Multiple security vulnerabilities were discovered in the Linux kernel, affecting Ubuntu systems and their derivatives. These vulnerabilities were fixed in various updates, including USN-7910-2 for Linux kernel (Azure), USN-7909-4 for Linux kernel (GCP), GKE, and GKEOP, and USN-7889-5 for Linux kernel (IBM). The updates correct flaws in various subsystems, such as architecture-specific code, drivers, and file systems.
[USN-7910-2] Linux kernel (Azure) vulnerabilities
[USN-7909-4] Linux kernel vulnerabilities
[USN-7889-5] Linux kernel (IBM) vulnerabilities
[USN-7906-2] Linux kernel (GCP) vulnerabilities
Ubuntu Linux has released several security updates to address various vulnerabilities in its Linux kernel. These updates include fixes for FIPS-compliant versions of the kernel used by Google Cloud (USN-7907-4), Microsoft Azure (USN-7910-1), and generic FIPS (USN-7909-3). Additionally, other updates have been released to address vulnerabilities in the real-time Linux kernel (USN-7909-2) and IoT-focused versions of the kernel (USN-7874-3). Other software affected includes CUPS (with multiple advisories, USN-7912-1 and USN-7912-2), MAME (USN-7913-1), and various Linux kernel advisories.
[USN-7907-4] Linux kernel (GCP FIPS) vulnerabilities
[USN-7907-3] Linux kernel vulnerabilities
[USN-7911-1] Linux kernel vulnerabilities
[USN-7910-1] Linux kernel (Azure FIPS) vulnerabilities
[USN-7909-3] Linux kernel (FIPS) vulnerabilities
[USN-7909-2] Linux kernel (Real-time) vulnerabilities
[USN-7889-4] Linux kernel vulnerabilities
[USN-7879-4] Linux kernel vulnerabilities
[USN-7909-1] Linux kernel vulnerabilities
[USN-7912-2] CUPS vulnerability
[USN-7913-1] MAME vulnerabilities
[USN-7874-3] Linux kernel (IoT) vulnerabilities
[USN-7912-1] CUPS vulnerability
Ubuntu has released several security updates for various packages, including Linux kernel vulnerabilities (USN-7906-1, USN-7861-5, and USN-7907-2) that affect Ubuntu 25.10, 24.04 LTS, and 18.04 LTS versions. The updates fix multiple issues in the Linux kernel, such as insufficient branch predictor isolation, incorrect handling of memory operations, and flaws in various subsystems. Additionally, there are security notices for PostgreSQL vulnerabilities (USN-7908-1) that affect Ubuntu 25.10, 25.04, 24.04 LTS, and 22.04 LTS versions, and a KDE Connect vulnerability (USN-7905-1) affecting Ubuntu 25.10. The updates also include fixes for Ghostscript vulnerabilities (USN-7904-1) that affect various Ubuntu versions, including 20.04 LTS, 18.04 LTS, and 16.04 LTS.
[USN-7906-1] Linux kernel vulnerabilities
[USN-7908-1] PostgreSQL vulnerabilities
[USN-7861-5] Linux kernel vulnerabilities
[USN-7907-2] Linux kernel (FIPS) vulnerabilities
[USN-7907-1] Linux kernel vulnerabilities
[USN-7905-1] KDE Connect vulnerability
[USN-7904-1] Ghostscript vulnerabilities
USN-7855-1 partially fixed a regression issue in Unbound, which Ubuntu Security Notice USN-7855-2 addresses. The regression could lead to domain hijack attacks if an attacker exploited it. To resolve this issue, users need to update their system to the specified package versions for their Ubuntu release. Separately, Ubuntu Security Notice USN-7903-1 addresses several vulnerabilities in Django, including one that allowed arbitrary SQL commands and another that caused a denial of service due to inefficient deserialization of XML objects. The affected releases include multiple long-term support (LTS) versions of Ubuntu, with update instructions provided for each release.
[USN-7855-2] Unbound regression
[USN-7903-1] Django vulnerabilities
Ubuntu Linux has released several security updates to address vulnerabilities in different software packages. The USN-7899-1 update addresses issues with GNU binutils, while the next three updates (USN-7900-1 through USN-7902-1) target various vulnerabilities in CRaC JDK versions 17, 21, and 25. These updates aim to improve system security by patching known weaknesses. Users are advised to review the specific details of each update for more information on the affected packages and recommended actions.
