OpenSSL library is considered as a best effort
target TLS library and provided as a commodity, LibreSSL has become our
target TLS library.
Changes in this release:
========================
- Don't reject single character AUTH PLAIN passwords.
- Fix address family typo (PF_INET->PF_INET6).
- Various documentation improvements.
- Removed support for world-writable mail spools.
- Updated contrib mail.local and lockspool.
- Don't die if garbage is being sent on the local socket.
This release includes the OpenBSD errata 005 which fixes CVE-2025-62875.
Checksums:
==========
SHA256 (opensmtpd-7.8.0p0.tar.gz) =
4034de2e92c61fa83eedadb1d8d8bdfe65e57eb50ce9679e0140950e34ca4ab7
Verify:
=======
Starting with version 5.7.1, releases are signed with signify(1).
You can obtain the public key from our website, check with our community
that it has not been altered on its way to your machine.
$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub
Once you are confident the key is correct, you can verify the release as
described below:
1. download both release tarball and matching signature file to same directory:
$ wget https://www.opensmtpd.org/archives/opensmtpd-7.8.0p0.sum.sig
$ wget https://www.opensmtpd.org/archives/opensmtpd-7.8.0p0.tar.gz
2. use `signify` to verify that signature file is properly signed and that the
checksum matches the release tarball you downloaded:
$ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.8.0p0.sum.sig
Signature Verified
opensmtpd-7.8.0p0.tar.gz: OK
If you don't get an OK message, then something is not right and you should not
install without first understanding why it failed.
Support:
========
You are encouraged to register to our general purpose mailing-list:
http://www.opensmtpd.org/list.html
The "Official" IRC channel for the project is at:
#opensmtpd @ irc.libera.chat
Support us:
===========
The project is maintained by volunteers, you can support us by:
- donating time to help test development branch during development cycle
- donating money to either one of the OpenBSD or OpenSMTPD project
- sponsoring developers through direct donations or patreon
- sponsoring developers through contracts to write features
Get in touch with us by e-mail or on IRC for more informations.
Reporting Bugs:
===============
Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to security@opensmtpd.org
Other bugs may be reported to bugs@opensmtpd.org
extensions. It allows ordinary machines to exchange e-mails with systems
speaking the SMTP protocol. It implements a fairly large part of RFC5321
and can already cover a large range of use-cases.
It runs on OpenBSD, NetBSD, FreeBSD, DragonFlyBSD, Linux and macOS.
The archives are now available from the main site at www.OpenSMTPD.org
We would like to thank the OpenSMTPD community for their help in testing
the snapshots, reporting bugs, contributing code and packaging for other
systems.
Dependencies note:
==================
This release builds with LibreSSL, or OpenSSL >= 1.1.
It's preferable to depend on LibreSSL as OpenSMTPD is written and tested
with that dependency. OpenSSL library is considered as a best effort
target TLS library and provided as a commodity, LibreSSL has become our
target TLS library.
Changes in this release:
========================
- Don't reject single character AUTH PLAIN passwords.
- Fix address family typo (PF_INET->PF_INET6).
- Various documentation improvements.
- Removed support for world-writable mail spools.
- Updated contrib mail.local and lockspool.
- Don't die if garbage is being sent on the local socket.
This release includes the OpenBSD errata 005 which fixes CVE-2025-62875.
Checksums:
==========
SHA256 (opensmtpd-7.8.0p0.tar.gz) =
4034de2e92c61fa83eedadb1d8d8bdfe65e57eb50ce9679e0140950e34ca4ab7
Verify:
=======
Starting with version 5.7.1, releases are signed with signify(1).
You can obtain the public key from our website, check with our community
that it has not been altered on its way to your machine.
