==========================================================================
Ubuntu Security Notice USN-7786-1
September 30, 2025
openssl, openssl1.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
- openssl1.0: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Stanislav Fort discovered that OpenSSL incorrectly handled memory when
trying to decrypt CMS messages encrypted with password-based encryption. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2025-9230)
Stanislav Fort discovered that OpenSSL had a timing side-channel in SM2
signature computations on ARM platforms. A remote attacker could possibly
use this issue to recover private data. This issue only affected Ubuntu
25.04. (CVE-2025-9231)
Stanislav Fort discovered that OpenSSL incorrectly handled memory during
HTTP requests when "no_proxy" environment variable is set. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 25.04. (CVE-2025-9232)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libssl3t64 3.4.1-1ubuntu4
openssl 3.4.1-1ubuntu4
Ubuntu 24.04 LTS
libssl3t64 3.0.13-0ubuntu3.6
openssl 3.0.13-0ubuntu3.6
Ubuntu 22.04 LTS
libssl3 3.0.2-0ubuntu1.20
openssl 3.0.2-0ubuntu1.20
Ubuntu 20.04 LTS
libssl1.1 1.1.1f-1ubuntu2.24+esm1
Available with Ubuntu Pro
openssl 1.1.1f-1ubuntu2.24+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libssl1.0.0 1.0.2n-1ubuntu5.13+esm2
Available with Ubuntu Pro
libssl1.1 1.1.1-1ubuntu2.1~18.04.23+esm6
Available with Ubuntu Pro
openssl 1.1.1-1ubuntu2.1~18.04.23+esm6
Available with Ubuntu Pro
openssl1.0 1.0.2n-1ubuntu5.13+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libssl1.0.0 1.0.2g-1ubuntu4.20+esm13
Available with Ubuntu Pro
openssl 1.0.2g-1ubuntu4.20+esm13
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libssl1.0.0 1.0.1f-1ubuntu2.27+esm11
Available with Ubuntu Pro
openssl 1.0.1f-1ubuntu2.27+esm11
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7786-1
CVE-2025-9230, CVE-2025-9231, CVE-2025-9232
Package Information:
https://launchpad.net/ubuntu/+source/openssl/3.4.1-1ubuntu4
https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.6
https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.20
Tuesday, September 30, 2025
FreeBSD 14.2 end-of-life
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear FreeBSD community,
As of October 1st, 2025, FreeBSD 14.2 will reach end-of-life (EoL) and will no
longer be supported by the FreeBSD Security Team. Users of FreeBSD 14.2 are
strongly encouraged to upgrade to a newer release as soon as possible.
On October 1st, the currently supported branches and releases and their
expected end-of-life dates will be:
+--------------------------------------------------------------------------+
| Branch | Release | Release Date | Expected EoL |
+-------------+--------------+--------------------+------------------------+
| stable/14 | N/A | N/A | November 30, 2028 |
+-------------+--------------+--------------------+------------------------+
| releng/14.3 | 14.3-RELEASE | June 10, 2025 | June 30, 2026 |
+-------------+--------------+--------------------+------------------------+
| stable/13 | N/A | N/A | April 30, 2026 |
+-------------+--------------+--------------------+------------------------+
| releng/13.5 | 13.5-RELEASE | March 11, 2025 | April 30, 2026 |
+--------------------------------------------------------------------------+
Please refer to https://security.freebsd.org/ for an up-to-date list of
supported releases and the latest security advisories.
- --
The FreeBSD Security Team
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjcC6wACgkQbljekB8A
Gu/hmw/7BH47G9cmu5qWHqyR5KW9CSUi/eR4cylxR225LwfYr2Gbq89CvVxDlwC5
DzsQpkRhdYBjX67su7B0qIZThRAiaMDfQ4hUdRQKU4iPjgsjr4UfH2Z1gO69HxFe
OXZn1tg7MP6GQHKwx0EP31M9U8qBKxyHD70HxA2BfPZ/cp1JprAA9UFG2eNCPcRj
qp2ZGY4YSm1Mff+VALoKvv+sS09C1sB7TlsmXIhRa1y0in4x5lsH+8wvkj8hWiuQ
ovpKNFLCzZsu7x96RErghOjUr1rMEeHiTw29mTHtl3SjNwfbv3DV3hFyD/SoHlsR
nAhprEJWJxv1NvAkYpUzX6kPIVazafoYmtBa9Ej/Ltd1rsWoZF/HPHaoRXaGV256
Mkce9UskfNJQcK0BJxuDCxyAhQW44BSGFX/ujyUpu7r2soYLKSXx0Up2Xbd69CXt
oelNslKcFILyB0eNBuANSNxOiGAKfHtbXrrDjO6IF8SnbLata+z/5VlKJV0xify/
KFVVeRzddms6Cvs8oo6lq+44X3oZ+PtENei0mW4rtHWL41h0jGUccL9EzBD5Io7+
p6pzwtsI03U9lB6Y5r5WPLXm2oht21EjrWVQ66cVUUVldEe8JGdBIqJigH1P3soX
MnezzyCjBGR0iso07EEcHb0TeJY4Zsl/faZiWweMCQCMFdVFvCM=
=Sk65
-----END PGP SIGNATURE-----
Hash: SHA512
Dear FreeBSD community,
As of October 1st, 2025, FreeBSD 14.2 will reach end-of-life (EoL) and will no
longer be supported by the FreeBSD Security Team. Users of FreeBSD 14.2 are
strongly encouraged to upgrade to a newer release as soon as possible.
On October 1st, the currently supported branches and releases and their
expected end-of-life dates will be:
+--------------------------------------------------------------------------+
| Branch | Release | Release Date | Expected EoL |
+-------------+--------------+--------------------+------------------------+
| stable/14 | N/A | N/A | November 30, 2028 |
+-------------+--------------+--------------------+------------------------+
| releng/14.3 | 14.3-RELEASE | June 10, 2025 | June 30, 2026 |
+-------------+--------------+--------------------+------------------------+
| stable/13 | N/A | N/A | April 30, 2026 |
+-------------+--------------+--------------------+------------------------+
| releng/13.5 | 13.5-RELEASE | March 11, 2025 | April 30, 2026 |
+--------------------------------------------------------------------------+
Please refer to https://security.freebsd.org/ for an up-to-date list of
supported releases and the latest security advisories.
- --
The FreeBSD Security Team
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjcC6wACgkQbljekB8A
Gu/hmw/7BH47G9cmu5qWHqyR5KW9CSUi/eR4cylxR225LwfYr2Gbq89CvVxDlwC5
DzsQpkRhdYBjX67su7B0qIZThRAiaMDfQ4hUdRQKU4iPjgsjr4UfH2Z1gO69HxFe
OXZn1tg7MP6GQHKwx0EP31M9U8qBKxyHD70HxA2BfPZ/cp1JprAA9UFG2eNCPcRj
qp2ZGY4YSm1Mff+VALoKvv+sS09C1sB7TlsmXIhRa1y0in4x5lsH+8wvkj8hWiuQ
ovpKNFLCzZsu7x96RErghOjUr1rMEeHiTw29mTHtl3SjNwfbv3DV3hFyD/SoHlsR
nAhprEJWJxv1NvAkYpUzX6kPIVazafoYmtBa9Ej/Ltd1rsWoZF/HPHaoRXaGV256
Mkce9UskfNJQcK0BJxuDCxyAhQW44BSGFX/ujyUpu7r2soYLKSXx0Up2Xbd69CXt
oelNslKcFILyB0eNBuANSNxOiGAKfHtbXrrDjO6IF8SnbLata+z/5VlKJV0xify/
KFVVeRzddms6Cvs8oo6lq+44X3oZ+PtENei0mW4rtHWL41h0jGUccL9EzBD5Io7+
p6pzwtsI03U9lB6Y5r5WPLXm2oht21EjrWVQ66cVUUVldEe8JGdBIqJigH1P3soX
MnezzyCjBGR0iso07EEcHb0TeJY4Zsl/faZiWweMCQCMFdVFvCM=
=Sk65
-----END PGP SIGNATURE-----
FreeBSD Security Advisory FreeBSD-SA-25:08.openssl
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-25:08.openssl Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSL
Category: contrib
Module: openssl
Announced: 2025-09-30
Credits: Stanislav Fort (Aisle Research)
Affects: All supported versions of FreeBSD.
Corrected: 2025-09-30 15:26:14 UTC (stable/15, 15.0-ALPHA4)
2025-09-30 15:28:38 UTC (stable/14, 14.3-STABLE)
2025-09-30 15:37:16 UTC (releng/14.3, 14.3-RELEASE-p4)
2025-09-30 15:37:25 UTC (releng/14.2, 14.2-RELEASE-p7)
2025-09-30 15:30:02 UTC (stable/13, 13.5-STABLE)
2025-09-30 15:37:35 UTC (releng/13.5, 13.5-RELEASE-p5)
CVE Name: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a
collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit for the Transport Layer Security (TLS) protocol. It is
also a general-purpose cryptography library.
II. Problem Description
* Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
Affects: FreeBSD 15.x, 14.x, and 13.x
An application trying to decrypt cryptographic message syntax (CMS) messages
encrypted using password based encryption can trigger an out-of-bounds read
and write.
* Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231)
Affects: FreeBSD 15.x only
A timing side-channel which could potentially allow remote recovery of the
private key exists in the SM2 algorithm implementation on 64-bit ARM
platforms.
* Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232)
Affects: FreeBSD 15.x and 14.x only
An application using the OpenSSL HTTP client API functions may trigger an
out-of-bounds read if the "no_proxy" environment variable is set and the host
portion of the authority component of the HTTP URL is an IPv6 address.
III. Impact
* Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
Affects: FreeBSD 15.x, 14.x, and 13.x
The out-of-bounds read may trigger a crash which leads to denial of service
for an application. The out-of-bounds write can cause a memory corruption
which can have various consequences including a denial of service or
execution of attacker-supplied code.
Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that an attacker would be able to
perform it is low. Password based (PWRI) encryption support in CMS
messages is very rarely used.
* Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231)
Affects: FreeBSD 15.x only
A timing side-channel in SM2 signature computations on 64 bit ARM platforms
could allow recovering the private key by an attacker.
OpenSSL does not directly support certificates with SM2 keys in TLS, and so
this CVE is not relevant in most TLS contexts. However, it is possible to
add support for such certificates via a custom provider.
* Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232)
Affects: FreeBSD 15.x and 14.x only
An out-of-bounds read can trigger a crash which leads to denial of service
for an application.
The OpenSSL HTTP client API functions can be used directly by applications
but they are also used by the OCSP client functions and CMP (Certificate
Management Protocol) client implementation in OpenSSL. However the URLs used
by these implementations are unlikely to be controlled by an attacker.
In this vulnerable code the out of bounds read can only trigger a crash.
Furthermore the vulnerability requires an attacker-controlled URL to be
passed from an application to the OpenSSL function and the user has to have
a "no_proxy" environment variable set.
IV. Workaround
No workaround is available. Several of the issues have mitigating factors.
Please see the Impact section for more details.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 15.x]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-15.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-15.patch.asc
# gpg --verify openssl-15.patch.asc
[FreeBSD 14.x]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-14.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-14.patch.asc
# gpg --verify openssl-14.patch.asc
[FreeBSD 13.5]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-13.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-13.patch.asc
# gpg --verify openssl-13.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all daemons that use the library, or reboot the system.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/15/ 4d6fd774b5b3 stable/15-n280387
stable/14/ 270158508d7c stable/14-n272541
releng/14.3/ 75d258af9fe9 releng/14.3-n271446
releng/14.2/ 6a0d914d9c3e releng/14.2-n269537
stable/13/ c0dbaf2b5dbd stable/13-n259448
releng/13.5/ ae7c74cfa531 releng/13.5-n259178
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<URL:https://openssl-library.org/news/secadv/20250930.txt>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9231>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-25:08.openssl.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjb+z4ACgkQbljekB8A
Gu8kgA//TsqChpypUuth9KRbWpU0noUkxkbIS1CI1YYRmZn6GF52YNhe9enKN4Gc
PeUSZOsfbABv0UGfUPbaD4VifGni/ss/bhSK5nzmfbOLDbnOX1oodLVNhspDjv9K
kJPz7C3zzUrNchCZzDRvrulMXeoYOKmqY/Mc0VViXqeg2k6IqXlCPm62jFc4Glpw
g0pvTyXNhbebuP/XGGYq4nQW2ZUX+Z6yvKqCn8d/7YHRRb48KP7c5LCryUU3UdQa
pjcHX0U8dYsJlQIqWH7HPn9RrWX87EN5v7csZN+fV030lgtnsTsFRK3TxrdTTvxt
JgyNQVXy/RTmd1tQLo1dVZRjdav5MBYVBxgmweL54VcPYngTZWjEY7HjUr0WWU32
1Fhf7Bs4q+vWalDkyA8nxyXPG4Lq018yRRxwKebsRy2fm5SqlJSK5g7TNRvo0QfM
LnfZItuya9flw6r3I9ypjKaY1WAz5Kzt83yr2be7GzLEDCuCd882JeYwmqyRnUKQ
+/IPbE7VM3oK7lzJfVuKyRxWPXWLxAaEDKNTafSNWfsz/TolyBxsF6obYaZOkw1C
mstsaaMnHdV9+GktwavCRVV6M0WK4o7xvn1nUSHPwKWpq4dfjH7syujeO483+pz3
tZoLEkWhaNn3KmIQKbl+t+CjzDRoshzZg6Xl1UVoZvrtOyX/IUY=
=nUv2
-----END PGP SIGNATURE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-25:08.openssl Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in OpenSSL
Category: contrib
Module: openssl
Announced: 2025-09-30
Credits: Stanislav Fort (Aisle Research)
Affects: All supported versions of FreeBSD.
Corrected: 2025-09-30 15:26:14 UTC (stable/15, 15.0-ALPHA4)
2025-09-30 15:28:38 UTC (stable/14, 14.3-STABLE)
2025-09-30 15:37:16 UTC (releng/14.3, 14.3-RELEASE-p4)
2025-09-30 15:37:25 UTC (releng/14.2, 14.2-RELEASE-p7)
2025-09-30 15:30:02 UTC (stable/13, 13.5-STABLE)
2025-09-30 15:37:35 UTC (releng/13.5, 13.5-RELEASE-p5)
CVE Name: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a
collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit for the Transport Layer Security (TLS) protocol. It is
also a general-purpose cryptography library.
II. Problem Description
* Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
Affects: FreeBSD 15.x, 14.x, and 13.x
An application trying to decrypt cryptographic message syntax (CMS) messages
encrypted using password based encryption can trigger an out-of-bounds read
and write.
* Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231)
Affects: FreeBSD 15.x only
A timing side-channel which could potentially allow remote recovery of the
private key exists in the SM2 algorithm implementation on 64-bit ARM
platforms.
* Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232)
Affects: FreeBSD 15.x and 14.x only
An application using the OpenSSL HTTP client API functions may trigger an
out-of-bounds read if the "no_proxy" environment variable is set and the host
portion of the authority component of the HTTP URL is an IPv6 address.
III. Impact
* Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
Affects: FreeBSD 15.x, 14.x, and 13.x
The out-of-bounds read may trigger a crash which leads to denial of service
for an application. The out-of-bounds write can cause a memory corruption
which can have various consequences including a denial of service or
execution of attacker-supplied code.
Although the consequences of a successful exploit of this vulnerability
could be severe, the probability that an attacker would be able to
perform it is low. Password based (PWRI) encryption support in CMS
messages is very rarely used.
* Timing side-channel in SM2 algorithm on 64 bit ARM (CVE-2025-9231)
Affects: FreeBSD 15.x only
A timing side-channel in SM2 signature computations on 64 bit ARM platforms
could allow recovering the private key by an attacker.
OpenSSL does not directly support certificates with SM2 keys in TLS, and so
this CVE is not relevant in most TLS contexts. However, it is possible to
add support for such certificates via a custom provider.
* Out-of-bounds read in HTTP client no_proxy handling (CVE-2025-9232)
Affects: FreeBSD 15.x and 14.x only
An out-of-bounds read can trigger a crash which leads to denial of service
for an application.
The OpenSSL HTTP client API functions can be used directly by applications
but they are also used by the OCSP client functions and CMP (Certificate
Management Protocol) client implementation in OpenSSL. However the URLs used
by these implementations are unlikely to be controlled by an attacker.
In this vulnerable code the out of bounds read can only trigger a crash.
Furthermore the vulnerability requires an attacker-controlled URL to be
passed from an application to the OpenSSL function and the user has to have
a "no_proxy" environment variable set.
IV. Workaround
No workaround is available. Several of the issues have mitigating factors.