[USN-7899-1] GNU binutils vulnerabilities
[USN-7900-1] CRaC JDK 17 vulnerabilities
[USN-7901-1] CRaC JDK 21 vulnerabilities
[USN-7902-1] CRaC JDK 25 vulnerabilities
Liquorix Linux kernel version 6.17-12 has been released, which is based on the stable Linux kernel 6.17.10 and designed to optimize desktop experiences for multimedia and gaming workloads. The new kernel has several important updates, like adjustments that make the system respond faster instead of saving power, better management of input/output and memory, and improved CPUFreq control for quicker responses when needed. Additionally, Liquorix 6.17-12 includes better scheduling for high-resolution tasks, a way to manage real-time processes, and support for Budget Fair Queue (BFQ) and TCP BBR2 Congestion Control The kernel can be easily installed on Debian, Ubuntu, or Arch Linux using a provided script or through their own PPA, making it a straightforward replacement for the standard kernel.
Steven Barrett has released the Liquorix Linux kernel 6.17-11. The kernel features Zen Interactive Tuning, which adjusts system settings to prioritize responsiveness over power-saving, as well as optimized I/O and memory management. There are also improvements for better performance, like more precise scheduling, better handling of real-time tasks, and support for Budget Fair Queue (BFQ Users can easily install the kernel using a provided script or by downloading binary builds from Liquorix's PPA repository, which supports Debian, Ubuntu, and Arch Linux distributions.
A security issue has been discovered in EDK II, which affects Ubuntu 24.04 LTS and 22.04 LTS systems. The issue was introduced as part of an earlier update to fix vulnerabilities in EDK II, but it inadvertently caused a regression in UEFI network boot functionality. To address this issue, users need to update their systems to specific package versions and then restart any virtual machines that use the affected firmware. This update is intended to revert the fixes for two CVEs (CVE-2023-45236 and CVE-2023-45237) while further investigation into the issue continues.
[USN-7894-2] EDK II regression
Ubuntu has released several security notices (USN-7897-1, USN-7890-1, USN-7898-1, USN-7852-2, USN-7896-1, and USN-7895-1) to address vulnerabilities in various packages, including CUPS, FFmpeg, OpenVPN, libxml2, and WebKitGTK. The vulnerabilities could allow attackers to crash or run programs as administrators, cause denial of service, or execute arbitrary code. Affected Ubuntu releases include 25.10, 25.04, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS.
[USN-7897-1] CUPS vulnerability
[USN-7890-1] FFmpeg vulnerability
[USN-7898-1] OpenVPN vulnerability
[USN-7852-2] libxml2 vulnerability
[USN-7896-1] libxml2 vulnerabilities
[USN-7895-1] WebKitGTK vulnerabilities
Ubuntu Linux has released several security updates to address vulnerabilities in various components. These updates include fixes for the Linux kernel (Real-time and FIPS) as well as other affected packages such as H2O, Valkey, Python, rust-openssl, and EDK II. Additionally, vulnerabilities in the Linux kernel have also been addressed. Users are advised to install these security updates to ensure their system's security.
[USN-7889-3] Linux kernel (Real-time) vulnerabilities
[USN-7889-2] Linux kernel (FIPS) vulnerabilities
[USN-7879-3] Linux kernel vulnerabilities
[USN-7892-1] H2O vulnerability
[USN-7893-1] Valkey vulnerabilities
[USN-7886-2] Python vulnerabilities
[USN-7891-1] rust-openssl vulnerabilities
[USN-7894-1] EDK II vulnerabilities
Ubuntu has issued security notices for several vulnerabilities affecting various packages, including runC, cups-filters, and Python. The notices address issues such as incorrect handling of masked paths (CVE-2025-31133), malformed TIFF image files (CVE-2025-57812), and inefficiently handled expanding system environment variables in Python (CVE-2025-6075). Additionally, the Linux kernel (Raspberry Pi Real-time) has been updated to fix vulnerabilities affecting various subsystems. Users are advised to update their systems with the corresponding package versions to address these security issues.
[USN-7851-2] runC regression
[USN-7878-2] cups-filters vulnerabilities
[USN-7887-1] Linux kernel (Raspberry Pi Real-time) vulnerabilities
[USN-7886-1] Python vulnerabilities
Liquorix Linux Kernel 6.17-10 has been released by Steven Barrett, based on the stable kernel 6.17.9, with several notable improvements aimed at optimizing desktop performance for multimedia and gaming workloads. The kernel features interactive tuning to prioritize responsiveness over power saving, optimized I/O and memory management, and enhanced CPUFreq control for faster responsiveness when needed. Liquorix 6.17-10 also has extra features to improve performance, like better scheduling, handling of real-time tasks, and support for Budget Fair Queue (BFQ) and TCP The kernel is designed to be easy to deploy on Debian, Ubuntu, or Arch Linux using binary builds available through the Liquorix PPA, and installation is made simple by an automatic installation script.