$ wget https://www.opensmtpd.org/archives/opensmtpd-20181026.pub
Once you are confident the key is correct, you can verify the release as
described below:
1. download both release tarball and matching signature file to same directory:
$ wget https://www.opensmtpd.org/archives/opensmtpd-7.8.0p0.sum.sig
$ wget https://www.opensmtpd.org/archives/opensmtpd-7.8.0p0.tar.gz
2. use `signify` to verify that signature file is properly signed and that the
checksum matches the release tarball you downloaded:
$ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.8.0p0.sum.sig
Signature Verified
opensmtpd-7.8.0p0.tar.gz: OK
If you don't get an OK message, then something is not right and you should not
install without first understanding why it failed.
Support:
========
You are encouraged to register to our general purpose mailing-list:
http://www.opensmtpd.org/list.html
The "Official" IRC channel for the project is at:
#opensmtpd @ irc.libera.chat
Support us:
===========
The project is maintained by volunteers, you can support us by:
- donating time to help test development branch during development cycle
- donating money to either one of the OpenBSD or OpenSMTPD project
- sponsoring developers through direct donations or patreon
- sponsoring developers through contracts to write features
Get in touch with us by e-mail or on IRC for more informations.
Reporting Bugs:
===============
Please read http://www.opensmtpd.org/report.html
Security bugs should be reported directly to security@opensmtpd.org
Other bugs may be reported to bugs@opensmtpd.org
Thursday, October 30, 2025
LibreSSL 4.1.2 and 4.2.1 released
We have released LibreSSL 4.2.1 and 4.1.2, which are available in the
LibreSSL directory of your local OpenBSD mirror.
They include the following change from the previous release:
* Reliability fix
- Ensure the group selected by a TLSv1.3 server for a
HelloRetryRequest is not one for which the client has
already sent a key share.
Thanks to dzwdz for identifying and reporting the issue.
LibreSSL 4.2.1 also includes:
* Portable changes
- Add missing files for Windows to the release tarball
Thanks to Markus Friedl and Tess Gauthier.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
LibreSSL directory of your local OpenBSD mirror.
They include the following change from the previous release:
* Reliability fix
- Ensure the group selected by a TLSv1.3 server for a
HelloRetryRequest is not one for which the client has
already sent a key share.
Thanks to dzwdz for identifying and reporting the issue.
LibreSSL 4.2.1 also includes:
* Portable changes
- Add missing files for Windows to the release tarball
Thanks to Markus Friedl and Tess Gauthier.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
[USN-7852-1] libxml2 vulnerability
==========================================================================
Ubuntu Security Notice USN-7852-1
October 30, 2025
libxml2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
libxml2 could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- libxml2: GNOME XML library
Details:
It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libxml2 2.12.7+dfsg+really2.9.14-0.4ubuntu0.4
python3-libxml2 2.12.7+dfsg+really2.9.14-0.4ubuntu0.4
Ubuntu 24.04 LTS
libxml2 2.9.14+dfsg-1.3ubuntu3.6
python3-libxml2 2.9.14+dfsg-1.3ubuntu3.6
Ubuntu 22.04 LTS
libxml2 2.9.13+dfsg-1ubuntu0.10
python3-libxml2 2.9.13+dfsg-1ubuntu0.10
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7852-1
CVE-2025-7425
Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.12.7+dfsg+really2.9.14-0.4ubuntu0.4