Please see the Impact section for more details.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 15.x]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-15.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-15.patch.asc
# gpg --verify openssl-15.patch.asc
[FreeBSD 14.x]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-14.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-14.patch.asc
# gpg --verify openssl-14.patch.asc
[FreeBSD 13.5]
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-13.patch
# fetch https://security.FreeBSD.org/patches/SA-25:08/openssl-13.patch.asc
# gpg --verify openssl-13.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all daemons that use the library, or reboot the system.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/15/ 4d6fd774b5b3 stable/15-n280387
stable/14/ 270158508d7c stable/14-n272541
releng/14.3/ 75d258af9fe9 releng/14.3-n271446
releng/14.2/ 6a0d914d9c3e releng/14.2-n269537
stable/13/ c0dbaf2b5dbd stable/13-n259448
releng/13.5/ ae7c74cfa531 releng/13.5-n259178
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<URL:https://openssl-library.org/news/secadv/20250930.txt>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9231>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9232>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-25:08.openssl.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjb+z4ACgkQbljekB8A
Gu8kgA//TsqChpypUuth9KRbWpU0noUkxkbIS1CI1YYRmZn6GF52YNhe9enKN4Gc
PeUSZOsfbABv0UGfUPbaD4VifGni/ss/bhSK5nzmfbOLDbnOX1oodLVNhspDjv9K
kJPz7C3zzUrNchCZzDRvrulMXeoYOKmqY/Mc0VViXqeg2k6IqXlCPm62jFc4Glpw
g0pvTyXNhbebuP/XGGYq4nQW2ZUX+Z6yvKqCn8d/7YHRRb48KP7c5LCryUU3UdQa
pjcHX0U8dYsJlQIqWH7HPn9RrWX87EN5v7csZN+fV030lgtnsTsFRK3TxrdTTvxt
JgyNQVXy/RTmd1tQLo1dVZRjdav5MBYVBxgmweL54VcPYngTZWjEY7HjUr0WWU32
1Fhf7Bs4q+vWalDkyA8nxyXPG4Lq018yRRxwKebsRy2fm5SqlJSK5g7TNRvo0QfM
LnfZItuya9flw6r3I9ypjKaY1WAz5Kzt83yr2be7GzLEDCuCd882JeYwmqyRnUKQ
+/IPbE7VM3oK7lzJfVuKyRxWPXWLxAaEDKNTafSNWfsz/TolyBxsF6obYaZOkw1C
mstsaaMnHdV9+GktwavCRVV6M0WK4o7xvn1nUSHPwKWpq4dfjH7syujeO483+pz3
tZoLEkWhaNn3KmIQKbl+t+CjzDRoshzZg6Xl1UVoZvrtOyX/IUY=
=nUv2
-----END PGP SIGNATURE-----
FreeBSD Errata Notice FreeBSD-EN-25:18.freebsd-update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-25:18.freebsd-update Errata Notice
The FreeBSD Project
Topic: freebsd-update(8) installs libraries in incorrect order
Category: core
Module: freebsd-update
Announced: 2025-09-30
Credits: Graham Perrin
Affects: All supported versions of FreeBSD.
Corrected: 2025-09-25 19:26:37 UTC (stable/15, 15.0-ALPHA4)
2025-09-25 19:27:06 UTC (stable/14, 14.3-STABLE)
2025-09-30 15:37:15 UTC (releng/14.3, 14.3-RELEASE-p4)
2025-09-30 15:37:24 UTC (releng/14.2, 14.2-RELEASE-p7)
2025-09-25 19:27:34 UTC (stable/13, 13.5-STABLE)
2025-09-30 15:37:34 UTC (releng/13.5, 13.5-RELEASE-p5)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The freebsd-update(8) utility is used to fetch, install, and rollback
binary updates to the FreeBSD base system. In addition to security and
errata updates within a release (its original purpose), freebsd-update(8)
can be used to upgrade to a newer FreeBSD release.
II. Problem Description
When installing updates, freebsd-update(8) did not enforce ordering between
the C standard library ("libc") and the system library ("libsys") which was
introduced in FreeBSD 15.0.
III. Impact
When using freebsd-update(8) to upgrade a system from FreeBSD 13.x or 14.x to
FreeBSD 15.0, freebsd-update(8) would install a new libc which depends on
libsys before the libsys library existed. This resulted in the rest of the
update failing to install and a mostly-unusable system, with only statically
linked binaries (e.g. in /rescue) functioning.
IV. Workaround
No workaround is available, but this misbehaviour only applies to using
freebsd-update(8) to upgrade to FreeBSD 15.0; applying security and errata
updates (including this one) within a release branch is unaffected.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-25:18/freebsd-update.patch
# fetch https://security.FreeBSD.org/patches/EN-25:18/freebsd-update.patch.asc
# gpg --verify freebsd-update.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/15/ 8134e7f4b406 stable/15-n280326
stable/14/ e26928669f39 stable/14-n272484
releng/14.3/ 978e04ff5bcf releng/14.3-n271445
releng/14.2/ 3447fea3523b releng/14.2-n269536
stable/13/ 87eb52f1b061 stable/13-n259445
releng/13.5/ ab91dd76ff72 releng/13.5-n259177
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289769>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:18.freebsd-update.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjb+x0ACgkQbljekB8A
Gu8DQhAAt4nGFTHJcC4dVceeanMY4+p8zUqtrjGP1wO+dgnBbPJuHteMlaK8bi0N
A1f+XRCcbHN7OUZz0k+WgNsFOC583Zg29l+Oe6DvgRzyjUhp7q70/vgEUYbTn2eM
CeXL0GNP9h/UYcqmpot4bO0VvXf9g6qG6qBqYN31eSuDBWcRLLAOzQwbWTLxZYgB
vYDPTqMSOTygGJEiSwGDkywE45N0JvT/GA9kNiu9uh5xL0dQLgwi07BB3+bQ3rNx
hB5sK5EJSa0FcRmpSxXvtQJK5l9eIYkAcFUo0K4/UaSknIFqSOr7j4zS3MOE1PPa
7u+ZJY3SMYg9/YRlRpLs7FGe8t+Oz/1IFgjJ1bJVHZCA55kGaB9toh+wunGsSUHc
+DzPGC0PYmcVLtk75WgjjkofCRCco8Dx3QlLfEUKxzNJFL+LwfE+zi5Pk//GJcr2
V6RipeMNJGc60N/Zz2X95ut/43/tOBFh157oSXnVFdTbDJ7zc16EvjH99IIwlkEy
pasLr0i0XklormpAyUkddA3z57qy3580/sZf07QUHrQJQfy738qPf1QY6ejk560D
INBXdJk5FNJAYiogMrHyK0N1xX5WHk6qbbiAOmSefFCKcB7uL5CPcu6l8D0sAtyP
CbzuTLGqCWiDBT0aLK1xn1MNQMPT4PL7JhWqrSJnQpicgibqAsg=
=8oNH
-----END PGP SIGNATURE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-25:18.freebsd-update Errata Notice
The FreeBSD Project
Topic: freebsd-update(8) installs libraries in incorrect order
Category: core
Module: freebsd-update
Announced: 2025-09-30
Credits: Graham Perrin
Affects: All supported versions of FreeBSD.
Corrected: 2025-09-25 19:26:37 UTC (stable/15, 15.0-ALPHA4)
2025-09-25 19:27:06 UTC (stable/14, 14.3-STABLE)
2025-09-30 15:37:15 UTC (releng/14.3, 14.3-RELEASE-p4)
2025-09-30 15:37:24 UTC (releng/14.2, 14.2-RELEASE-p7)
2025-09-25 19:27:34 UTC (stable/13, 13.5-STABLE)
2025-09-30 15:37:34 UTC (releng/13.5, 13.5-RELEASE-p5)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.
I. Background
The freebsd-update(8) utility is used to fetch, install, and rollback
binary updates to the FreeBSD base system. In addition to security and
errata updates within a release (its original purpose), freebsd-update(8)
can be used to upgrade to a newer FreeBSD release.
II. Problem Description
When installing updates, freebsd-update(8) did not enforce ordering between
the C standard library ("libc") and the system library ("libsys") which was
introduced in FreeBSD 15.0.
III. Impact
When using freebsd-update(8) to upgrade a system from FreeBSD 13.x or 14.x to
FreeBSD 15.0, freebsd-update(8) would install a new libc which depends on
libsys before the libsys library existed. This resulted in the rest of the
update failing to install and a mostly-unusable system, with only statically
linked binaries (e.g. in /rescue) functioning.
IV. Workaround
No workaround is available, but this misbehaviour only applies to using
freebsd-update(8) to upgrade to FreeBSD 15.0; applying security and errata
updates (including this one) within a release branch is unaffected.
V. Solution
Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
Perform one of the following:
1) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
2) To update your system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-25:18/freebsd-update.patch
# fetch https://security.FreeBSD.org/patches/EN-25:18/freebsd-update.patch.asc
# gpg --verify freebsd-update.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/15/ 8134e7f4b406 stable/15-n280326
stable/14/ e26928669f39 stable/14-n272484
releng/14.3/ 978e04ff5bcf releng/14.3-n271445
releng/14.2/ 3447fea3523b releng/14.2-n269536
stable/13/ 87eb52f1b061 stable/13-n259445
releng/13.5/ ab91dd76ff72 releng/13.5-n259177
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat <commit hash>
Or visit the following URL, replacing NNNNNN with the hash:
<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289769>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:18.freebsd-update.asc>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjb+x0ACgkQbljekB8A
Gu8DQhAAt4nGFTHJcC4dVceeanMY4+p8zUqtrjGP1wO+dgnBbPJuHteMlaK8bi0N
A1f+XRCcbHN7OUZz0k+WgNsFOC583Zg29l+Oe6DvgRzyjUhp7q70/vgEUYbTn2eM
CeXL0GNP9h/UYcqmpot4bO0VvXf9g6qG6qBqYN31eSuDBWcRLLAOzQwbWTLxZYgB
vYDPTqMSOTygGJEiSwGDkywE45N0JvT/GA9kNiu9uh5xL0dQLgwi07BB3+bQ3rNx
hB5sK5EJSa0FcRmpSxXvtQJK5l9eIYkAcFUo0K4/UaSknIFqSOr7j4zS3MOE1PPa
7u+ZJY3SMYg9/YRlRpLs7FGe8t+Oz/1IFgjJ1bJVHZCA55kGaB9toh+wunGsSUHc
+DzPGC0PYmcVLtk75WgjjkofCRCco8Dx3QlLfEUKxzNJFL+LwfE+zi5Pk//GJcr2
V6RipeMNJGc60N/Zz2X95ut/43/tOBFh157oSXnVFdTbDJ7zc16EvjH99IIwlkEy
pasLr0i0XklormpAyUkddA3z57qy3580/sZf07QUHrQJQfy738qPf1QY6ejk560D
INBXdJk5FNJAYiogMrHyK0N1xX5WHk6qbbiAOmSefFCKcB7uL5CPcu6l8D0sAtyP
CbzuTLGqCWiDBT0aLK1xn1MNQMPT4PL7JhWqrSJnQpicgibqAsg=
=8oNH
-----END PGP SIGNATURE-----
LibreSSL 4.0.1, 4.1.1 released
We have released LibreSSL 4.0.1 and 4.1.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon.
They include the following changes from LibreSSL 4.0.0 and 4.1.0:
* Bugfixes
- OpenBSD 7.6 errata 023, OpenBSD 7.7 errata 010.
An incorrect length check can result in a 4-byte overwrite and an
8-byte overread.
From Stanislav Fort and Viktor Dukhovni via OpenSSL.
CVE-2025-9230.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
LibreSSL directory of your local OpenBSD mirror soon.
They include the following changes from LibreSSL 4.0.0 and 4.1.0:
* Bugfixes
- OpenBSD 7.6 errata 023, OpenBSD 7.7 errata 010.
An incorrect length check can result in a 4-byte overwrite and an
8-byte overread.
From Stanislav Fort and Viktor Dukhovni via OpenSSL.
CVE-2025-9230.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
OpenBSD Errata: September 30, 2025 (expat libcrypto)
Errata patches for libexpat and libcrypto have been released for
OpenBSD 7.6 and 7.7.
Binary updates for the amd64, arm64 and i386 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata76.html
https://www.openbsd.org/errata77.html
OpenBSD 7.6 and 7.7.
Binary updates for the amd64, arm64 and i386 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata76.html
https://www.openbsd.org/errata77.html
Monday, September 29, 2025
[USN-7785-1] Open VM Tools vulnerability
==========================================================================
Ubuntu Security Notice USN-7785-1
September 29, 2025
open-vm-tools vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Open VM Tools could be made to run programs as an administrator.
Software Description:
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware
Details:
It was discovered that Open VM Tools incorrectly handled permissions with
version checking. An attacker could possibly use this issue to escalate
privileges inside a virtual machine.
This update disables the SDMP get-versions.sh script, so version
information may no longer be made available.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
open-vm-tools 2:12.5.0-1ubuntu0.2
Ubuntu 24.04 LTS
open-vm-tools 2:12.5.0-1~ubuntu0.24.04.2
Ubuntu 22.04 LTS
open-vm-tools 2:12.3.5-3~ubuntu0.22.04.3
Ubuntu 20.04 LTS
open-vm-tools 2:11.3.0-2ubuntu0~ubuntu20.04.8+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7785-1
CVE-2025-41244
Package Information:
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.5.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.5.0-1~ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.3.5-3~ubuntu0.22.04.3
Ubuntu Security Notice USN-7785-1
September 29, 2025
open-vm-tools vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Open VM Tools could be made to run programs as an administrator.
Software Description:
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware
Details:
It was discovered that Open VM Tools incorrectly handled permissions with
version checking. An attacker could possibly use this issue to escalate
privileges inside a virtual machine.
This update disables the SDMP get-versions.sh script, so version
information may no longer be made available.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
open-vm-tools 2:12.5.0-1ubuntu0.2
Ubuntu 24.04 LTS
open-vm-tools 2:12.5.0-1~ubuntu0.24.04.2
Ubuntu 22.04 LTS
open-vm-tools 2:12.3.5-3~ubuntu0.22.04.3
Ubuntu 20.04 LTS
open-vm-tools 2:11.3.0-2ubuntu0~ubuntu20.04.8+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7785-1
CVE-2025-41244
Package Information:
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.5.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.5.0-1~ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.3.5-3~ubuntu0.22.04.3
[USN-7784-1] Rack vulnerability
==========================================================================
Ubuntu Security Notice USN-7784-1
September 29, 2025
ruby-rack vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
Summary:
Rack could be made to crash if it received specially crafted network
traffic.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
It was discovered that Rack incorrectly handled limiting the amount of
parameters. An attacker could possibly use this issue to bypass the
params_limit value, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
ruby-rack 2.2.7-1.1ubuntu0.25.04.3
Ubuntu 24.04 LTS
ruby-rack 2.2.7-1ubuntu0.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7784-1
CVE-2025-59830
Package Information:
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1.1ubuntu0.25.04.3
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.4
Ubuntu Security Notice USN-7784-1
September 29, 2025
ruby-rack vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
Summary:
Rack could be made to crash if it received specially crafted network
traffic.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
It was discovered that Rack incorrectly handled limiting the amount of
parameters. An attacker could possibly use this issue to bypass the
params_limit value, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
ruby-rack 2.2.7-1.1ubuntu0.25.04.3
Ubuntu 24.04 LTS
ruby-rack 2.2.7-1ubuntu0.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7784-1
CVE-2025-59830
Package Information:
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1.1ubuntu0.25.04.3
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.4
[USN-7783-1] LibTIFF vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7783-1
September 29, 2025
tiff vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in LibTIFF.
Software Description:
- tiff: Tag Image File Format (TIFF) library
Details:
Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled
memory when parsing malformed TIFF images. An attacker could possibly use
this issue to cause LibTIFF to crash, resulting in a denial of service.
(CVE-2025-8961)
Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled
memory when parsing malformed TIFF image headers. An attacker could
possibly use this issue to cause LibTIFF to leak memory, resulting in a
denial of service. (CVE-2025-9165)
It was discovered that LibTIFF incorrectly handled memory when parsing
malformed TIFF image metadata. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. (CVE-2025-9900)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libtiff6 4.5.1+git230720-4ubuntu4.2
Ubuntu 24.04 LTS
libtiff6 4.5.1+git230720-4ubuntu2.4
Ubuntu 22.04 LTS
libtiff5 4.3.0-6ubuntu0.12
Ubuntu 20.04 LTS
libtiff5 4.1.0+git191117-2ubuntu0.20.04.14+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libtiff5 4.0.9-5ubuntu0.10+esm9
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libtiff5 4.0.6-1ubuntu0.8+esm19
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libtiff5 4.0.3-7ubuntu0.11+esm16
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7783-1
CVE-2025-8961, CVE-2025-9165, CVE-2025-9900
Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu4.2
https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu2.4
https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.12
Ubuntu Security Notice USN-7783-1
September 29, 2025
tiff vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in LibTIFF.