Ubuntu Linux has released several security updates to address vulnerabilities in the operating system. These updates include fixes for the Linux kernel, specifically affecting OEM and real-time versions. The updates aim to improve the security of Ubuntu by patching known issues in the core components of the system.
[USN-7880-1] Linux kernel (OEM) vulnerabilities
[USN-7879-2] Linux kernel (Real-time) vulnerabilities
[USN-7879-1] Linux kernel vulnerabilities
Ubuntu Security Notices USN-7876-1, USN-7878-1, and USN-7877-1 have been issued for vulnerabilities in ImageMagick, cups-filters, and libcupsfilters, respectively. The notices affect various Ubuntu releases, including 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, 16.04 LTS, and 14.04 LTS, as well as newer releases such as Ubuntu 25.10 and 25.04. The vulnerabilities in ImageMagick could allow an attacker to crash the program or execute arbitrary code by opening a specially crafted file, while cups-filters and libcupsfilters had issues with handling malformed TIFF image files and PDF document files. Users are advised to update their systems to the latest package versions to fix these security issues.
[USN-7876-1] ImageMagick vulnerability
[USN-7878-1] cups-filters vulnerabilities
[USN-7877-1] libcupsfilters vulnerabilities
Ubuntu Linux has released several security updates to address various vulnerabilities. The updates include patches for the Linux kernel, with specific fixes available for FIPS, non-FIPS, AWS, and Oracle versions. Additionally, MySQL vulnerabilities have been addressed in one of the updates.
[USN-7874-2] Linux kernel (FIPS) vulnerabilities
[USN-7874-1] Linux kernel vulnerabilities
[USN-7873-1] MySQL vulnerabilities
[USN-7861-4] Linux kernel (AWS) vulnerabilities
[USN-7875-1] Linux kernel (Oracle) vulnerabilities
Ubuntu has released updates to address several security vulnerabilities in various software packages, including the Linux kernel and Lasso libraries. The Linux kernel updates fix multiple vulnerabilities that could lead to denial-of-service or memory corruption attacks, affecting Ubuntu releases from 14.04 to 24.04 LTS. Lasso library updates resolve four vulnerabilities discovered in SAML protocol handling, which could allow remote attackers to cause a denial of service or potentially execute arbitrary code. Users are advised to update their systems to the latest package versions using a standard system update to fix these security issues.
[LSN-0116-1] Linux kernel vulnerability
[USN-7872-1] Lasso vulnerabilities
Ubuntu has released two security notices to address vulnerabilities in its Freeglut and FFmpeg software packages. The first notice (USN-7870-1) affects 8 Ubuntu releases, including Ubuntu 25.10 and 25.04, due to memory management issues in Freeglut that could lead to denial of service attacks. The second notice (USN-7871-1) only affects Ubuntu 25.10 and 25.04, as FFmpeg's ALS audio decoder has a vulnerability that can cause the software to crash when opening a specially crafted file.
[USN-7870-1] Freeglut vulnerabilities
[USN-7871-1] FFmpeg vulnerability
Liquorix Linux Kernel 6.17-9 has been released, offering improved performance and responsiveness for desktop users, particularly those engaged in multimedia and gaming workloads. The kernel features several notable improvements, including Zen Interactive Tuning, which prioritizes system speed over power savings, as well as optimized I/O and memory management. Additionally, Liquorix 6.17-9 has several technical upgrades, like better scheduling for high-resolution tasks, improved handling of real-time systems, and support for Budget Fair Queue (BFQ) and TCP BBR2 Congestion Control.
Canonical has updated its approach to Ubuntu Pro by extending the legacy add-on option for long-lived production systems, increasing the standard security maintenance period from 12 years to a substantial 15-year window. This change is particularly helpful for organizations operating in highly regulated environments or with hardware-dependent setups where system upgrades can be tricky. The core Legacy add-on remains unchanged but now covers a longer period of time, providing users with extra runway when planning upgrades or managing complex compliance requirements. Existing Ubuntu Pro subscribers won't see any disruption from this move, and the extended coverage applies to all existing and future Ubuntu LTS versions.