https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-1.3ubuntu3.6
https://launchpad.net/ubuntu/+source/libxml2/2.9.13+dfsg-1ubuntu0.10
Ubuntu Security Notice USN-7852-1
October 30, 2025
libxml2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
libxml2 could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- libxml2: GNOME XML library
Details:
It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libxml2 2.12.7+dfsg+really2.9.14-0.4ubuntu0.4
python3-libxml2 2.12.7+dfsg+really2.9.14-0.4ubuntu0.4
Ubuntu 24.04 LTS
libxml2 2.9.14+dfsg-1.3ubuntu3.6
python3-libxml2 2.9.14+dfsg-1.3ubuntu3.6
Ubuntu 22.04 LTS
libxml2 2.9.13+dfsg-1ubuntu0.10
python3-libxml2 2.9.13+dfsg-1ubuntu0.10
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7852-1
CVE-2025-7425
Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.12.7+dfsg+really2.9.14-0.4ubuntu0.4
https://launchpad.net/ubuntu/+source/libxml2/2.9.14+dfsg-1.3ubuntu3.6
https://launchpad.net/ubuntu/+source/libxml2/2.9.13+dfsg-1ubuntu0.10
[USN-7854-1] Linux kernel (KVM) vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkDxrQFAwAAAAAACgkQZ0GeRcM5nt2n
oggArzKql5i5OC/Vse63KXxM8PzW5xcocRGBY93uJH+jxrYieO2YJl/Vbg6Fe/OoIdPmQtqSME/r
IalHq/Fdba45P6wjFNDVWprQ+aoutD+OlkKIehl3mhCqUxwXg0JzWVxVwp1LjHftLjK++Nuv+hXp
BKPFroDYSmndS0d0T9eDSwvl94jJn7Oc23R3LcvE2m/rEKzq71FuZ9nVRFmvkDoK6Caxkrsg7KeV
vSnvPnWndpa4JkyAT7J6hjnhMcQM1iva6XisHnzi+QADDtLOeBfDIwefS80my2jRs1x8FfdayEr5
2krbmT1PyrgmOWw/mjVtSorylwtmP9ztuLEG4Txy0g==
=5fkx
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7854-1
October 30, 2025
linux-kvm vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-kvm: Linux kernel for cloud environments
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Framebuffer layer;
- BTRFS file system;
- Ext4 file system;
- Network file system (NFS) server daemon;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- Packet sockets;
- Network traffic control;
- SCTP protocol;
- VMware vSockets driver;
- USB sound devices;
(CVE-2023-52574, CVE-2023-52650, CVE-2024-35849, CVE-2024-41006,
CVE-2024-49924, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124,
CVE-2024-53150, CVE-2024-56767, CVE-2025-21796, CVE-2025-37785,
CVE-2025-37838, CVE-2025-38352, CVE-2025-38477, CVE-2025-38617,
CVE-2025-38618)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1168-kvm 4.15.0-1168.173
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1168.159
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7854-1
CVE-2023-52574, CVE-2023-52650, CVE-2024-35849, CVE-2024-41006,
CVE-2024-49924, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124,
CVE-2024-53150, CVE-2024-56767, CVE-2025-21796, CVE-2025-37785,
CVE-2025-37838, CVE-2025-38352, CVE-2025-38477, CVE-2025-38617,
CVE-2025-38618, CVE-2025-40300
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkDxrQFAwAAAAAACgkQZ0GeRcM5nt2n
oggArzKql5i5OC/Vse63KXxM8PzW5xcocRGBY93uJH+jxrYieO2YJl/Vbg6Fe/OoIdPmQtqSME/r
IalHq/Fdba45P6wjFNDVWprQ+aoutD+OlkKIehl3mhCqUxwXg0JzWVxVwp1LjHftLjK++Nuv+hXp
BKPFroDYSmndS0d0T9eDSwvl94jJn7Oc23R3LcvE2m/rEKzq71FuZ9nVRFmvkDoK6Caxkrsg7KeV
vSnvPnWndpa4JkyAT7J6hjnhMcQM1iva6XisHnzi+QADDtLOeBfDIwefS80my2jRs1x8FfdayEr5
2krbmT1PyrgmOWw/mjVtSorylwtmP9ztuLEG4Txy0g==
=5fkx
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7854-1
October 30, 2025
linux-kvm vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-kvm: Linux kernel for cloud environments
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Framebuffer layer;
- BTRFS file system;
- Ext4 file system;