Software Description:
- tiff: Tag Image File Format (TIFF) library
Details:
Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled
memory when parsing malformed TIFF images. An attacker could possibly use
this issue to cause LibTIFF to crash, resulting in a denial of service.
(CVE-2025-8961)
Xudong Cao and Yuqing Zhang discovered that LibTIFF incorrectly handled
memory when parsing malformed TIFF image headers. An attacker could
possibly use this issue to cause LibTIFF to leak memory, resulting in a
denial of service. (CVE-2025-9165)
It was discovered that LibTIFF incorrectly handled memory when parsing
malformed TIFF image metadata. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. (CVE-2025-9900)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libtiff6 4.5.1+git230720-4ubuntu4.2
Ubuntu 24.04 LTS
libtiff6 4.5.1+git230720-4ubuntu2.4
Ubuntu 22.04 LTS
libtiff5 4.3.0-6ubuntu0.12
Ubuntu 20.04 LTS
libtiff5 4.1.0+git191117-2ubuntu0.20.04.14+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libtiff5 4.0.9-5ubuntu0.10+esm9
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libtiff5 4.0.6-1ubuntu0.8+esm19
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libtiff5 4.0.3-7ubuntu0.11+esm16
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7783-1
CVE-2025-8961, CVE-2025-9165, CVE-2025-9900
Package Information:
https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu4.2
https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu2.4
https://launchpad.net/ubuntu/+source/tiff/4.3.0-6ubuntu0.12
[USN-7782-1] Ghostscript vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7782-1
September 29, 2025
ghostscript vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Ghostscript.
Software Description:
- ghostscript: PostScript and PDF interpreter
Details:
It was discovered that Ghostscript incorrectly handled opening a file to
write. An attacker could possibly use this issue to cause Ghostscript to
crash, resulting in a denial of service (CVE-2025-7462)
It was discovered that Ghostscript incorrectly handled writing certain
files. An attacker could possibly use this issue to cause Ghostscript to
crash, resulting in a denial of service (CVE-2025-59798, CVE-2025-59799)
It was discovered that Ghostscript incorrectly handled performing OCR on
certain files. An attacker could use this issue to cause Ghostscript to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2025-59800)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
ghostscript 10.05.0dfsg1-0ubuntu1.2
libgs10 10.05.0dfsg1-0ubuntu1.2
Ubuntu 24.04 LTS
ghostscript 10.02.1~dfsg1-0ubuntu7.8
libgs10 10.02.1~dfsg1-0ubuntu7.8
Ubuntu 22.04 LTS
ghostscript 9.55.0~dfsg1-0ubuntu5.13
libgs9 9.55.0~dfsg1-0ubuntu5.13
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7782-1
CVE-2025-59798, CVE-2025-59799, CVE-2025-59800, CVE-2025-7462
Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/10.05.0dfsg1-0ubuntu1.2
https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.8
https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.13
Ubuntu Security Notice USN-7782-1
September 29, 2025
ghostscript vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Ghostscript.
Software Description:
- ghostscript: PostScript and PDF interpreter
Details:
It was discovered that Ghostscript incorrectly handled opening a file to
write. An attacker could possibly use this issue to cause Ghostscript to
crash, resulting in a denial of service (CVE-2025-7462)
It was discovered that Ghostscript incorrectly handled writing certain
files. An attacker could possibly use this issue to cause Ghostscript to
crash, resulting in a denial of service (CVE-2025-59798, CVE-2025-59799)
It was discovered that Ghostscript incorrectly handled performing OCR on
certain files. An attacker could use this issue to cause Ghostscript to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2025-59800)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
ghostscript 10.05.0dfsg1-0ubuntu1.2
libgs10 10.05.0dfsg1-0ubuntu1.2
Ubuntu 24.04 LTS
ghostscript 10.02.1~dfsg1-0ubuntu7.8
libgs10 10.02.1~dfsg1-0ubuntu7.8
Ubuntu 22.04 LTS
ghostscript 9.55.0~dfsg1-0ubuntu5.13
libgs9 9.55.0~dfsg1-0ubuntu5.13
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7782-1
CVE-2025-59798, CVE-2025-59799, CVE-2025-59800, CVE-2025-7462
Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/10.05.0dfsg1-0ubuntu1.2
https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.8
https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.13
[USN-5495-2] curl regression
==========================================================================
Ubuntu Security Notice USN-5495-2
September 29, 2025
curl regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
USN-5495-1 introduced a regression in curl
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205
miscalculated the maximum cookie size, causing a regression. This update
fixes the problem.
Original advisory details:
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possibly use this to perform a machine-in-the-middle attack.
(CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
curl 7.81.0-1ubuntu1.21
libcurl3-gnutls 7.81.0-1ubuntu1.21
libcurl3-nss 7.81.0-1ubuntu1.21
libcurl4 7.81.0-1ubuntu1.21
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5495-2
https://ubuntu.com/security/notices/USN-5495-1
https://launchpad.net/bugs/2118865
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.21
Ubuntu Security Notice USN-5495-2
September 29, 2025
curl regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
USN-5495-1 introduced a regression in curl
Software Description:
- curl: HTTP, HTTPS, and FTP client and client libraries
Details:
USN-5495-1 fixed vulnerabilities in curl. The fix for CVE-2022-32205
miscalculated the maximum cookie size, causing a regression. This update
fixes the problem.
Original advisory details:
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possibly use this to perform a machine-in-the-middle attack.
(CVE-2022-32208)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
curl 7.81.0-1ubuntu1.21
libcurl3-gnutls 7.81.0-1ubuntu1.21
libcurl3-nss 7.81.0-1ubuntu1.21
libcurl4 7.81.0-1ubuntu1.21
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5495-2
https://ubuntu.com/security/notices/USN-5495-1
https://launchpad.net/bugs/2118865
Package Information:
https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.21
[USN-7280-3] Python 2.7 regression
==========================================================================
Ubuntu Security Notice USN-7280-3
September 29, 2025
python2.7 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
USN-7280-2 introduced a regression in Python 2.7
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-7280-2 fixed vulnerabilities in Python. It was discovered that the
fixes for CVE-2025-0938 and CVE-2024-11168 were incorrectly applied on
Ubuntu 14.04 LTS as a result. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Python incorrectly handled parsing domain names that
included square brackets. A remote attacker could possibly use this issue
to perform a Server-Side Request Forgery (SSRF) attack.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
libpython2.7 2.7.6-8ubuntu0.6+esm28
Available with Ubuntu Pro
python2.7 2.7.6-8ubuntu0.6+esm28
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7280-3
https://ubuntu.com/security/notices/USN-7280-2
https://ubuntu.com/security/notices/USN-7280-1
CVE-2024-11168, CVE-2025-0938, https://launchpad.net/bugs/2125702
Ubuntu Security Notice USN-7280-3
September 29, 2025
python2.7 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
USN-7280-2 introduced a regression in Python 2.7
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-7280-2 fixed vulnerabilities in Python. It was discovered that the
fixes for CVE-2025-0938 and CVE-2024-11168 were incorrectly applied on
Ubuntu 14.04 LTS as a result. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Python incorrectly handled parsing domain names that
included square brackets. A remote attacker could possibly use this issue
to perform a Server-Side Request Forgery (SSRF) attack.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
libpython2.7 2.7.6-8ubuntu0.6+esm28
Available with Ubuntu Pro
python2.7 2.7.6-8ubuntu0.6+esm28
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7280-3
https://ubuntu.com/security/notices/USN-7280-2
https://ubuntu.com/security/notices/USN-7280-1
CVE-2024-11168, CVE-2025-0938, https://launchpad.net/bugs/2125702
[USN-7015-7] Python 2.7 regression
==========================================================================
Ubuntu Security Notice USN-7015-7
September 29, 2025
python2.7 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-7015-4 introduced a regression in Python 2.7
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-7015-4 fixed vulnerabilities in Python. It was discovered that the fix
for CVE-2023-27043 for python2.7 was incorrectly applied on Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)
It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)
It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of
service. (CVE-2024-8088)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
libpython2.7 2.7.17-1~18.04ubuntu1.13+esm13
Available with Ubuntu Pro
python2.7 2.7.17-1~18.04ubuntu1.13+esm13
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libpython2.7 2.7.12-1ubuntu0~16.04.18+esm18
Available with Ubuntu Pro
python2.7 2.7.12-1ubuntu0~16.04.18+esm18
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7015-7
https://ubuntu.com/security/notices/USN-7015-6
https://ubuntu.com/security/notices/USN-7015-5
https://ubuntu.com/security/notices/USN-7015-4
https://ubuntu.com/security/notices/USN-7015-3
https://ubuntu.com/security/notices/USN-7015-2
https://ubuntu.com/security/notices/USN-7015-1
CVE-2023-27043, https://launchpad.net/bugs/2125702
Ubuntu Security Notice USN-7015-7
September 29, 2025
python2.7 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-7015-4 introduced a regression in Python 2.7
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-7015-4 fixed vulnerabilities in Python. It was discovered that the fix
for CVE-2023-27043 for python2.7 was incorrectly applied on Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that the Python email module incorrectly parsed email
addresses that contain special characters. A remote attacker could
possibly use this issue to bypass certain protection mechanisms.
(CVE-2023-27043)
It was discovered that Python allowed excessive backtracking while parsing
certain tarfile headers. A remote attacker could possibly use this issue
to cause Python to consume resources, leading to a denial of service.
(CVE-2024-6232)
It was discovered that the Python email module incorrectly quoted newlines
for email headers. A remote attacker could possibly use this issue to
perform header injection. (CVE-2024-6923)
It was discovered that the Python http.cookies module incorrectly handled
parsing cookies that contained backslashes for quoted characters. A remote
attacker could possibly use this issue to cause Python to consume
resources, leading to a denial of service. (CVE-2024-7592)
It was discovered that the Python zipfile module incorrectly handled
certain malformed zip files. A remote attacker could possibly use this
issue to cause Python to stop responding, resulting in a denial of
service. (CVE-2024-8088)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
libpython2.7 2.7.17-1~18.04ubuntu1.13+esm13
Available with Ubuntu Pro
python2.7 2.7.17-1~18.04ubuntu1.13+esm13
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libpython2.7 2.7.12-1ubuntu0~16.04.18+esm18
Available with Ubuntu Pro
python2.7 2.7.12-1ubuntu0~16.04.18+esm18
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7015-7
https://ubuntu.com/security/notices/USN-7015-6
https://ubuntu.com/security/notices/USN-7015-5
https://ubuntu.com/security/notices/USN-7015-4
https://ubuntu.com/security/notices/USN-7015-3
https://ubuntu.com/security/notices/USN-7015-2
https://ubuntu.com/security/notices/USN-7015-1
CVE-2023-27043, https://launchpad.net/bugs/2125702
[USN-7780-1] Qt vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7780-1
September 28, 2025
qtbase-opensource-src vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Qt.
Software Description:
- qtbase-opensource-src: Qt 5 libraries
Details:
It was discovered that Qt did not correctly handle certain inputs when
using the SQL ODBC driver plugin. An attacker could possibly use this issue
to cause a denial of service. (CVE-2023-24607)
It was discovered that Qt did not correctly parse certain strict-transport-
security headers. An attacker could possibly use this issue to leak
sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu
22.04 LTS. (CVE-2023-32762)
It was discovered that Qt did not correctly handle certain inputs from DNS
servers. A remote attacker could possibly use this issue to execute
arbitrary code or cause a denial of service. (CVE-2023-33285)
It was discovered that Qt did not correctly validate certain CA
certificates for TLS. An attacker could possibly use this issue to gain
access to unauthorized resources. (CVE-2023-34410)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libqt5core5a 5.15.3+dfsg-2ubuntu0.2+esm1
Available with Ubuntu Pro
libqt5gui5 5.15.3+dfsg-2ubuntu0.2+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libqt5core5a 5.12.8+dfsg-0ubuntu2.1+esm1
Available with Ubuntu Pro
libqt5gui5 5.12.8+dfsg-0ubuntu2.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libqt5core5a 5.9.5+dfsg-0ubuntu2.6+esm1
Available with Ubuntu Pro
libqt5gui5 5.9.5+dfsg-0ubuntu2.6+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libqt5core5a 5.5.1+dfsg-16ubuntu7.7+esm1
Available with Ubuntu Pro
libqt5gui5 5.5.1+dfsg-16ubuntu7.7+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7780-1
CVE-2023-24607, CVE-2023-32762, CVE-2023-33285, CVE-2023-34410
Ubuntu Security Notice USN-7780-1
September 28, 2025
qtbase-opensource-src vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Qt.
Software Description:
- qtbase-opensource-src: Qt 5 libraries
Details:
It was discovered that Qt did not correctly handle certain inputs when
using the SQL ODBC driver plugin. An attacker could possibly use this issue
to cause a denial of service. (CVE-2023-24607)
It was discovered that Qt did not correctly parse certain strict-transport-
security headers. An attacker could possibly use this issue to leak
sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu
22.04 LTS. (CVE-2023-32762)
It was discovered that Qt did not correctly handle certain inputs from DNS
servers. A remote attacker could possibly use this issue to execute
arbitrary code or cause a denial of service. (CVE-2023-33285)
It was discovered that Qt did not correctly validate certain CA
certificates for TLS. An attacker could possibly use this issue to gain
access to unauthorized resources. (CVE-2023-34410)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libqt5core5a 5.15.3+dfsg-2ubuntu0.2+esm1
Available with Ubuntu Pro
libqt5gui5 5.15.3+dfsg-2ubuntu0.2+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libqt5core5a 5.12.8+dfsg-0ubuntu2.1+esm1
Available with Ubuntu Pro
libqt5gui5 5.12.8+dfsg-0ubuntu2.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libqt5core5a 5.9.5+dfsg-0ubuntu2.6+esm1
Available with Ubuntu Pro
libqt5gui5 5.9.5+dfsg-0ubuntu2.6+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libqt5core5a 5.5.1+dfsg-16ubuntu7.7+esm1
Available with Ubuntu Pro
libqt5gui5 5.5.1+dfsg-16ubuntu7.7+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7780-1
CVE-2023-24607, CVE-2023-32762, CVE-2023-33285, CVE-2023-34410
[USN-7781-1] Inetutils vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7781-1
September 28, 2025
inetutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Inetutils.
Software Description:
- inetutils: Collection of common network programs
Details:
Matthew Hickey discovered that Inetutils did not correctly handle certain
escape characters. An attacker could possibly use this issue to cause a
denial of service. (CVE-2019-0053)
It was discovered that Inetutils did not correctly handle certain memory
operations. An attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-10188)
It was discovered that Inetutils did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial of
service. (CVE-2022-39028)
It was discovered that Inetutils did not check the return values of set*id
functions. An attacker could possibly use this issue to escalate their
privileges. (CVE-2023-40303)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
inetutils-ftp 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-inetd 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-ping 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-talk 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-telnet 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-tools 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
inetutils-ftp 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-inetd 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-ping 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-talk 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-telnet 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-tools 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
inetutils-ftp 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-inetd 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-ping 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-talk 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-telnet 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-tools 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 14.04 LTS
inetutils-ftp 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-inetd 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-ping 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-talk 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-telnet 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-tools 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7781-1
CVE-2019-0053, CVE-2020-10188, CVE-2022-39028, CVE-2023-40303
Ubuntu Security Notice USN-7781-1
September 28, 2025
inetutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Inetutils.
Software Description:
- inetutils: Collection of common network programs
Details:
Matthew Hickey discovered that Inetutils did not correctly handle certain
escape characters. An attacker could possibly use this issue to cause a
denial of service. (CVE-2019-0053)
It was discovered that Inetutils did not correctly handle certain memory
operations. An attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-10188)
It was discovered that Inetutils did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial of
service. (CVE-2022-39028)
It was discovered that Inetutils did not check the return values of set*id
functions. An attacker could possibly use this issue to escalate their
privileges. (CVE-2023-40303)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
inetutils-ftp 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-inetd 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-ping 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-talk 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-telnet 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-tools 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
inetutils-ftp 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-inetd 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-ping 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-talk 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-telnet 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-tools 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
inetutils-ftp 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-inetd 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-ping 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-talk 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-telnet 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-tools 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 14.04 LTS
inetutils-ftp 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-inetd 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-ping 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-talk 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-telnet 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-tools 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7781-1
CVE-2019-0053, CVE-2020-10188, CVE-2022-39028, CVE-2023-40303
Friday, September 26, 2025
OpenBGPD 8.9 released
We have released OpenBGPD 8.9, which will be arriving in the
OpenBGPD directory of your local OpenBSD mirror soon.