- Network file system (NFS) server daemon;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- Packet sockets;
- Network traffic control;
- SCTP protocol;
- VMware vSockets driver;
- USB sound devices;
(CVE-2023-52574, CVE-2023-52650, CVE-2024-35849, CVE-2024-41006,
CVE-2024-49924, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124,
CVE-2024-53150, CVE-2024-56767, CVE-2025-21796, CVE-2025-37785,
CVE-2025-37838, CVE-2025-38352, CVE-2025-38477, CVE-2025-38617,
CVE-2025-38618)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1168-kvm 4.15.0-1168.173
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1168.159
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7854-1
CVE-2023-52574, CVE-2023-52650, CVE-2024-35849, CVE-2024-41006,
CVE-2024-49924, CVE-2024-50006, CVE-2024-50299, CVE-2024-53124,
CVE-2024-53150, CVE-2024-56767, CVE-2025-21796, CVE-2025-37785,
CVE-2025-37838, CVE-2025-38352, CVE-2025-38477, CVE-2025-38617,
CVE-2025-38618, CVE-2025-40300
[USN-7853-2] Linux kernel (FIPS) vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkDxp8FAwAAAAAACgkQZ0GeRcM5nt3R
VggAjGMBTtufZ0FNN65JwH2usfEAEdxM7vl725ZtynMH9DoWFd/kx44+hHWri1+zOv/wfz163pGJ
0479d53LKMS0+S9WBJpPgixNrbtdzX9y1P/eRxwdA3c/rJBGBGFUogdBlaelHwin+l0IS3wns8Eb
kzQ7VscPZ2Zrt565UDfCeB/3TFSd/MdjJ/qbCM2zja3S+57dqRgcfQPnAjJQX803cFzjGeiG3x8V
em9Ef9DUj7jjkjYCP48bnqYiR+1fd14vUvgwpd4qMyBKRo8oJVlfEME8lrKgjFhrKfEFfIR53UmH
05eBsMJRJbiEOk38WdAz/nydI5YbP1MflMPvw0MgoA==
=sDYq
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7853-2
October 30, 2025
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- SCTP protocol;
- USB sound devices;
(CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1141-fips 4.15.0-1141.153
Available with Ubuntu Pro
linux-image-4.15.0-2087-gcp-fips 4.15.0-2087.93
Available with Ubuntu Pro
linux-image-4.15.0-2124-aws-fips 4.15.0-2124.130
Available with Ubuntu Pro
linux-image-aws-fips 4.15.0.2124.118
Available with Ubuntu Pro
linux-image-aws-fips-4.15 4.15.0.2124.118
Available with Ubuntu Pro
linux-image-fips 4.15.0.1141.138
Available with Ubuntu Pro
linux-image-gcp-fips 4.15.0.2087.85
Available with Ubuntu Pro
linux-image-gcp-fips-4.15 4.15.0.2087.85
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7853-2
https://ubuntu.com/security/notices/USN-7853-1
CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352, CVE-2025-40300
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/4.15.0-2124.130
https://launchpad.net/ubuntu/+source/linux-fips/4.15.0-1141.153
https://launchpad.net/ubuntu/+source/linux-gcp-fips/4.15.0-2087.93
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkDxp8FAwAAAAAACgkQZ0GeRcM5nt3R
VggAjGMBTtufZ0FNN65JwH2usfEAEdxM7vl725ZtynMH9DoWFd/kx44+hHWri1+zOv/wfz163pGJ
0479d53LKMS0+S9WBJpPgixNrbtdzX9y1P/eRxwdA3c/rJBGBGFUogdBlaelHwin+l0IS3wns8Eb
kzQ7VscPZ2Zrt565UDfCeB/3TFSd/MdjJ/qbCM2zja3S+57dqRgcfQPnAjJQX803cFzjGeiG3x8V
em9Ef9DUj7jjkjYCP48bnqYiR+1fd14vUvgwpd4qMyBKRo8oJVlfEME8lrKgjFhrKfEFfIR53UmH
05eBsMJRJbiEOk38WdAz/nydI5YbP1MflMPvw0MgoA==
=sDYq
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7853-2
October 30, 2025
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- SCTP protocol;
- USB sound devices;
(CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1141-fips 4.15.0-1141.153
Available with Ubuntu Pro
linux-image-4.15.0-2087-gcp-fips 4.15.0-2087.93
Available with Ubuntu Pro
linux-image-4.15.0-2124-aws-fips 4.15.0-2124.130
Available with Ubuntu Pro
linux-image-aws-fips 4.15.0.2124.118
Available with Ubuntu Pro
linux-image-aws-fips-4.15 4.15.0.2124.118
Available with Ubuntu Pro
linux-image-fips 4.15.0.1141.138