This release includes the following changes to the previous release:
* In verbose mode log the NOTIFICATION data for UPDATE errors.
* Fix a busy loop error in the pfkey handling for OpenBSD and FreeBSD.
* Introduce monotime - an internal time API using micorsecond
resolution.
* Fix accounting of the pending update counter
* Use new ibufq interface instead of handrolling the same.
* Large refactoring of internal APIs to make the code easier to share
and cleaner.
OpenBGPD-portable is known to compile and run on FreeBSD and the
Linux distributions Alpine, Debian, Fedora, RHEL/CentOS and Ubuntu.
It is our hope that packagers take interest and help adapt OpenBGPD-portable
to more distributions.
We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.
OpenBGPD directory of your local OpenBSD mirror soon.
This release includes the following changes to the previous release:
* In verbose mode log the NOTIFICATION data for UPDATE errors.
* Fix a busy loop error in the pfkey handling for OpenBSD and FreeBSD.
* Introduce monotime - an internal time API using micorsecond
resolution.
* Fix accounting of the pending update counter
* Use new ibufq interface instead of handrolling the same.
* Large refactoring of internal APIs to make the code easier to share
and cleaner.
OpenBGPD-portable is known to compile and run on FreeBSD and the
Linux distributions Alpine, Debian, Fedora, RHEL/CentOS and Ubuntu.
It is our hope that packagers take interest and help adapt OpenBGPD-portable
to more distributions.
We welcome feedback and improvements from the broader community.
Thanks to all of the contributors who helped make this release
possible.
[USN-7775-2] Linux kernel (Azure) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7775-2
September 26, 2025
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- Network block device driver;
- Bus devices;
- Clock framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Input Device (Miscellaneous) drivers;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- MMC subsystem;
- MTD block device drivers;
- Network drivers;
- Pin controllers subsystem;
- x86 platform drivers;
- PTP clock framework;
- RapidIO drivers;
- Voltage and Current Regulator drivers;
- Remote Processor subsystem;
- S/390 drivers;
- SCSI subsystem;
- ASPEED SoC drivers;
- TCM subsystem;
- Thermal drivers;
- Thunderbolt and USB4 drivers;
- TTY drivers;
- UFS subsystem;
- USB Gadget drivers;
- Renesas USBHS Controller drivers;
- USB Type-C support driver;
- Virtio Host (VHOST) subsystem;
- Backlight driver;
- Framebuffer layer;
- BTRFS file system;
- File systems infrastructure;
- Ext4 file system;
- F2FS file system;
- JFFS2 file system;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- DRM display driver;
- Memory Management;
- Mellanox drivers;
- Memory management;
- Netfilter;
- Network sockets;
- IPC subsystem;
- BPF subsystem;
- Perf events;
- Kernel exit() syscall;
- Restartable seuqences system call mechanism;
- Timer subsystem;
- Tracing infrastructure;
- Appletalk network protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv6 networking;
- MultiProtocol Label Switching driver;
- NetLabel subsystem;
- Netlink;
- NFC subsystem;
- Open vSwitch;
- Rose network layer;
- RxRPC session sockets;
- Network traffic control;
- TIPC protocol;
- VMware vSockets driver;
- USB sound devices;
(CVE-2025-38389, CVE-2025-38146, CVE-2025-38237, CVE-2025-38107,
CVE-2025-38229, CVE-2025-38211, CVE-2025-38313, CVE-2025-21888,
CVE-2025-38122, CVE-2025-38514, CVE-2025-38280, CVE-2025-38375,
CVE-2025-38084, CVE-2025-38410, CVE-2025-38459, CVE-2025-38119,
CVE-2025-38391, CVE-2025-38293, CVE-2025-38086, CVE-2025-38085,
CVE-2025-38231, CVE-2025-38324, CVE-2025-38227, CVE-2025-38153,
CVE-2025-38439, CVE-2025-38263, CVE-2025-38387, CVE-2025-38542,
CVE-2025-37948, CVE-2025-38462, CVE-2025-38498, CVE-2025-38320,
CVE-2025-38262, CVE-2025-38218, CVE-2025-38412, CVE-2025-38424,
CVE-2025-38384, CVE-2025-38377, CVE-2025-38102, CVE-2025-38163,
CVE-2024-26726, CVE-2025-38386, CVE-2025-38400, CVE-2024-57883,
CVE-2025-38145, CVE-2025-38157, CVE-2025-38399, CVE-2025-38419,
CVE-2025-38464, CVE-2025-38251, CVE-2025-38444, CVE-2025-38428,
CVE-2024-44939, CVE-2025-37954, CVE-2024-26775, CVE-2025-38147,
CVE-2025-38286, CVE-2025-38516, CVE-2025-38154, CVE-2025-38336,
CVE-2025-38467, CVE-2025-38067, CVE-2025-38206, CVE-2025-38090,
CVE-2025-38312, CVE-2022-48703, CVE-2025-38161, CVE-2025-38328,
CVE-2025-38540, CVE-2025-38401, CVE-2025-38513, CVE-2025-37963,
CVE-2025-38219, CVE-2025-38305, CVE-2025-38415, CVE-2025-38143,
CVE-2025-38515, CVE-2025-38418, CVE-2025-38135, CVE-2025-38445,
CVE-2025-38222, CVE-2025-38200, CVE-2025-38403, CVE-2025-38181,
CVE-2025-38461, CVE-2025-38458, CVE-2025-38173, CVE-2025-38448,
CVE-2025-38346, CVE-2025-38466, CVE-2025-38249, CVE-2025-38457,
CVE-2025-38160, CVE-2025-38138, CVE-2025-38088, CVE-2025-38167,
CVE-2025-38184, CVE-2025-38319, CVE-2025-38395, CVE-2025-38194,
CVE-2025-38416, CVE-2025-38363, CVE-2025-38245, CVE-2025-38348,
CVE-2025-38326, CVE-2025-38441, CVE-2025-38103, CVE-2025-37958,
CVE-2025-38074, CVE-2025-38174, CVE-2025-38371, CVE-2025-38112,
CVE-2025-38115, CVE-2025-38273, CVE-2025-38159, CVE-2025-38136,
CVE-2025-38298, CVE-2025-38342, CVE-2025-38344, CVE-2025-38337,
CVE-2025-38120, CVE-2025-38345, CVE-2025-38203, CVE-2025-38420,
CVE-2025-38443, CVE-2025-38362, CVE-2025-38111, CVE-2025-38352,
CVE-2025-38285, CVE-2025-38465, CVE-2025-38460, CVE-2025-38406,
CVE-2025-38100, CVE-2025-38393, CVE-2025-38197, CVE-2025-38257,
CVE-2025-38226, CVE-2025-38310, CVE-2025-38108, CVE-2025-38430,
CVE-2025-38212, CVE-2025-38332, CVE-2025-38204)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1096-azure 5.15.0-1096.105
linux-image-azure-5.15 5.15.0.1096.94
linux-image-azure-lts-22.04 5.15.0.1096.94
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7775-2
https://ubuntu.com/security/notices/USN-7775-1
CVE-2022-48703, CVE-2024-26726, CVE-2024-26775, CVE-2024-44939,
CVE-2024-57883, CVE-2025-21888, CVE-2025-37948, CVE-2025-37954,
CVE-2025-37958, CVE-2025-37963, CVE-2025-38067, CVE-2025-38074,
CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38088,
CVE-2025-38090, CVE-2025-38100, CVE-2025-38102, CVE-2025-38103,
CVE-2025-38107, CVE-2025-38108, CVE-2025-38111, CVE-2025-38112,
CVE-2025-38115, CVE-2025-38119, CVE-2025-38120, CVE-2025-38122,
CVE-2025-38135, CVE-2025-38136, CVE-2025-38138, CVE-2025-38143,
CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38153,
CVE-2025-38154, CVE-2025-38157, CVE-2025-38159, CVE-2025-38160,
CVE-2025-38161, CVE-2025-38163, CVE-2025-38167, CVE-2025-38173,
CVE-2025-38174, CVE-2025-38181, CVE-2025-38184, CVE-2025-38194,
CVE-2025-38197, CVE-2025-38200, CVE-2025-38203, CVE-2025-38204,
CVE-2025-38206, CVE-2025-38211, CVE-2025-38212, CVE-2025-38218,
CVE-2025-38219, CVE-2025-38222, CVE-2025-38226, CVE-2025-38227,
CVE-2025-38229, CVE-2025-38231, CVE-2025-38237, CVE-2025-38245,
CVE-2025-38249, CVE-2025-38251, CVE-2025-38257, CVE-2025-38262,
CVE-2025-38263, CVE-2025-38273, CVE-2025-38280, CVE-2025-38285,
CVE-2025-38286, CVE-2025-38293, CVE-2025-38298, CVE-2025-38305,
CVE-2025-38310, CVE-2025-38312, CVE-2025-38313, CVE-2025-38319,
CVE-2025-38320, CVE-2025-38324, CVE-2025-38326, CVE-2025-38328,
CVE-2025-38332, CVE-2025-38336, CVE-2025-38337, CVE-2025-38342,
CVE-2025-38344, CVE-2025-38345, CVE-2025-38346, CVE-2025-38348,
CVE-2025-38352, CVE-2025-38362, CVE-2025-38363, CVE-2025-38371,
CVE-2025-38375, CVE-2025-38377, CVE-2025-38384, CVE-2025-38386,
CVE-2025-38387, CVE-2025-38389, CVE-2025-38391, CVE-2025-38393,
CVE-2025-38395, CVE-2025-38399, CVE-2025-38400, CVE-2025-38401,
CVE-2025-38403, CVE-2025-38406, CVE-2025-38410, CVE-2025-38412,
CVE-2025-38415, CVE-2025-38416, CVE-2025-38418, CVE-2025-38419,
CVE-2025-38420, CVE-2025-38424, CVE-2025-38428, CVE-2025-38430,
CVE-2025-38439, CVE-2025-38441, CVE-2025-38443, CVE-2025-38444,
CVE-2025-38445, CVE-2025-38448, CVE-2025-38457, CVE-2025-38458,
CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462,
CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467,
CVE-2025-38498, CVE-2025-38513, CVE-2025-38514, CVE-2025-38515,
CVE-2025-38516, CVE-2025-38540, CVE-2025-38542
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1096.105
Ubuntu Security Notice USN-7775-2
September 26, 2025
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- Network block device driver;
- Bus devices;
- Clock framework and drivers;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Input Device (Miscellaneous) drivers;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- MMC subsystem;
- MTD block device drivers;
- Network drivers;
- Pin controllers subsystem;
- x86 platform drivers;
- PTP clock framework;
- RapidIO drivers;
- Voltage and Current Regulator drivers;
- Remote Processor subsystem;
- S/390 drivers;
- SCSI subsystem;
- ASPEED SoC drivers;
- TCM subsystem;
- Thermal drivers;
- Thunderbolt and USB4 drivers;
- TTY drivers;
- UFS subsystem;
- USB Gadget drivers;
- Renesas USBHS Controller drivers;
- USB Type-C support driver;
- Virtio Host (VHOST) subsystem;
- Backlight driver;
- Framebuffer layer;
- BTRFS file system;
- File systems infrastructure;
- Ext4 file system;
- F2FS file system;
- JFFS2 file system;
- JFS file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- DRM display driver;
- Memory Management;
- Mellanox drivers;
- Memory management;
- Netfilter;
- Network sockets;
- IPC subsystem;
- BPF subsystem;
- Perf events;
- Kernel exit() syscall;
- Restartable seuqences system call mechanism;
- Timer subsystem;
- Tracing infrastructure;
- Appletalk network protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv6 networking;
- MultiProtocol Label Switching driver;
- NetLabel subsystem;
- Netlink;
- NFC subsystem;
- Open vSwitch;
- Rose network layer;
- RxRPC session sockets;
- Network traffic control;
- TIPC protocol;
- VMware vSockets driver;
- USB sound devices;
(CVE-2025-38389, CVE-2025-38146, CVE-2025-38237, CVE-2025-38107,
CVE-2025-38229, CVE-2025-38211, CVE-2025-38313, CVE-2025-21888,
CVE-2025-38122, CVE-2025-38514, CVE-2025-38280, CVE-2025-38375,
CVE-2025-38084, CVE-2025-38410, CVE-2025-38459, CVE-2025-38119,
CVE-2025-38391, CVE-2025-38293, CVE-2025-38086, CVE-2025-38085,
CVE-2025-38231, CVE-2025-38324, CVE-2025-38227, CVE-2025-38153,
CVE-2025-38439, CVE-2025-38263, CVE-2025-38387, CVE-2025-38542,
CVE-2025-37948, CVE-2025-38462, CVE-2025-38498, CVE-2025-38320,
CVE-2025-38262, CVE-2025-38218, CVE-2025-38412, CVE-2025-38424,
CVE-2025-38384, CVE-2025-38377, CVE-2025-38102, CVE-2025-38163,
CVE-2024-26726, CVE-2025-38386, CVE-2025-38400, CVE-2024-57883,
CVE-2025-38145, CVE-2025-38157, CVE-2025-38399, CVE-2025-38419,
CVE-2025-38464, CVE-2025-38251, CVE-2025-38444, CVE-2025-38428,
CVE-2024-44939, CVE-2025-37954, CVE-2024-26775, CVE-2025-38147,
CVE-2025-38286, CVE-2025-38516, CVE-2025-38154, CVE-2025-38336,
CVE-2025-38467, CVE-2025-38067, CVE-2025-38206, CVE-2025-38090,
CVE-2025-38312, CVE-2022-48703, CVE-2025-38161, CVE-2025-38328,
CVE-2025-38540, CVE-2025-38401, CVE-2025-38513, CVE-2025-37963,
CVE-2025-38219, CVE-2025-38305, CVE-2025-38415, CVE-2025-38143,
CVE-2025-38515, CVE-2025-38418, CVE-2025-38135, CVE-2025-38445,
CVE-2025-38222, CVE-2025-38200, CVE-2025-38403, CVE-2025-38181,
CVE-2025-38461, CVE-2025-38458, CVE-2025-38173, CVE-2025-38448,
CVE-2025-38346, CVE-2025-38466, CVE-2025-38249, CVE-2025-38457,
CVE-2025-38160, CVE-2025-38138, CVE-2025-38088, CVE-2025-38167,
CVE-2025-38184, CVE-2025-38319, CVE-2025-38395, CVE-2025-38194,
CVE-2025-38416, CVE-2025-38363, CVE-2025-38245, CVE-2025-38348,
CVE-2025-38326, CVE-2025-38441, CVE-2025-38103, CVE-2025-37958,
CVE-2025-38074, CVE-2025-38174, CVE-2025-38371, CVE-2025-38112,
CVE-2025-38115, CVE-2025-38273, CVE-2025-38159, CVE-2025-38136,
CVE-2025-38298, CVE-2025-38342, CVE-2025-38344, CVE-2025-38337,
CVE-2025-38120, CVE-2025-38345, CVE-2025-38203, CVE-2025-38420,
CVE-2025-38443, CVE-2025-38362, CVE-2025-38111, CVE-2025-38352,
CVE-2025-38285, CVE-2025-38465, CVE-2025-38460, CVE-2025-38406,
CVE-2025-38100, CVE-2025-38393, CVE-2025-38197, CVE-2025-38257,
CVE-2025-38226, CVE-2025-38310, CVE-2025-38108, CVE-2025-38430,
CVE-2025-38212, CVE-2025-38332, CVE-2025-38204)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1096-azure 5.15.0-1096.105
linux-image-azure-5.15 5.15.0.1096.94
linux-image-azure-lts-22.04 5.15.0.1096.94
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7775-2
https://ubuntu.com/security/notices/USN-7775-1
CVE-2022-48703, CVE-2024-26726, CVE-2024-26775, CVE-2024-44939,
CVE-2024-57883, CVE-2025-21888, CVE-2025-37948, CVE-2025-37954,
CVE-2025-37958, CVE-2025-37963, CVE-2025-38067, CVE-2025-38074,
CVE-2025-38084, CVE-2025-38085, CVE-2025-38086, CVE-2025-38088,