Available with Ubuntu Pro
linux-image-gcp-fips 4.15.0.2087.85
Available with Ubuntu Pro
linux-image-gcp-fips-4.15 4.15.0.2087.85
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7853-2
https://ubuntu.com/security/notices/USN-7853-1
CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352, CVE-2025-40300
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/4.15.0-2124.130
https://launchpad.net/ubuntu/+source/linux-fips/4.15.0-1141.153
https://launchpad.net/ubuntu/+source/linux-gcp-fips/4.15.0-2087.93
[USN-7850-1] Linux kernel vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkDxmYFAwAAAAAACgkQZ0GeRcM5nt3N
5wf9FpJ4DeiuM0oC+RFrTJbpvLKmFmOlNpZtymoIFOsCbCDMLc/QbDjNmfWHZyAtpLg8sAIm9Pbv
doEpO3mHg5vETJumVA4UPfssX4gf1FFBqIUso8lrfoJEx1njniBzCT2McwPSwRoUTisn4sCmolK+
s95fKL/IknRNoxPMkCOBFtn4bLK2tuetaL9lUNOMbn3qAPCAr4rYuRY3Y27Gnr/KdZXdQJUDcsUG
v7rYoO7h5rGJGyQ+89uYX7Je7Ydiu0LbqqmEaHPWoJSQu7ZD/iRrcFT0LDrSIrlUiiyWnZOPWgms
qFovwzTymQIs35E2U7bFp97a1+6hI1741W67WOa22Q==
=0AoB
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7850-1
October 30, 2025
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
A security issues was discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
- USB sound devices;
(CVE-2024-53150)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
linux-image-3.13.0-208-generic 3.13.0-208.259
Available with Ubuntu Pro
linux-image-3.13.0-208-lowlatency 3.13.0-208.259
Available with Ubuntu Pro
linux-image-generic 3.13.0.208.218
Available with Ubuntu Pro
linux-image-generic-lts-trusty 3.13.0.208.218
Available with Ubuntu Pro
linux-image-lowlatency 3.13.0.208.218
Available with Ubuntu Pro
linux-image-server 3.13.0.208.218
Available with Ubuntu Pro
linux-image-virtual 3.13.0.208.218
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7850-1
CVE-2024-53150, CVE-2025-40300
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkDxmYFAwAAAAAACgkQZ0GeRcM5nt3N
5wf9FpJ4DeiuM0oC+RFrTJbpvLKmFmOlNpZtymoIFOsCbCDMLc/QbDjNmfWHZyAtpLg8sAIm9Pbv
doEpO3mHg5vETJumVA4UPfssX4gf1FFBqIUso8lrfoJEx1njniBzCT2McwPSwRoUTisn4sCmolK+
s95fKL/IknRNoxPMkCOBFtn4bLK2tuetaL9lUNOMbn3qAPCAr4rYuRY3Y27Gnr/KdZXdQJUDcsUG
v7rYoO7h5rGJGyQ+89uYX7Je7Ydiu0LbqqmEaHPWoJSQu7ZD/iRrcFT0LDrSIrlUiiyWnZOPWgms
qFovwzTymQIs35E2U7bFp97a1+6hI1741W67WOa22Q==
=0AoB
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7850-1
October 30, 2025
linux vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
A security issues was discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
- USB sound devices;
(CVE-2024-53150)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
linux-image-3.13.0-208-generic 3.13.0-208.259
Available with Ubuntu Pro
linux-image-3.13.0-208-lowlatency 3.13.0-208.259
Available with Ubuntu Pro
linux-image-generic 3.13.0.208.218
Available with Ubuntu Pro
linux-image-generic-lts-trusty 3.13.0.208.218
Available with Ubuntu Pro
linux-image-lowlatency 3.13.0.208.218
Available with Ubuntu Pro
linux-image-server 3.13.0.208.218
Available with Ubuntu Pro
linux-image-virtual 3.13.0.208.218
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7850-1
CVE-2024-53150, CVE-2025-40300
[USN-7853-1] Linux kernel vulnerabilities
-----BEGIN PGP SIGNATURE-----
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkDxoUFAwAAAAAACgkQZ0GeRcM5nt2D
XggAhGg9SP73DbQxBB/yeDfIWwF2o0XJLQ+SHY1546wdenqqwUHaAdX/qky9RdKnrSRDfmF2EPKx
TpfGdPIhoSVy25S844Ki8DdfztVeCEFg3Kjlmx+ponaLQqHp5cvJOVygGJWTcH7VQ5LMUZr9fYbG
KzEVON1FqEbHfB+ufR+m9MYR21SkXSTypwQdzefexKTS+4tDRJTsboJO9mHbW7+VFYoh5tvnfnMh
KivmZZM1+8gQHx3hrFJBrW26GiUBtFrBcZNZnF/Gcrf3sijOJ1vpgeKx2a8U4uAI0J3nuEDyhv9Z