CVE-2025-38090, CVE-2025-38100, CVE-2025-38102, CVE-2025-38103,
CVE-2025-38107, CVE-2025-38108, CVE-2025-38111, CVE-2025-38112,
CVE-2025-38115, CVE-2025-38119, CVE-2025-38120, CVE-2025-38122,
CVE-2025-38135, CVE-2025-38136, CVE-2025-38138, CVE-2025-38143,
CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38153,
CVE-2025-38154, CVE-2025-38157, CVE-2025-38159, CVE-2025-38160,
CVE-2025-38161, CVE-2025-38163, CVE-2025-38167, CVE-2025-38173,
CVE-2025-38174, CVE-2025-38181, CVE-2025-38184, CVE-2025-38194,
CVE-2025-38197, CVE-2025-38200, CVE-2025-38203, CVE-2025-38204,
CVE-2025-38206, CVE-2025-38211, CVE-2025-38212, CVE-2025-38218,
CVE-2025-38219, CVE-2025-38222, CVE-2025-38226, CVE-2025-38227,
CVE-2025-38229, CVE-2025-38231, CVE-2025-38237, CVE-2025-38245,
CVE-2025-38249, CVE-2025-38251, CVE-2025-38257, CVE-2025-38262,
CVE-2025-38263, CVE-2025-38273, CVE-2025-38280, CVE-2025-38285,
CVE-2025-38286, CVE-2025-38293, CVE-2025-38298, CVE-2025-38305,
CVE-2025-38310, CVE-2025-38312, CVE-2025-38313, CVE-2025-38319,
CVE-2025-38320, CVE-2025-38324, CVE-2025-38326, CVE-2025-38328,
CVE-2025-38332, CVE-2025-38336, CVE-2025-38337, CVE-2025-38342,
CVE-2025-38344, CVE-2025-38345, CVE-2025-38346, CVE-2025-38348,
CVE-2025-38352, CVE-2025-38362, CVE-2025-38363, CVE-2025-38371,
CVE-2025-38375, CVE-2025-38377, CVE-2025-38384, CVE-2025-38386,
CVE-2025-38387, CVE-2025-38389, CVE-2025-38391, CVE-2025-38393,
CVE-2025-38395, CVE-2025-38399, CVE-2025-38400, CVE-2025-38401,
CVE-2025-38403, CVE-2025-38406, CVE-2025-38410, CVE-2025-38412,
CVE-2025-38415, CVE-2025-38416, CVE-2025-38418, CVE-2025-38419,
CVE-2025-38420, CVE-2025-38424, CVE-2025-38428, CVE-2025-38430,
CVE-2025-38439, CVE-2025-38441, CVE-2025-38443, CVE-2025-38444,
CVE-2025-38445, CVE-2025-38448, CVE-2025-38457, CVE-2025-38458,
CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462,
CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467,
CVE-2025-38498, CVE-2025-38513, CVE-2025-38514, CVE-2025-38515,
CVE-2025-38516, CVE-2025-38540, CVE-2025-38542
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1096.105
[USN-7769-3] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7769-3
September 26, 2025
linux-aws-6.14, linux-hwe-6.14 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-6.14: Linux kernel for Amazon Web Services (AWS) systems
- linux-hwe-6.14: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Android drivers;
- Bluetooth drivers;
- Bus devices;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- Arm Firmware Framework for ARMv8-A(FFA);
- FPGA Framework;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- HW tracing;
- InfiniBand drivers;
- IOMMU subsystem;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- MTD block device drivers;
- Network drivers;
- Mellanox network drivers;
- STMicroelectronics network drivers;
- NVDIMM (Non-Volatile Memory Device) drivers;
- NVME drivers;
- NVMEM (Non Volatile Memory) drivers;
- PCI subsystem;
- Amlogic Meson DDR PMU;
- NI-700 PMU driver;
- PHY drivers;
- Pin controllers subsystem;
- x86 platform drivers;
- PTP clock framework;
- SCSI subsystem;
- ASPEED SoC drivers;
- SPI subsystem;
- TCM subsystem;
- Thunderbolt and USB4 drivers;
- TTY drivers;
- UFS subsystem;
- USB core drivers;
- USB Gadget drivers;
- Renesas USBHS Controller drivers;
- USB Type-C Port Controller Manager driver;
- VFIO drivers;
- Virtio Host (VHOST) subsystem;
- Backlight driver;
- Framebuffer layer;
- Virtio drivers;
- BTRFS file system;
- EROFS file system;
- F2FS file system;
- File systems infrastructure;
- Network file systems library;
- NTFS3 file system;
- SMB network file system;
- Codetag library;
- BPF subsystem;
- LZO compression library;
- Mellanox drivers;
- IPv4 networking;
- Bluetooth subsystem;
- Network sockets;
- XFRM subsystem;
- Digital Audio (PCM) driver;
- Tracing infrastructure;
- io_uring subsystem;
- Padata parallel execution mechanism;
- DVFS energy model driver;
- Restartable seuqences system call mechanism;
- Timer subsystem;
- Memory management;
- KASAN memory debugging framework;
- CAN network layer;
- Networking core;
- IPv6 networking;
- Netfilter;
- NetLabel subsystem;
- Open vSwitch;
- Network traffic control;
- TIPC protocol;
- TLS protocol;
- ALSA framework;
- sma1307 audio codecs;
- Intel ASoC drivers;
- MediaTek ASoC drivers;
- USB sound devices;
(CVE-2025-38115, CVE-2025-38004, CVE-2025-38035, CVE-2025-38057,
CVE-2025-38314, CVE-2025-38317, CVE-2025-38074, CVE-2025-38113,
CVE-2025-38130, CVE-2025-38175, CVE-2025-38155, CVE-2025-38062,
CVE-2025-38050, CVE-2025-38159, CVE-2025-38352, CVE-2025-38101,
CVE-2025-38034, CVE-2025-38061, CVE-2025-38288, CVE-2025-38153,
CVE-2025-38043, CVE-2025-38268, CVE-2025-38415, CVE-2025-38291,
CVE-2025-38270, CVE-2025-38044, CVE-2025-38146, CVE-2025-38048,
CVE-2025-38069, CVE-2025-38298, CVE-2025-38058, CVE-2025-38161,
CVE-2025-38158, CVE-2025-38059, CVE-2025-38066, CVE-2025-38047,
CVE-2025-38040, CVE-2025-38112, CVE-2025-38042, CVE-2025-38107,
CVE-2025-38296, CVE-2025-38278, CVE-2025-39890, CVE-2025-38088,
CVE-2025-38174, CVE-2025-38118, CVE-2025-38117, CVE-2025-38110,
CVE-2025-38305, CVE-2025-38136, CVE-2025-38063, CVE-2025-38498,
CVE-2025-38499, CVE-2025-38106, CVE-2025-38292, CVE-2025-38163,
CVE-2025-38169, CVE-2025-38032, CVE-2025-38310, CVE-2025-38302,
CVE-2025-38092, CVE-2025-38052, CVE-2025-38282, CVE-2025-38082,
CVE-2025-38036, CVE-2025-38054, CVE-2025-38105, CVE-2025-38265,
CVE-2025-38116, CVE-2025-38060, CVE-2025-38154, CVE-2025-38280,
CVE-2025-38176, CVE-2025-38156, CVE-2025-38289, CVE-2025-38166,
CVE-2025-38080, CVE-2025-38098, CVE-2025-38127, CVE-2025-38125,
CVE-2025-38172, CVE-2025-38142, CVE-2025-38096, CVE-2025-38055,
CVE-2025-38138, CVE-2025-38126, CVE-2025-38073, CVE-2025-38173,
CVE-2025-38031, CVE-2025-38128, CVE-2025-38064, CVE-2025-38071,
CVE-2025-38099, CVE-2025-38316, CVE-2025-38119, CVE-2025-38108,
CVE-2025-38079, CVE-2025-38301, CVE-2025-38122, CVE-2025-38269,
CVE-2025-38300, CVE-2025-38097, CVE-2025-38318, CVE-2025-38100,
CVE-2025-38045, CVE-2025-38053, CVE-2025-38124, CVE-2025-38295,
CVE-2025-38078, CVE-2025-38037, CVE-2025-38135, CVE-2025-38165,
CVE-2025-38294, CVE-2025-38132, CVE-2025-38065, CVE-2025-38281,
CVE-2025-38145, CVE-2025-38311, CVE-2025-38075, CVE-2025-38033,
CVE-2025-38275, CVE-2025-38319, CVE-2025-38081, CVE-2025-38279,
CVE-2025-38076, CVE-2025-38077, CVE-2025-38068, CVE-2025-38148,
CVE-2025-38313, CVE-2025-38134, CVE-2025-38143, CVE-2025-38102,
CVE-2025-38131, CVE-2025-38283, CVE-2025-38151, CVE-2025-38111,
CVE-2025-38029, CVE-2025-38141, CVE-2025-38277, CVE-2025-38414,
CVE-2025-38147, CVE-2025-38167, CVE-2025-38286, CVE-2025-38315,
CVE-2025-38103, CVE-2025-38303, CVE-2025-38123, CVE-2025-38129,
CVE-2025-38164, CVE-2025-38157, CVE-2025-38306, CVE-2025-38299,
CVE-2025-38307, CVE-2025-38091, CVE-2025-38304, CVE-2025-38149,
CVE-2025-38170, CVE-2025-38137, CVE-2025-38293, CVE-2025-38070,
CVE-2025-38120, CVE-2025-38290, CVE-2025-38003, CVE-2025-38160,
CVE-2025-38039, CVE-2025-38139, CVE-2025-38114, CVE-2025-38041,
CVE-2025-38038, CVE-2025-38168, CVE-2025-38274, CVE-2025-38051,
CVE-2025-38072, CVE-2025-38287, CVE-2025-38067, CVE-2025-38285,
CVE-2025-38284, CVE-2025-38312, CVE-2025-38109, CVE-2025-38272,
CVE-2025-38140, CVE-2025-38162, CVE-2025-38267, CVE-2025-38297)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.14.0-1013-aws 6.14.0-1013.13~24.04.1
linux-image-6.14.0-1013-aws-64k 6.14.0-1013.13~24.04.1
linux-image-6.14.0-32-generic 6.14.0-32.32~24.04.1
linux-image-6.14.0-32-generic-64k 6.14.0-32.32~24.04.1
linux-image-aws 6.14.0-1013.13~24.04.1
linux-image-aws-6.14 6.14.0-1013.13~24.04.1
linux-image-aws-64k 6.14.0-1013.13~24.04.1
linux-image-aws-64k-6.14 6.14.0-1013.13~24.04.1
linux-image-generic-6.14 6.14.0-32.32~24.04.1
linux-image-generic-64k-6.14 6.14.0-32.32~24.04.1
linux-image-generic-64k-hwe-24.04 6.14.0-32.32~24.04.1
linux-image-generic-hwe-24.04 6.14.0-32.32~24.04.1
linux-image-virtual-6.14 6.14.0-32.32~24.04.1
linux-image-virtual-hwe-24.04 6.14.0-32.32~24.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7769-3
https://ubuntu.com/security/notices/USN-7769-2
https://ubuntu.com/security/notices/USN-7769-1
CVE-2025-38003, CVE-2025-38004, CVE-2025-38029, CVE-2025-38031,
CVE-2025-38032, CVE-2025-38033, CVE-2025-38034, CVE-2025-38035,
CVE-2025-38036, CVE-2025-38037, CVE-2025-38038, CVE-2025-38039,
CVE-2025-38040, CVE-2025-38041, CVE-2025-38042, CVE-2025-38043,
CVE-2025-38044, CVE-2025-38045, CVE-2025-38047, CVE-2025-38048,
CVE-2025-38050, CVE-2025-38051, CVE-2025-38052, CVE-2025-38053,
CVE-2025-38054, CVE-2025-38055, CVE-2025-38057, CVE-2025-38058,
CVE-2025-38059, CVE-2025-38060, CVE-2025-38061, CVE-2025-38062,
CVE-2025-38063, CVE-2025-38064, CVE-2025-38065, CVE-2025-38066,
CVE-2025-38067, CVE-2025-38068, CVE-2025-38069, CVE-2025-38070,
CVE-2025-38071, CVE-2025-38072, CVE-2025-38073, CVE-2025-38074,
CVE-2025-38075, CVE-2025-38076, CVE-2025-38077, CVE-2025-38078,
CVE-2025-38079, CVE-2025-38080, CVE-2025-38081, CVE-2025-38082,
CVE-2025-38088, CVE-2025-38091, CVE-2025-38092, CVE-2025-38096,
CVE-2025-38097, CVE-2025-38098, CVE-2025-38099, CVE-2025-38100,
CVE-2025-38101, CVE-2025-38102, CVE-2025-38103, CVE-2025-38105,
CVE-2025-38106, CVE-2025-38107, CVE-2025-38108, CVE-2025-38109,
CVE-2025-38110, CVE-2025-38111, CVE-2025-38112, CVE-2025-38113,
CVE-2025-38114, CVE-2025-38115, CVE-2025-38116, CVE-2025-38117,
CVE-2025-38118, CVE-2025-38119, CVE-2025-38120, CVE-2025-38122,
CVE-2025-38123, CVE-2025-38124, CVE-2025-38125, CVE-2025-38126,
CVE-2025-38127, CVE-2025-38128, CVE-2025-38129, CVE-2025-38130,
CVE-2025-38131, CVE-2025-38132, CVE-2025-38134, CVE-2025-38135,
CVE-2025-38136, CVE-2025-38137, CVE-2025-38138, CVE-2025-38139,
CVE-2025-38140, CVE-2025-38141, CVE-2025-38142, CVE-2025-38143,
CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38148,
CVE-2025-38149, CVE-2025-38151, CVE-2025-38153, CVE-2025-38154,
CVE-2025-38155, CVE-2025-38156, CVE-2025-38157, CVE-2025-38158,
CVE-2025-38159, CVE-2025-38160, CVE-2025-38161, CVE-2025-38162,
CVE-2025-38163, CVE-2025-38164, CVE-2025-38165, CVE-2025-38166,
CVE-2025-38167, CVE-2025-38168, CVE-2025-38169, CVE-2025-38170,
CVE-2025-38172, CVE-2025-38173, CVE-2025-38174, CVE-2025-38175,
CVE-2025-38176, CVE-2025-38265, CVE-2025-38267, CVE-2025-38268,
CVE-2025-38269, CVE-2025-38270, CVE-2025-38272, CVE-2025-38274,
CVE-2025-38275, CVE-2025-38277, CVE-2025-38278, CVE-2025-38279,
CVE-2025-38280, CVE-2025-38281, CVE-2025-38282, CVE-2025-38283,
CVE-2025-38284, CVE-2025-38285, CVE-2025-38286, CVE-2025-38287,
CVE-2025-38288, CVE-2025-38289, CVE-2025-38290, CVE-2025-38291,
CVE-2025-38292, CVE-2025-38293, CVE-2025-38294, CVE-2025-38295,
CVE-2025-38296, CVE-2025-38297, CVE-2025-38298, CVE-2025-38299,
CVE-2025-38300, CVE-2025-38301, CVE-2025-38302, CVE-2025-38303,
CVE-2025-38304, CVE-2025-38305, CVE-2025-38306, CVE-2025-38307,
CVE-2025-38310, CVE-2025-38311, CVE-2025-38312, CVE-2025-38313,
CVE-2025-38314, CVE-2025-38315, CVE-2025-38316, CVE-2025-38317,
CVE-2025-38318, CVE-2025-38319, CVE-2025-38352, CVE-2025-38414,
CVE-2025-38415, CVE-2025-38498, CVE-2025-38499, CVE-2025-39890
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-6.14/6.14.0-1013.13~24.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-6.14/6.14.0-32.32~24.04.1
Ubuntu Security Notice USN-7769-3
September 26, 2025
linux-aws-6.14, linux-hwe-6.14 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-6.14: Linux kernel for Amazon Web Services (AWS) systems
- linux-hwe-6.14: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- Android drivers;
- Bluetooth drivers;
- Bus devices;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Hardware crypto device drivers;
- DMA engine subsystem;
- EDAC drivers;
- Arm Firmware Framework for ARMv8-A(FFA);
- FPGA Framework;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- HW tracing;
- InfiniBand drivers;
- IOMMU subsystem;
- Multiple devices driver;
- Media drivers;
- VMware VMCI Driver;
- MTD block device drivers;
- Network drivers;
- Mellanox network drivers;
- STMicroelectronics network drivers;
- NVDIMM (Non-Volatile Memory Device) drivers;
- NVME drivers;
- NVMEM (Non Volatile Memory) drivers;
- PCI subsystem;
- Amlogic Meson DDR PMU;
- NI-700 PMU driver;
- PHY drivers;
- Pin controllers subsystem;
- x86 platform drivers;
- PTP clock framework;
- SCSI subsystem;
- ASPEED SoC drivers;
- SPI subsystem;
- TCM subsystem;
- Thunderbolt and USB4 drivers;
- TTY drivers;
- UFS subsystem;
- USB core drivers;
- USB Gadget drivers;
- Renesas USBHS Controller drivers;
- USB Type-C Port Controller Manager driver;
- VFIO drivers;
- Virtio Host (VHOST) subsystem;
- Backlight driver;
- Framebuffer layer;
- Virtio drivers;
- BTRFS file system;
- EROFS file system;
- F2FS file system;
- File systems infrastructure;