cANDH/V7e5TngKq/b35kxHkJK+iqIegp4UjfWIRHcA==
=ht8X
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7853-1
October 30, 2025
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- SCTP protocol;
- USB sound devices;
(CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1148-oracle 4.15.0-1148.159
Available with Ubuntu Pro
linux-image-4.15.0-1179-gcp 4.15.0-1179.196
Available with Ubuntu Pro
linux-image-4.15.0-1186-aws 4.15.0-1186.199
Available with Ubuntu Pro
linux-image-4.15.0-243-generic 4.15.0-243.255
Available with Ubuntu Pro
linux-image-4.15.0-243-lowlatency 4.15.0-243.255
Available with Ubuntu Pro
linux-image-aws-4.15 4.15.0.1186.184
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1186.184
Available with Ubuntu Pro
linux-image-gcp-4.15 4.15.0.1179.192
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1179.192
Available with Ubuntu Pro
linux-image-generic 4.15.0.243.227
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.243.227
Available with Ubuntu Pro
linux-image-oracle-4.15 4.15.0.1148.153
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1148.153
Available with Ubuntu Pro
linux-image-virtual 4.15.0.243.227
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1179-gcp 4.15.0-1179.196~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1186-aws 4.15.0-1186.199~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-243-generic 4.15.0-243.255~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-243-lowlatency 4.15.0-243.255~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1186.199~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1179.196~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1179.196~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7853-1
CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352, CVE-2025-40300
wsB5BAABCAAjFiEEYrygdx1GDec9TV8EZ0GeRcM5nt0FAmkDxoUFAwAAAAAACgkQZ0GeRcM5nt2D
XggAhGg9SP73DbQxBB/yeDfIWwF2o0XJLQ+SHY1546wdenqqwUHaAdX/qky9RdKnrSRDfmF2EPKx
TpfGdPIhoSVy25S844Ki8DdfztVeCEFg3Kjlmx+ponaLQqHp5cvJOVygGJWTcH7VQ5LMUZr9fYbG
KzEVON1FqEbHfB+ufR+m9MYR21SkXSTypwQdzefexKTS+4tDRJTsboJO9mHbW7+VFYoh5tvnfnMh
KivmZZM1+8gQHx3hrFJBrW26GiUBtFrBcZNZnF/Gcrf3sijOJ1vpgeKx2a8U4uAI0J3nuEDyhv9Z
cANDH/V7e5TngKq/b35kxHkJK+iqIegp4UjfWIRHcA==
=ht8X
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7853-1
October 30, 2025
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- SCTP protocol;
- USB sound devices;
(CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1148-oracle 4.15.0-1148.159
Available with Ubuntu Pro
linux-image-4.15.0-1179-gcp 4.15.0-1179.196
Available with Ubuntu Pro
linux-image-4.15.0-1186-aws 4.15.0-1186.199
Available with Ubuntu Pro
linux-image-4.15.0-243-generic 4.15.0-243.255
Available with Ubuntu Pro
linux-image-4.15.0-243-lowlatency 4.15.0-243.255
Available with Ubuntu Pro
linux-image-aws-4.15 4.15.0.1186.184
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1186.184
Available with Ubuntu Pro
linux-image-gcp-4.15 4.15.0.1179.192
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1179.192
Available with Ubuntu Pro
linux-image-generic 4.15.0.243.227
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.243.227
Available with Ubuntu Pro
linux-image-oracle-4.15 4.15.0.1148.153
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1148.153
Available with Ubuntu Pro
linux-image-virtual 4.15.0.243.227