- Network file systems library;
- NTFS3 file system;
- SMB network file system;
- Codetag library;
- BPF subsystem;
- LZO compression library;
- Mellanox drivers;
- IPv4 networking;
- Bluetooth subsystem;
- Network sockets;
- XFRM subsystem;
- Digital Audio (PCM) driver;
- Tracing infrastructure;
- io_uring subsystem;
- Padata parallel execution mechanism;
- DVFS energy model driver;
- Restartable seuqences system call mechanism;
- Timer subsystem;
- Memory management;
- KASAN memory debugging framework;
- CAN network layer;
- Networking core;
- IPv6 networking;
- Netfilter;
- NetLabel subsystem;
- Open vSwitch;
- Network traffic control;
- TIPC protocol;
- TLS protocol;
- ALSA framework;
- sma1307 audio codecs;
- Intel ASoC drivers;
- MediaTek ASoC drivers;
- USB sound devices;
(CVE-2025-38115, CVE-2025-38004, CVE-2025-38035, CVE-2025-38057,
CVE-2025-38314, CVE-2025-38317, CVE-2025-38074, CVE-2025-38113,
CVE-2025-38130, CVE-2025-38175, CVE-2025-38155, CVE-2025-38062,
CVE-2025-38050, CVE-2025-38159, CVE-2025-38352, CVE-2025-38101,
CVE-2025-38034, CVE-2025-38061, CVE-2025-38288, CVE-2025-38153,
CVE-2025-38043, CVE-2025-38268, CVE-2025-38415, CVE-2025-38291,
CVE-2025-38270, CVE-2025-38044, CVE-2025-38146, CVE-2025-38048,
CVE-2025-38069, CVE-2025-38298, CVE-2025-38058, CVE-2025-38161,
CVE-2025-38158, CVE-2025-38059, CVE-2025-38066, CVE-2025-38047,
CVE-2025-38040, CVE-2025-38112, CVE-2025-38042, CVE-2025-38107,
CVE-2025-38296, CVE-2025-38278, CVE-2025-39890, CVE-2025-38088,
CVE-2025-38174, CVE-2025-38118, CVE-2025-38117, CVE-2025-38110,
CVE-2025-38305, CVE-2025-38136, CVE-2025-38063, CVE-2025-38498,
CVE-2025-38499, CVE-2025-38106, CVE-2025-38292, CVE-2025-38163,
CVE-2025-38169, CVE-2025-38032, CVE-2025-38310, CVE-2025-38302,
CVE-2025-38092, CVE-2025-38052, CVE-2025-38282, CVE-2025-38082,
CVE-2025-38036, CVE-2025-38054, CVE-2025-38105, CVE-2025-38265,
CVE-2025-38116, CVE-2025-38060, CVE-2025-38154, CVE-2025-38280,
CVE-2025-38176, CVE-2025-38156, CVE-2025-38289, CVE-2025-38166,
CVE-2025-38080, CVE-2025-38098, CVE-2025-38127, CVE-2025-38125,
CVE-2025-38172, CVE-2025-38142, CVE-2025-38096, CVE-2025-38055,
CVE-2025-38138, CVE-2025-38126, CVE-2025-38073, CVE-2025-38173,
CVE-2025-38031, CVE-2025-38128, CVE-2025-38064, CVE-2025-38071,
CVE-2025-38099, CVE-2025-38316, CVE-2025-38119, CVE-2025-38108,
CVE-2025-38079, CVE-2025-38301, CVE-2025-38122, CVE-2025-38269,
CVE-2025-38300, CVE-2025-38097, CVE-2025-38318, CVE-2025-38100,
CVE-2025-38045, CVE-2025-38053, CVE-2025-38124, CVE-2025-38295,
CVE-2025-38078, CVE-2025-38037, CVE-2025-38135, CVE-2025-38165,
CVE-2025-38294, CVE-2025-38132, CVE-2025-38065, CVE-2025-38281,
CVE-2025-38145, CVE-2025-38311, CVE-2025-38075, CVE-2025-38033,
CVE-2025-38275, CVE-2025-38319, CVE-2025-38081, CVE-2025-38279,
CVE-2025-38076, CVE-2025-38077, CVE-2025-38068, CVE-2025-38148,
CVE-2025-38313, CVE-2025-38134, CVE-2025-38143, CVE-2025-38102,
CVE-2025-38131, CVE-2025-38283, CVE-2025-38151, CVE-2025-38111,
CVE-2025-38029, CVE-2025-38141, CVE-2025-38277, CVE-2025-38414,
CVE-2025-38147, CVE-2025-38167, CVE-2025-38286, CVE-2025-38315,
CVE-2025-38103, CVE-2025-38303, CVE-2025-38123, CVE-2025-38129,
CVE-2025-38164, CVE-2025-38157, CVE-2025-38306, CVE-2025-38299,
CVE-2025-38307, CVE-2025-38091, CVE-2025-38304, CVE-2025-38149,
CVE-2025-38170, CVE-2025-38137, CVE-2025-38293, CVE-2025-38070,
CVE-2025-38120, CVE-2025-38290, CVE-2025-38003, CVE-2025-38160,
CVE-2025-38039, CVE-2025-38139, CVE-2025-38114, CVE-2025-38041,
CVE-2025-38038, CVE-2025-38168, CVE-2025-38274, CVE-2025-38051,
CVE-2025-38072, CVE-2025-38287, CVE-2025-38067, CVE-2025-38285,
CVE-2025-38284, CVE-2025-38312, CVE-2025-38109, CVE-2025-38272,
CVE-2025-38140, CVE-2025-38162, CVE-2025-38267, CVE-2025-38297)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.14.0-1013-aws 6.14.0-1013.13~24.04.1
linux-image-6.14.0-1013-aws-64k 6.14.0-1013.13~24.04.1
linux-image-6.14.0-32-generic 6.14.0-32.32~24.04.1
linux-image-6.14.0-32-generic-64k 6.14.0-32.32~24.04.1
linux-image-aws 6.14.0-1013.13~24.04.1
linux-image-aws-6.14 6.14.0-1013.13~24.04.1
linux-image-aws-64k 6.14.0-1013.13~24.04.1
linux-image-aws-64k-6.14 6.14.0-1013.13~24.04.1
linux-image-generic-6.14 6.14.0-32.32~24.04.1
linux-image-generic-64k-6.14 6.14.0-32.32~24.04.1
linux-image-generic-64k-hwe-24.04 6.14.0-32.32~24.04.1
linux-image-generic-hwe-24.04 6.14.0-32.32~24.04.1
linux-image-virtual-6.14 6.14.0-32.32~24.04.1
linux-image-virtual-hwe-24.04 6.14.0-32.32~24.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7769-3
https://ubuntu.com/security/notices/USN-7769-2
https://ubuntu.com/security/notices/USN-7769-1
CVE-2025-38003, CVE-2025-38004, CVE-2025-38029, CVE-2025-38031,
CVE-2025-38032, CVE-2025-38033, CVE-2025-38034, CVE-2025-38035,
CVE-2025-38036, CVE-2025-38037, CVE-2025-38038, CVE-2025-38039,
CVE-2025-38040, CVE-2025-38041, CVE-2025-38042, CVE-2025-38043,
CVE-2025-38044, CVE-2025-38045, CVE-2025-38047, CVE-2025-38048,
CVE-2025-38050, CVE-2025-38051, CVE-2025-38052, CVE-2025-38053,
CVE-2025-38054, CVE-2025-38055, CVE-2025-38057, CVE-2025-38058,
CVE-2025-38059, CVE-2025-38060, CVE-2025-38061, CVE-2025-38062,
CVE-2025-38063, CVE-2025-38064, CVE-2025-38065, CVE-2025-38066,
CVE-2025-38067, CVE-2025-38068, CVE-2025-38069, CVE-2025-38070,
CVE-2025-38071, CVE-2025-38072, CVE-2025-38073, CVE-2025-38074,
CVE-2025-38075, CVE-2025-38076, CVE-2025-38077, CVE-2025-38078,
CVE-2025-38079, CVE-2025-38080, CVE-2025-38081, CVE-2025-38082,
CVE-2025-38088, CVE-2025-38091, CVE-2025-38092, CVE-2025-38096,
CVE-2025-38097, CVE-2025-38098, CVE-2025-38099, CVE-2025-38100,
CVE-2025-38101, CVE-2025-38102, CVE-2025-38103, CVE-2025-38105,
CVE-2025-38106, CVE-2025-38107, CVE-2025-38108, CVE-2025-38109,
CVE-2025-38110, CVE-2025-38111, CVE-2025-38112, CVE-2025-38113,
CVE-2025-38114, CVE-2025-38115, CVE-2025-38116, CVE-2025-38117,
CVE-2025-38118, CVE-2025-38119, CVE-2025-38120, CVE-2025-38122,
CVE-2025-38123, CVE-2025-38124, CVE-2025-38125, CVE-2025-38126,
CVE-2025-38127, CVE-2025-38128, CVE-2025-38129, CVE-2025-38130,
CVE-2025-38131, CVE-2025-38132, CVE-2025-38134, CVE-2025-38135,
CVE-2025-38136, CVE-2025-38137, CVE-2025-38138, CVE-2025-38139,
CVE-2025-38140, CVE-2025-38141, CVE-2025-38142, CVE-2025-38143,
CVE-2025-38145, CVE-2025-38146, CVE-2025-38147, CVE-2025-38148,
CVE-2025-38149, CVE-2025-38151, CVE-2025-38153, CVE-2025-38154,
CVE-2025-38155, CVE-2025-38156, CVE-2025-38157, CVE-2025-38158,
CVE-2025-38159, CVE-2025-38160, CVE-2025-38161, CVE-2025-38162,
CVE-2025-38163, CVE-2025-38164, CVE-2025-38165, CVE-2025-38166,
CVE-2025-38167, CVE-2025-38168, CVE-2025-38169, CVE-2025-38170,
CVE-2025-38172, CVE-2025-38173, CVE-2025-38174, CVE-2025-38175,
CVE-2025-38176, CVE-2025-38265, CVE-2025-38267, CVE-2025-38268,
CVE-2025-38269, CVE-2025-38270, CVE-2025-38272, CVE-2025-38274,
CVE-2025-38275, CVE-2025-38277, CVE-2025-38278, CVE-2025-38279,
CVE-2025-38280, CVE-2025-38281, CVE-2025-38282, CVE-2025-38283,
CVE-2025-38284, CVE-2025-38285, CVE-2025-38286, CVE-2025-38287,
CVE-2025-38288, CVE-2025-38289, CVE-2025-38290, CVE-2025-38291,
CVE-2025-38292, CVE-2025-38293, CVE-2025-38294, CVE-2025-38295,
CVE-2025-38296, CVE-2025-38297, CVE-2025-38298, CVE-2025-38299,
CVE-2025-38300, CVE-2025-38301, CVE-2025-38302, CVE-2025-38303,
CVE-2025-38304, CVE-2025-38305, CVE-2025-38306, CVE-2025-38307,
CVE-2025-38310, CVE-2025-38311, CVE-2025-38312, CVE-2025-38313,
CVE-2025-38314, CVE-2025-38315, CVE-2025-38316, CVE-2025-38317,
CVE-2025-38318, CVE-2025-38319, CVE-2025-38352, CVE-2025-38414,
CVE-2025-38415, CVE-2025-38498, CVE-2025-38499, CVE-2025-39890
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-6.14/6.14.0-1013.13~24.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-6.14/6.14.0-32.32~24.04.1
[USN-7764-2] Linux kernel (HWE) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7764-2
September 26, 2025
linux-hwe-6.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-hwe-6.8: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- x86 architecture;
- Compute Acceleration Framework;
- Bus devices;
- AMD CDX bus driver;
- DPLL subsystem;
- EFI core;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Multiple devices driver;
- Network drivers;
- Mellanox network drivers;
- NVME drivers;
- Pin controllers subsystem;
- RapidIO drivers;
- Voltage and Current Regulator drivers;
- SCSI subsystem;
- SLIMbus drivers;
- QCOM SoC drivers;
- UFS subsystem;
- USB DSL drivers;
- Renesas USBHS Controller drivers;
- USB Type-C Connector System Software Interface driver;
- Framebuffer layer;
- ACRN Hypervisor Service Module driver;
- Network file system (NFS) client;
- Proc file system;
- SMB network file system;
- Memory Management;
- Scheduler infrastructure;
- SoC audio core drivers;
- Perf events;
- Tracing infrastructure;
- Memory management;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- Devlink API;
- IPv4 networking;
- IPv6 networking;
- Logical Link layer;
- Management Component Transport Protocol (MCTP);
- Multipath TCP;
- Netfilter;
- Network traffic control;
- Switch device API;
- Wireless networking;
- eXpress Data Path;
(CVE-2025-21945, CVE-2025-21991, CVE-2025-22008, CVE-2025-21996,
CVE-2025-21924, CVE-2025-21986, CVE-2025-21872, CVE-2025-21962,
CVE-2025-22007, CVE-2025-37889, CVE-2025-21889, CVE-2025-21968,
CVE-2025-21903, CVE-2025-21955, CVE-2025-21982, CVE-2025-21929,
CVE-2025-21944, CVE-2025-22004, CVE-2025-21997, CVE-2025-21941,
CVE-2025-22047, CVE-2025-21915, CVE-2025-21995, CVE-2025-22011,
CVE-2025-21891, CVE-2025-22009, CVE-2025-22015, CVE-2024-58090,
CVE-2025-21947, CVE-2025-21976, CVE-2025-21964, CVE-2025-21904,
CVE-2025-21880, CVE-2025-21918, CVE-2025-21950, CVE-2025-21948,
CVE-2025-21888, CVE-2025-22014, CVE-2025-21963, CVE-2025-21875,
CVE-2025-21967, CVE-2025-21972, CVE-2025-21895, CVE-2025-21961,
CVE-2025-21926, CVE-2025-21892, CVE-2025-21916, CVE-2025-21894,
CVE-2025-21930, CVE-2025-21927, CVE-2025-21911, CVE-2025-21936,
CVE-2025-21881, CVE-2025-38569, CVE-2025-21873, CVE-2025-21951,
CVE-2025-22003, CVE-2025-21877, CVE-2025-21908, CVE-2025-21956,
CVE-2025-21977, CVE-2025-21917, CVE-2025-21922, CVE-2025-21959,
CVE-2025-22005, CVE-2025-22017, CVE-2025-22016, CVE-2025-21878,
CVE-2025-21970, CVE-2025-21905, CVE-2025-21978, CVE-2025-21981,
CVE-2025-21980, CVE-2025-21910, CVE-2025-21925, CVE-2025-21885,
CVE-2025-21946, CVE-2025-21937, CVE-2025-21919, CVE-2025-22013,
CVE-2025-21883, CVE-2025-21957, CVE-2025-21914, CVE-2025-21909,
CVE-2025-21934, CVE-2025-21975, CVE-2025-21912, CVE-2025-21969,
CVE-2025-21898, CVE-2025-21890, CVE-2025-21899, CVE-2025-22001,
CVE-2025-21979, CVE-2025-21966, CVE-2025-21935, CVE-2025-21920,
CVE-2025-21913, CVE-2025-22010, CVE-2025-21992, CVE-2025-21960,
CVE-2025-21994, CVE-2025-21999, CVE-2025-21928)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-6.8.0-84-generic 6.8.0-84.84~22.04.1
linux-image-6.8.0-84-generic-64k 6.8.0-84.84~22.04.1
linux-image-generic-6.8 6.8.0-84.84~22.04.1
linux-image-generic-64k-6.8 6.8.0-84.84~22.04.1
linux-image-generic-64k-hwe-22.04 6.8.0-84.84~22.04.1
linux-image-generic-hwe-22.04 6.8.0-84.84~22.04.1
linux-image-oem-22.04 6.8.0-84.84~22.04.1
linux-image-oem-22.04a 6.8.0-84.84~22.04.1
linux-image-oem-22.04b 6.8.0-84.84~22.04.1
linux-image-oem-22.04c 6.8.0-84.84~22.04.1
linux-image-oem-22.04d 6.8.0-84.84~22.04.1
linux-image-virtual-6.8 6.8.0-84.84~22.04.1
linux-image-virtual-hwe-22.04 6.8.0-84.84~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7764-2
https://ubuntu.com/security/notices/USN-7764-1
CVE-2024-58090, CVE-2025-21872, CVE-2025-21873, CVE-2025-21875,
CVE-2025-21877, CVE-2025-21878, CVE-2025-21880, CVE-2025-21881,
CVE-2025-21883, CVE-2025-21885, CVE-2025-21888, CVE-2025-21889,
CVE-2025-21890, CVE-2025-21891, CVE-2025-21892, CVE-2025-21894,
CVE-2025-21895, CVE-2025-21898, CVE-2025-21899, CVE-2025-21903,
CVE-2025-21904, CVE-2025-21905, CVE-2025-21908, CVE-2025-21909,
CVE-2025-21910, CVE-2025-21911, CVE-2025-21912, CVE-2025-21913,
CVE-2025-21914, CVE-2025-21915, CVE-2025-21916, CVE-2025-21917,
CVE-2025-21918, CVE-2025-21919, CVE-2025-21920, CVE-2025-21922,
CVE-2025-21924, CVE-2025-21925, CVE-2025-21926, CVE-2025-21927,
CVE-2025-21928, CVE-2025-21929, CVE-2025-21930, CVE-2025-21934,
CVE-2025-21935, CVE-2025-21936, CVE-2025-21937, CVE-2025-21941,
CVE-2025-21944, CVE-2025-21945, CVE-2025-21946, CVE-2025-21947,
CVE-2025-21948, CVE-2025-21950, CVE-2025-21951, CVE-2025-21955,
CVE-2025-21956, CVE-2025-21957, CVE-2025-21959, CVE-2025-21960,
CVE-2025-21961, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964,
CVE-2025-21966, CVE-2025-21967, CVE-2025-21968, CVE-2025-21969,
CVE-2025-21970, CVE-2025-21972, CVE-2025-21975, CVE-2025-21976,
CVE-2025-21977, CVE-2025-21978, CVE-2025-21979, CVE-2025-21980,
CVE-2025-21981, CVE-2025-21982, CVE-2025-21986, CVE-2025-21991,