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1179-gcp 4.15.0-1179.196~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1186-aws 4.15.0-1186.199~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-243-generic 4.15.0-243.255~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-243-lowlatency 4.15.0-243.255~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1186.199~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1179.196~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1179.196~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.243.255~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7853-1
CVE-2023-52574, CVE-2023-52650, CVE-2024-41006, CVE-2024-50006,
CVE-2024-50299, CVE-2024-53124, CVE-2024-53150, CVE-2024-56767,
CVE-2025-37838, CVE-2025-38352, CVE-2025-40300
OpenBSD Errata: October 31, 2025 (smtpd)
Errata patches for smtpd have been released for OpenBSD 7.7 and 7.8.
Binary updates for the amd64, arm64 and i386 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata77.html
https://www.openbsd.org/errata78.html
Binary updates for the amd64, arm64 and i386 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata77.html
https://www.openbsd.org/errata78.html
[USN-7844-1] YAML::Syck vulnerability
==========================================================================
Ubuntu Security Notice USN-7844-1
October 28, 2025
libyaml-syck-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
The system could be made to expose sensitive information.
Software Description:
- libyaml-syck-perl: Perl module providing a fast, lightweight YAML loader and dumper
Details:
It was discovered that YAML::Syck did not properly handle parsing YAML
files. An attacker could possibly use this issue to expose sensitive
information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libyaml-syck-perl 1.34-3ubuntu0.1
Ubuntu 25.04
libyaml-syck-perl 1.34-2ubuntu0.25.04.1
Ubuntu 24.04 LTS
libyaml-syck-perl 1.34-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libyaml-syck-perl 1.34-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libyaml-syck-perl 1.31-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libyaml-syck-perl 1.29-1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libyaml-syck-perl 1.29-1ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7844-1
CVE-2025-11683
Package Information:
https://launchpad.net/ubuntu/+source/libyaml-syck-perl/1.34-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libyaml-syck-perl/1.34-2ubuntu0.25.04.1
Ubuntu Security Notice USN-7844-1
October 28, 2025
libyaml-syck-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
The system could be made to expose sensitive information.
Software Description:
- libyaml-syck-perl: Perl module providing a fast, lightweight YAML loader and dumper
Details:
It was discovered that YAML::Syck did not properly handle parsing YAML
files. An attacker could possibly use this issue to expose sensitive
information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libyaml-syck-perl 1.34-3ubuntu0.1
Ubuntu 25.04
libyaml-syck-perl 1.34-2ubuntu0.25.04.1
Ubuntu 24.04 LTS
libyaml-syck-perl 1.34-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libyaml-syck-perl 1.34-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libyaml-syck-perl 1.31-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libyaml-syck-perl 1.29-1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libyaml-syck-perl 1.29-1ubuntu0.16.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7844-1
CVE-2025-11683
Package Information:
https://launchpad.net/ubuntu/+source/libyaml-syck-perl/1.34-3ubuntu0.1
https://launchpad.net/ubuntu/+source/libyaml-syck-perl/1.34-2ubuntu0.25.04.1
Subscribe to:
Comments (Atom)