CVE-2025-21992, CVE-2025-21994, CVE-2025-21995, CVE-2025-21996,
CVE-2025-21997, CVE-2025-21999, CVE-2025-22001, CVE-2025-22003,
CVE-2025-22004, CVE-2025-22005, CVE-2025-22007, CVE-2025-22008,
CVE-2025-22009, CVE-2025-22010, CVE-2025-22011, CVE-2025-22013,
CVE-2025-22014, CVE-2025-22015, CVE-2025-22016, CVE-2025-22017,
CVE-2025-22047, CVE-2025-37889, CVE-2025-38569
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-84.84~22.04.1
Ubuntu Security Notice USN-7764-2
September 26, 2025
linux-hwe-6.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-hwe-6.8: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- x86 architecture;
- Compute Acceleration Framework;
- Bus devices;
- AMD CDX bus driver;
- DPLL subsystem;
- EFI core;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I2C subsystem;
- InfiniBand drivers;
- Multiple devices driver;
- Network drivers;
- Mellanox network drivers;
- NVME drivers;
- Pin controllers subsystem;
- RapidIO drivers;
- Voltage and Current Regulator drivers;
- SCSI subsystem;
- SLIMbus drivers;
- QCOM SoC drivers;
- UFS subsystem;
- USB DSL drivers;
- Renesas USBHS Controller drivers;
- USB Type-C Connector System Software Interface driver;
- Framebuffer layer;
- ACRN Hypervisor Service Module driver;
- Network file system (NFS) client;
- Proc file system;
- SMB network file system;
- Memory Management;
- Scheduler infrastructure;
- SoC audio core drivers;
- Perf events;
- Tracing infrastructure;
- Memory management;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- Devlink API;
- IPv4 networking;
- IPv6 networking;
- Logical Link layer;
- Management Component Transport Protocol (MCTP);
- Multipath TCP;
- Netfilter;
- Network traffic control;
- Switch device API;
- Wireless networking;
- eXpress Data Path;
(CVE-2025-21945, CVE-2025-21991, CVE-2025-22008, CVE-2025-21996,
CVE-2025-21924, CVE-2025-21986, CVE-2025-21872, CVE-2025-21962,
CVE-2025-22007, CVE-2025-37889, CVE-2025-21889, CVE-2025-21968,
CVE-2025-21903, CVE-2025-21955, CVE-2025-21982, CVE-2025-21929,
CVE-2025-21944, CVE-2025-22004, CVE-2025-21997, CVE-2025-21941,
CVE-2025-22047, CVE-2025-21915, CVE-2025-21995, CVE-2025-22011,
CVE-2025-21891, CVE-2025-22009, CVE-2025-22015, CVE-2024-58090,
CVE-2025-21947, CVE-2025-21976, CVE-2025-21964, CVE-2025-21904,
CVE-2025-21880, CVE-2025-21918, CVE-2025-21950, CVE-2025-21948,
CVE-2025-21888, CVE-2025-22014, CVE-2025-21963, CVE-2025-21875,
CVE-2025-21967, CVE-2025-21972, CVE-2025-21895, CVE-2025-21961,
CVE-2025-21926, CVE-2025-21892, CVE-2025-21916, CVE-2025-21894,
CVE-2025-21930, CVE-2025-21927, CVE-2025-21911, CVE-2025-21936,
CVE-2025-21881, CVE-2025-38569, CVE-2025-21873, CVE-2025-21951,
CVE-2025-22003, CVE-2025-21877, CVE-2025-21908, CVE-2025-21956,
CVE-2025-21977, CVE-2025-21917, CVE-2025-21922, CVE-2025-21959,
CVE-2025-22005, CVE-2025-22017, CVE-2025-22016, CVE-2025-21878,
CVE-2025-21970, CVE-2025-21905, CVE-2025-21978, CVE-2025-21981,
CVE-2025-21980, CVE-2025-21910, CVE-2025-21925, CVE-2025-21885,
CVE-2025-21946, CVE-2025-21937, CVE-2025-21919, CVE-2025-22013,
CVE-2025-21883, CVE-2025-21957, CVE-2025-21914, CVE-2025-21909,
CVE-2025-21934, CVE-2025-21975, CVE-2025-21912, CVE-2025-21969,
CVE-2025-21898, CVE-2025-21890, CVE-2025-21899, CVE-2025-22001,
CVE-2025-21979, CVE-2025-21966, CVE-2025-21935, CVE-2025-21920,
CVE-2025-21913, CVE-2025-22010, CVE-2025-21992, CVE-2025-21960,
CVE-2025-21994, CVE-2025-21999, CVE-2025-21928)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-6.8.0-84-generic 6.8.0-84.84~22.04.1
linux-image-6.8.0-84-generic-64k 6.8.0-84.84~22.04.1
linux-image-generic-6.8 6.8.0-84.84~22.04.1
linux-image-generic-64k-6.8 6.8.0-84.84~22.04.1
linux-image-generic-64k-hwe-22.04 6.8.0-84.84~22.04.1
linux-image-generic-hwe-22.04 6.8.0-84.84~22.04.1
linux-image-oem-22.04 6.8.0-84.84~22.04.1
linux-image-oem-22.04a 6.8.0-84.84~22.04.1
linux-image-oem-22.04b 6.8.0-84.84~22.04.1
linux-image-oem-22.04c 6.8.0-84.84~22.04.1
linux-image-oem-22.04d 6.8.0-84.84~22.04.1
linux-image-virtual-6.8 6.8.0-84.84~22.04.1
linux-image-virtual-hwe-22.04 6.8.0-84.84~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7764-2
https://ubuntu.com/security/notices/USN-7764-1
CVE-2024-58090, CVE-2025-21872, CVE-2025-21873, CVE-2025-21875,
CVE-2025-21877, CVE-2025-21878, CVE-2025-21880, CVE-2025-21881,
CVE-2025-21883, CVE-2025-21885, CVE-2025-21888, CVE-2025-21889,
CVE-2025-21890, CVE-2025-21891, CVE-2025-21892, CVE-2025-21894,
CVE-2025-21895, CVE-2025-21898, CVE-2025-21899, CVE-2025-21903,
CVE-2025-21904, CVE-2025-21905, CVE-2025-21908, CVE-2025-21909,
CVE-2025-21910, CVE-2025-21911, CVE-2025-21912, CVE-2025-21913,
CVE-2025-21914, CVE-2025-21915, CVE-2025-21916, CVE-2025-21917,
CVE-2025-21918, CVE-2025-21919, CVE-2025-21920, CVE-2025-21922,
CVE-2025-21924, CVE-2025-21925, CVE-2025-21926, CVE-2025-21927,
CVE-2025-21928, CVE-2025-21929, CVE-2025-21930, CVE-2025-21934,
CVE-2025-21935, CVE-2025-21936, CVE-2025-21937, CVE-2025-21941,
CVE-2025-21944, CVE-2025-21945, CVE-2025-21946, CVE-2025-21947,
CVE-2025-21948, CVE-2025-21950, CVE-2025-21951, CVE-2025-21955,
CVE-2025-21956, CVE-2025-21957, CVE-2025-21959, CVE-2025-21960,
CVE-2025-21961, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964,
CVE-2025-21966, CVE-2025-21967, CVE-2025-21968, CVE-2025-21969,
CVE-2025-21970, CVE-2025-21972, CVE-2025-21975, CVE-2025-21976,
CVE-2025-21977, CVE-2025-21978, CVE-2025-21979, CVE-2025-21980,
CVE-2025-21981, CVE-2025-21982, CVE-2025-21986, CVE-2025-21991,
CVE-2025-21992, CVE-2025-21994, CVE-2025-21995, CVE-2025-21996,
CVE-2025-21997, CVE-2025-21999, CVE-2025-22001, CVE-2025-22003,
CVE-2025-22004, CVE-2025-22005, CVE-2025-22007, CVE-2025-22008,
CVE-2025-22009, CVE-2025-22010, CVE-2025-22011, CVE-2025-22013,
CVE-2025-22014, CVE-2025-22015, CVE-2025-22016, CVE-2025-22017,
CVE-2025-22047, CVE-2025-37889, CVE-2025-38569
Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-84.84~22.04.1
Thursday, September 25, 2025
[USN-7778-1] sha.js vulnerability
==========================================================================
Ubuntu Security Notice USN-7778-1
September 25, 2025
node-sha.js vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
sha.js could be made to consume resources or return incorrect hash
values if it received specially crafted input.
Software Description:
- node-sha.js: Streamable SHA hashes in pure javascript
Details:
Nikita Skovoroda discovered that sha.js did not properly handle
certain inputs. An attacker could possibly use this issue to manipulate
the internal state of hash functions, resulting in hash collisions,
denial of service, or other unspecified impact.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
node-sha.js 2.4.11+~2.4.0-2+deb13u1build0.25.04.1
Ubuntu 24.04 LTS
node-sha.js 2.4.11+~2.4.0-2+deb13u1build0.24.04.1
Ubuntu 22.04 LTS
node-sha.js 2.4.11+~2.4.0-1ubuntu0.1
Ubuntu 20.04 LTS
node-sha.js 2.4.11-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
node-sha.js 2.4.9-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7778-1
CVE-2025-9288
Package Information:
https://launchpad.net/ubuntu/+source/node-sha.js/2.4.11+~2.4.0-2+deb13u1build0.25.04.1
https://launchpad.net/ubuntu/+source/node-sha.js/2.4.11+~2.4.0-2+deb13u1build0.24.04.1
https://launchpad.net/ubuntu/+source/node-sha.js/2.4.11+~2.4.0-1ubuntu0.1
Ubuntu Security Notice USN-7778-1
September 25, 2025
node-sha.js vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
sha.js could be made to consume resources or return incorrect hash
values if it received specially crafted input.
Software Description:
- node-sha.js: Streamable SHA hashes in pure javascript
Details:
Nikita Skovoroda discovered that sha.js did not properly handle
certain inputs. An attacker could possibly use this issue to manipulate
the internal state of hash functions, resulting in hash collisions,
denial of service, or other unspecified impact.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
node-sha.js 2.4.11+~2.4.0-2+deb13u1build0.25.04.1
Ubuntu 24.04 LTS
node-sha.js 2.4.11+~2.4.0-2+deb13u1build0.24.04.1
Ubuntu 22.04 LTS
node-sha.js 2.4.11+~2.4.0-1ubuntu0.1
Ubuntu 20.04 LTS
node-sha.js 2.4.11-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
node-sha.js 2.4.9-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7778-1
CVE-2025-9288
Package Information:
https://launchpad.net/ubuntu/+source/node-sha.js/2.4.11+~2.4.0-2+deb13u1build0.25.04.1
https://launchpad.net/ubuntu/+source/node-sha.js/2.4.11+~2.4.0-2+deb13u1build0.24.04.1
https://launchpad.net/ubuntu/+source/node-sha.js/2.4.11+~2.4.0-1ubuntu0.1
F44 Change Proposal: Unified_KDE_OOBE [SystemWide]
Wiki: https://fedoraproject.org/wiki/Changes/Unified_KDE_OOBE
Discussion Thread: https://discussion.fedoraproject.org/t/165126
**This is a proposed Change for Fedora Linux.**
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
== Summary ==
All Fedora KDE variants will use the KDE Initial System Setup application to configure the system after installation. Anaconda will have redundant settings disabled for installation.
== Owner ==
* Name: [[User:ngompa| Neal Gompa]]
* Email: ngompa13@gmail.com
== Detailed Description ==
A new integrated initial setup experience will be released alongside the upcoming KDE Plasma 6.6 release. As part of shipping this, the Fedora KDE Anaconda profiles will be tweaked to turn off configuration stages that duplicate the initial setup. This will change the Fedora KDE Plasma Desktop Edition, Fedora KDE Plasma Mobile Spin, and Fedora Kinoite.
== Feedback ==
== Benefit to Fedora ==
This allows Fedora KDE variants to unify the installation flows for live and disk image deliverables, and enables a mobile-friendly initial setup process for the Plasma Mobile variants. Additionally, this also enables Fedora KDE variants for OEM deployments.
== Scope ==
* Proposal owners:
** Packaging: Package <code>plasma-setup</code>
** Anaconda: Update <code>fedora-kde</code> profile to drop redundant spokes
** Comps: Drop <code>kde-spin-initial-setup</code> group, add <code>plasma-setup</code> to <code>kde-desktop</code> group
** Kiwi descriptions: Merge https://pagure.io/fedora-kiwi-descriptions/pull-request/214
** QA: OpenQA needles need updating to account for this Change.
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with the Fedora Strategy: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
There is no impact on existing systems, this only affects new installs.
== Early Testing (Optional) ==
Do you require 'QA Blueprint' support? Yes.
== How To Test ==
Once the Anaconda changes and kiwi descriptions updates are merged, this can be tested by downloading a Rawhide Fedora KDE image and going through the normal install process.
== User Experience ==
New installs for Fedora KDE variants will have a simplified live install experience where accounts and date/time settings are deferred to first boot. The first boot experience will provide a KDE-native method to set up the first user and provide basic system-wide configuration.
== Dependencies ==
* <code>anaconda</code>
* <code>plasma-setup</code>
== Contingency Plan ==
* Contingency mechanism: Revert back to F43 configuration and use Anaconda Initial Setup again.
* Contingency deadline: Beta Freeze
* Blocks release? Yes.
== Documentation ==
Upstream announcement about KDE Initial System Setup (now called Plasma Setup): https://blogs.kde.org/2025/08/23/this-week-in-plasma-kde-initial-system-setup/
== Release Notes ==
Fedora KDE variants now provide an integrated out-of-box first-run experience that give the user the opportunity to configure their system post-install. This also enables Fedora KDE variants for OEM deployments.
Discussion Thread: https://discussion.fedoraproject.org/t/165126
**This is a proposed Change for Fedora Linux.**
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
== Summary ==
All Fedora KDE variants will use the KDE Initial System Setup application to configure the system after installation. Anaconda will have redundant settings disabled for installation.
== Owner ==
* Name: [[User:ngompa| Neal Gompa]]
* Email: ngompa13@gmail.com
== Detailed Description ==
A new integrated initial setup experience will be released alongside the upcoming KDE Plasma 6.6 release. As part of shipping this, the Fedora KDE Anaconda profiles will be tweaked to turn off configuration stages that duplicate the initial setup. This will change the Fedora KDE Plasma Desktop Edition, Fedora KDE Plasma Mobile Spin, and Fedora Kinoite.
== Feedback ==
== Benefit to Fedora ==
This allows Fedora KDE variants to unify the installation flows for live and disk image deliverables, and enables a mobile-friendly initial setup process for the Plasma Mobile variants. Additionally, this also enables Fedora KDE variants for OEM deployments.
== Scope ==
* Proposal owners:
** Packaging: Package <code>plasma-setup</code>
** Anaconda: Update <code>fedora-kde</code> profile to drop redundant spokes
** Comps: Drop <code>kde-spin-initial-setup</code> group, add <code>plasma-setup</code> to <code>kde-desktop</code> group
** Kiwi descriptions: Merge https://pagure.io/fedora-kiwi-descriptions/pull-request/214
** QA: OpenQA needles need updating to account for this Change.
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with the Fedora Strategy: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
There is no impact on existing systems, this only affects new installs.
== Early Testing (Optional) ==
Do you require 'QA Blueprint' support? Yes.
== How To Test ==
Once the Anaconda changes and kiwi descriptions updates are merged, this can be tested by downloading a Rawhide Fedora KDE image and going through the normal install process.
== User Experience ==
New installs for Fedora KDE variants will have a simplified live install experience where accounts and date/time settings are deferred to first boot. The first boot experience will provide a KDE-native method to set up the first user and provide basic system-wide configuration.
== Dependencies ==
* <code>anaconda</code>
* <code>plasma-setup</code>
== Contingency Plan ==
* Contingency mechanism: Revert back to F43 configuration and use Anaconda Initial Setup again.
* Contingency deadline: Beta Freeze
* Blocks release? Yes.
== Documentation ==
Upstream announcement about KDE Initial System Setup (now called Plasma Setup): https://blogs.kde.org/2025/08/23/this-week-in-plasma-kde-initial-system-setup/
== Release Notes ==
Fedora KDE variants now provide an integrated out-of-box first-run experience that give the user the opportunity to configure their system post-install. This also enables Fedora KDE variants for OEM deployments.
F45 Change Proposal: TeXLive2025 [SystemWide]
Wiki: https://fedoraproject.org/wiki/Changes/TeXLive2025
Discussion Thread: https://discussion.fedoraproject.org/t/165119
**This is a proposed Change for Fedora Linux.**
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
== Summary ==
TeX Live is intended to be a straightforward way to get up and running with the TeX document production system. It provides a comprehensive TeX system with binaries for most flavors of Unix, including GNU/Linux and macOS, and also Windows. It includes all the major TeX-related programs, macro packages, and fonts that are free software, including support for many languages around the world.
This change will update TeXLive in Fedora to 2025, and move to a modular packaging approach that allows for more fine grained upgrades and maintenance.
== Owner ==
* Name: [[User:spot| Tom Callaway]]
* Email: spotrh@gmail.com
== Detailed Description ==
The Fedora "texlive" package is the largest RPM spec file in Fedora. While it was broken into two packages ("texlive" and "texlive-base") a few years ago, the "texlive" spec contained thousands of sources and was very difficult to maintain. Additionally, because all of the noarch components lived in a single SRPM, updating any component generated an update for _all_ noarch texlive components.
With this change, we update to the latest version of TeXLive (2025) but we also move to a modularized packaging system, which splits the "texlive" SPEC into a set of collection and scheme packages, reflecting the categorization that TeXLive upstream defines. Each collection package will package the immediate component dependencies as subpackages.
This will require 50+ new package reviews.
== Feedback ==
The alternatives to this change are:
* Just update the existing texlive/texlive-base files to TeXLive 2025. While possible, it is very difficult to get a single spec file updated. In 2023, this took me several months. This time, I chose to invest time in developing a modular approach instead. I also created a set of python tools to generate these collection/scheme spec files, which I plan to open source (but not package in Fedora because that's just too meta).
* Leave TeXLive at the 2023 revision. This is not ideal and not in keeping with Fedora's "First" principle. Additionally, users have asked for the 2025 update.
== Benefit to Fedora ==
The modular packaging approach will make TeXLive easier to maintain and update in Fedora. It is my hope that other maintainers will feel more empowered to help maintain subsections of TeXLive that they care about, but even if not, it will be easier for _me_ to maintain it. This approach will also lower the number of updates pushed to Fedora users with any parts of TeXLive installed.
TeXLive 2025 provides a few key advantages:
* It generates PDF-1.7 format files by default
* Scaling fonts to >= 2048pt now results in an error message, instead of (unhandled) arithmetic overflow or silent changing of the user's value
* Improvements to LuaTeX and pdfTeX
* Many individual components have had updates since TeXLive 2025.
== Scope ==
* Proposal owners:
50+ package reviews for the new modular set of texlive packages. These spec files, while sometimes long, are simple. None of them have %build sections, and their %install sections are 95% code copying, and 5% patching or file delete/move operations.
None of them depend on other Fedora package changes, though, we will recommend a change to emacs-auctex to better detect the current set of TeX provides.
With the exception of emacs-auctex, we do not anticipate any other developers will need to make changes. The goal is for any TeX documentation in other Fedora packages to continue to render and save without issue.
While a mass rebuild is not required, it has been beneficial in the past to identify bugs in TeXLive. Because the scope of TeXLive within Fedora is just generated documentation in TeX format, failures here are usually worked around by providing a pre-rendered document.
* Trademark approval: N/A (not needed for this Change)
* Alignment with the Fedora Strategy:
TeXLive provides a broad set of internationalization support, allowing people to work in their native languages. Keeping TeXLive current helps Fedora "Reach the World".
== Upgrade/compatibility impact ==
Users may wish to delete their local cache in ~/.texlive2023. After upgrade, a new ~/.texlive2025 directory will be created and used.
== Early Testing (Optional) ==
== How To Test ==
The "texlive-base" package contains some local testing to ensure it is being built with a working TeXLive environment, and it also runs the full upstream test suite. No special hardware or data is needed to test. Expected outcome is that TeX documents render properly.
== User Experience ==
Users will get the latest version of the TeXLive components and system. Users will also get _less_ TeXLive package updates from Fedora.
== Dependencies ==
Fedora packages with TeX-format documentation which render that documentation as part of the build process. No other changes outside of the TeXLive system are necessary for this change.
== Contingency Plan ==
== Documentation ==
https://www.tug.org/texlive/doc/texlive-en/texlive-en.html#news
== Release Notes ==
Fedora has updated TeXLive to 2025. It has also split out its packaging by collections in order to improve maintainer sanity and minimize texlive package updates to end users.
Discussion Thread: https://discussion.fedoraproject.org/t/165119
**This is a proposed Change for Fedora Linux.**
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
== Summary ==
TeX Live is intended to be a straightforward way to get up and running with the TeX document production system. It provides a comprehensive TeX system with binaries for most flavors of Unix, including GNU/Linux and macOS, and also Windows. It includes all the major TeX-related programs, macro packages, and fonts that are free software, including support for many languages around the world.
This change will update TeXLive in Fedora to 2025, and move to a modular packaging approach that allows for more fine grained upgrades and maintenance.
== Owner ==
* Name: [[User:spot| Tom Callaway]]
* Email: spotrh@gmail.com
== Detailed Description ==
The Fedora "texlive" package is the largest RPM spec file in Fedora. While it was broken into two packages ("texlive" and "texlive-base") a few years ago, the "texlive" spec contained thousands of sources and was very difficult to maintain. Additionally, because all of the noarch components lived in a single SRPM, updating any component generated an update for _all_ noarch texlive components.
With this change, we update to the latest version of TeXLive (2025) but we also move to a modularized packaging system, which splits the "texlive" SPEC into a set of collection and scheme packages, reflecting the categorization that TeXLive upstream defines. Each collection package will package the immediate component dependencies as subpackages.
This will require 50+ new package reviews.
== Feedback ==
The alternatives to this change are:
* Just update the existing texlive/texlive-base files to TeXLive 2025. While possible, it is very difficult to get a single spec file updated. In 2023, this took me several months. This time, I chose to invest time in developing a modular approach instead. I also created a set of python tools to generate these collection/scheme spec files, which I plan to open source (but not package in Fedora because that's just too meta).
* Leave TeXLive at the 2023 revision. This is not ideal and not in keeping with Fedora's "First" principle. Additionally, users have asked for the 2025 update.
== Benefit to Fedora ==
The modular packaging approach will make TeXLive easier to maintain and update in Fedora. It is my hope that other maintainers will feel more empowered to help maintain subsections of TeXLive that they care about, but even if not, it will be easier for _me_ to maintain it. This approach will also lower the number of updates pushed to Fedora users with any parts of TeXLive installed.
TeXLive 2025 provides a few key advantages:
* It generates PDF-1.7 format files by default
* Scaling fonts to >= 2048pt now results in an error message, instead of (unhandled) arithmetic overflow or silent changing of the user's value
* Improvements to LuaTeX and pdfTeX
* Many individual components have had updates since TeXLive 2025.
== Scope ==
* Proposal owners:
50+ package reviews for the new modular set of texlive packages. These spec files, while sometimes long, are simple. None of them have %build sections, and their %install sections are 95% code copying, and 5% patching or file delete/move operations.
None of them depend on other Fedora package changes, though, we will recommend a change to emacs-auctex to better detect the current set of TeX provides.
With the exception of emacs-auctex, we do not anticipate any other developers will need to make changes. The goal is for any TeX documentation in other Fedora packages to continue to render and save without issue.
While a mass rebuild is not required, it has been beneficial in the past to identify bugs in TeXLive. Because the scope of TeXLive within Fedora is just generated documentation in TeX format, failures here are usually worked around by providing a pre-rendered document.
* Trademark approval: N/A (not needed for this Change)
* Alignment with the Fedora Strategy:
TeXLive provides a broad set of internationalization support, allowing people to work in their native languages. Keeping TeXLive current helps Fedora "Reach the World".
== Upgrade/compatibility impact ==
Users may wish to delete their local cache in ~/.texlive2023. After upgrade, a new ~/.texlive2025 directory will be created and used.
== Early Testing (Optional) ==
== How To Test ==
The "texlive-base" package contains some local testing to ensure it is being built with a working TeXLive environment, and it also runs the full upstream test suite. No special hardware or data is needed to test. Expected outcome is that TeX documents render properly.
== User Experience ==
Users will get the latest version of the TeXLive components and system. Users will also get _less_ TeXLive package updates from Fedora.
== Dependencies ==
Fedora packages with TeX-format documentation which render that documentation as part of the build process. No other changes outside of the TeXLive system are necessary for this change.
== Contingency Plan ==
== Documentation ==
https://www.tug.org/texlive/doc/texlive-en/texlive-en.html#news
== Release Notes ==
Fedora has updated TeXLive to 2025. It has also split out its packaging by collections in order to improve maintainer sanity and minimize texlive package updates to end users.
F44 Change Proposal: KojiServiceImageBuilderRemoval [SystemWide]
Wiki: https://fedoraproject.org/wiki/Changes/KojiServiceImageBuilderRemoval
Discussion Thread: https://discussion.fedoraproject.org/t/165111
**This is a proposed Change for Fedora Linux.**
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
== Summary ==
Since Fedora 43 there are two ways to interact with Red Hat Image Builder to build images. Local (on the Koji workers) or through an external service (through the service's infrastructure). This proposal drops the service parts while keeping the Koji-local builds.
== Owner ==
* Name: [[User:supakeen| Simon de vlieger]]
* Email: cmdr@supakeen.com
== Detailed Description ==
Currently two plugins are deployed on Fedora Koji's infrastructure to interact with Red Hat Image Builder. There's `koji-osbuild` and `koji-image-builder`.
`koji-osbuild` tasks create API requests to Red Hat Image Builder's API and the results of these tasks are attached to builds. `koji-image-builder` performs builds directly on Koji workers in the same way as Lorax, or Kiwi do.
In Fedora 43 we transitioned Editions and Spins using `koji-osbuild` to `koji-image-builder`. See [[Changes/KojiLocalImageBuilder]].
With that change proposal implemented no deliverables are produced with the Red Hat Image Builder service, however the team is still maintaining its infrastructure for it (builders that are used to build Fedora artifacts). Since this plugin is no longer in use we'd like to drop it from Fedora's Koji configuration and afterwards to decommission the infrastructure maintained for it.
This means that users no longer have access to the `osbuildImage` task type in Koji; but can migrate to the `imageBuilderBuild` task type.
Current users of `koji-osbuild` have already been migrated to `koji-image-builder` but for completeness the following artifacts are produced by it since Fedora 43:
* ARM SIG's Minimal disk images.
* Fedora IoT disk images.
* Fedora IoT Anaconda ISOs.
* Fedora IoT CoreOS installer ISOs.
Fedora IoT is the last to be building images with `osbuildImage` (for Fedora 42). We'll coordinate with them that these are turned off after Fedora 43 final.
== Feedback ==
None yet.
== Benefit to Fedora ==
The benefit is mostly to the Image Builder team as we can decommission a chunk of our hardware. For Fedora the benefits are: fewer packages and simplified configuration on for Koji and Pungi and less confusion for those maintaining these systems.
Real benefits were mostly part of the previous change where we migrated Fedora off of the service and made the service obsolete. See [[Changes/KojiLocalImageBuilder]].
== Scope ==
* Proposal owners:
** Create PR to remove Fedora 42 builds with `osbuildImage` for Fedora IoT.
** Create PR to remove `osbuildImage` configuration and packages from Koji staging.
** Create PR to remove `osbuildImage` configuration and packages from Koji production.
* Other developers: None.
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A
* Alignment with the Fedora Strategy: I don't know.
== Upgrade/compatibility impact ==
Not applicable for this change.
== Early Testing (Optional) ==
Not applicable for this change.
== How To Test ==
Not applicable for this change.
== User Experience ==
Not applicable for this change.
== Contingency Plan ==
There is no contingency plan. Generally we don't build the other releases for which this Koji plugin was used. If we do want to build them they can be built with the Koji local version instead.
== Documentation ==
None.
== Release Notes ==
Nothing will change in the distro itself.
Discussion Thread: https://discussion.fedoraproject.org/t/165111
**This is a proposed Change for Fedora Linux.**
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
== Summary ==
Since Fedora 43 there are two ways to interact with Red Hat Image Builder to build images. Local (on the Koji workers) or through an external service (through the service's infrastructure). This proposal drops the service parts while keeping the Koji-local builds.
== Owner ==
* Name: [[User:supakeen| Simon de vlieger]]
* Email: cmdr@supakeen.com
== Detailed Description ==
Currently two plugins are deployed on Fedora Koji's infrastructure to interact with Red Hat Image Builder. There's `koji-osbuild` and `koji-image-builder`.
`koji-osbuild` tasks create API requests to Red Hat Image Builder's API and the results of these tasks are attached to builds. `koji-image-builder` performs builds directly on Koji workers in the same way as Lorax, or Kiwi do.
In Fedora 43 we transitioned Editions and Spins using `koji-osbuild` to `koji-image-builder`. See [[Changes/KojiLocalImageBuilder]].
With that change proposal implemented no deliverables are produced with the Red Hat Image Builder service, however the team is still maintaining its infrastructure for it (builders that are used to build Fedora artifacts). Since this plugin is no longer in use we'd like to drop it from Fedora's Koji configuration and afterwards to decommission the infrastructure maintained for it.
This means that users no longer have access to the `osbuildImage` task type in Koji; but can migrate to the `imageBuilderBuild` task type.
Current users of `koji-osbuild` have already been migrated to `koji-image-builder` but for completeness the following artifacts are produced by it since Fedora 43:
* ARM SIG's Minimal disk images.
* Fedora IoT disk images.
* Fedora IoT Anaconda ISOs.
* Fedora IoT CoreOS installer ISOs.
Fedora IoT is the last to be building images with `osbuildImage` (for Fedora 42). We'll coordinate with them that these are turned off after Fedora 43 final.
== Feedback ==
None yet.
== Benefit to Fedora ==
The benefit is mostly to the Image Builder team as we can decommission a chunk of our hardware. For Fedora the benefits are: fewer packages and simplified configuration on for Koji and Pungi and less confusion for those maintaining these systems.
Real benefits were mostly part of the previous change where we migrated Fedora off of the service and made the service obsolete. See [[Changes/KojiLocalImageBuilder]].
== Scope ==
* Proposal owners:
** Create PR to remove Fedora 42 builds with `osbuildImage` for Fedora IoT.
** Create PR to remove `osbuildImage` configuration and packages from Koji staging.
** Create PR to remove `osbuildImage` configuration and packages from Koji production.
* Other developers: None.
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A
* Alignment with the Fedora Strategy: I don't know.
== Upgrade/compatibility impact ==
Not applicable for this change.
== Early Testing (Optional) ==
Not applicable for this change.
== How To Test ==
Not applicable for this change.
== User Experience ==
Not applicable for this change.
== Contingency Plan ==
There is no contingency plan. Generally we don't build the other releases for which this Koji plugin was used. If we do want to build them they can be built with the Koji local version instead.
== Documentation ==
None.
== Release Notes ==
Nothing will change in the distro itself.
Subscribe to:
Comments (Atom)