Ubuntu has issued security notices for several vulnerabilities affecting various packages, including runC, cups-filters, and Python. The notices address issues such as incorrect handling of masked paths (CVE-2025-31133), malformed TIFF image files (CVE-2025-57812), and inefficiently handled expanding system environment variables in Python (CVE-2025-6075). Additionally, the Linux kernel (Raspberry Pi Real-time) has been updated to fix vulnerabilities affecting various subsystems. Users are advised to update their systems with the corresponding package versions to address these security issues.
[USN-7851-2] runC regression
[USN-7878-2] cups-filters vulnerabilities
[USN-7887-1] Linux kernel (Raspberry Pi Real-time) vulnerabilities
[USN-7886-1] Python vulnerabilities
Liquorix Linux Kernel 6.17-10 has been released by Steven Barrett, based on the stable kernel 6.17.9, with several notable improvements aimed at optimizing desktop performance for multimedia and gaming workloads. The kernel features interactive tuning to prioritize responsiveness over power saving, optimized I/O and memory management, and enhanced CPUFreq control for faster responsiveness when needed. Liquorix 6.17-10 also has extra features to improve performance, like better scheduling, handling of real-time tasks, and support for Budget Fair Queue (BFQ) and TCP The kernel is designed to be easy to deploy on Debian, Ubuntu, or Arch Linux using binary builds available through the Liquorix PPA, and installation is made simple by an automatic installation script.
Ubuntu Linux has released several security updates to address vulnerabilities in the operating system. These updates include fixes for the Linux kernel, specifically affecting OEM and real-time versions. The updates aim to improve the security of Ubuntu by patching known issues in the core components of the system.
[USN-7880-1] Linux kernel (OEM) vulnerabilities
[USN-7879-2] Linux kernel (Real-time) vulnerabilities
[USN-7879-1] Linux kernel vulnerabilities
Ubuntu Security Notices USN-7876-1, USN-7878-1, and USN-7877-1 have been issued for vulnerabilities in ImageMagick, cups-filters, and libcupsfilters, respectively. The notices affect various Ubuntu releases, including 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, 16.04 LTS, and 14.04 LTS, as well as newer releases such as Ubuntu 25.10 and 25.04. The vulnerabilities in ImageMagick could allow an attacker to crash the program or execute arbitrary code by opening a specially crafted file, while cups-filters and libcupsfilters had issues with handling malformed TIFF image files and PDF document files. Users are advised to update their systems to the latest package versions to fix these security issues.
[USN-7876-1] ImageMagick vulnerability
[USN-7878-1] cups-filters vulnerabilities
[USN-7877-1] libcupsfilters vulnerabilities
Ubuntu Linux has released several security updates to address various vulnerabilities. The updates include patches for the Linux kernel, with specific fixes available for FIPS, non-FIPS, AWS, and Oracle versions. Additionally, MySQL vulnerabilities have been addressed in one of the updates.
[USN-7874-2] Linux kernel (FIPS) vulnerabilities
[USN-7874-1] Linux kernel vulnerabilities
[USN-7873-1] MySQL vulnerabilities
[USN-7861-4] Linux kernel (AWS) vulnerabilities
[USN-7875-1] Linux kernel (Oracle) vulnerabilities
Ubuntu has released updates to address several security vulnerabilities in various software packages, including the Linux kernel and Lasso libraries. The Linux kernel updates fix multiple vulnerabilities that could lead to denial-of-service or memory corruption attacks, affecting Ubuntu releases from 14.04 to 24.04 LTS. Lasso library updates resolve four vulnerabilities discovered in SAML protocol handling, which could allow remote attackers to cause a denial of service or potentially execute arbitrary code. Users are advised to update their systems to the latest package versions using a standard system update to fix these security issues.
[LSN-0116-1] Linux kernel vulnerability
[USN-7872-1] Lasso vulnerabilities
Ubuntu has released two security notices to address vulnerabilities in its Freeglut and FFmpeg software packages. The first notice (USN-7870-1) affects 8 Ubuntu releases, including Ubuntu 25.10 and 25.04, due to memory management issues in Freeglut that could lead to denial of service attacks. The second notice (USN-7871-1) only affects Ubuntu 25.10 and 25.04, as FFmpeg's ALS audio decoder has a vulnerability that can cause the software to crash when opening a specially crafted file.
[USN-7870-1] Freeglut vulnerabilities
[USN-7871-1] FFmpeg vulnerability
Liquorix Linux Kernel 6.17-9 has been released, offering improved performance and responsiveness for desktop users, particularly those engaged in multimedia and gaming workloads. The kernel features several notable improvements, including Zen Interactive Tuning, which prioritizes system speed over power savings, as well as optimized I/O and memory management. Additionally, Liquorix 6.17-9 has several technical upgrades, like better scheduling for high-resolution tasks, improved handling of real-time systems, and support for Budget Fair Queue (BFQ) and TCP BBR2 Congestion Control.
Canonical has updated its approach to Ubuntu Pro by extending the legacy add-on option for long-lived production systems, increasing the standard security maintenance period from 12 years to a substantial 15-year window. This change is particularly helpful for organizations operating in highly regulated environments or with hardware-dependent setups where system upgrades can be tricky. The core Legacy add-on remains unchanged but now covers a longer period of time, providing users with extra runway when planning upgrades or managing complex compliance requirements. Existing Ubuntu Pro subscribers won't see any disruption from this move, and the extended coverage applies to all existing and future Ubuntu LTS versions.
Ubuntu has released two security notices, USN-7862-3 and USN-7861-3, to address vulnerabilities in the Linux kernel. The first notice affects Ubuntu 22.04 LTS and fixes a VMSCAPE flaw that could allow an attacker in a guest VM to expose sensitive information from the host OS. The second notice affects both Ubuntu 24.04 LTS and 22.04 LTS and fixes multiple security issues, including flaws in the HSI, Bluetooth, and Timer subsystems.
[USN-7862-3] Linux kernel (Xilinx ZynqMP) vulnerability
[USN-7861-3] Linux kernel vulnerabilities
Ubuntu Security Notice USN-7835-6 and USN-7836-2 report vulnerabilities fixed in the Linux kernel and Bind. For USN-7835-6, multiple security issues were discovered in the Linux kernel, affecting various subsystems, including ARM64 architecture, PowerPC architecture, and network drivers. To fix these issues, users need to update their systems with new package versions, which include linux-image-6.8.0-1041-aws for Ubuntu Linux 22.04 LTS and bind9 1:9.18.30-0ubuntu0.20.04.2+esm1 for Ubuntu Linux 20.04 LTS.
[USN-7835-6] Linux kernel (AWS) vulnerabilities
[USN-7836-2] Bind vulnerabilities
Two separate security notices have been issued for the Raptor vulnerability in Ubuntu systems. The first notice (USN-7869-1) affects Ubuntu 18.04 LTS and 16.04 LTS, while the second notice (USN-7868-1) only affects Ubuntu 16.04 LTS. Multiple vulnerabilities were discovered in Raptor, including issues with memory operations that could potentially cause a denial of service or allow an attacker to execute arbitrary code. To fix these issues, users can update their systems to the latest package versions available through Ubuntu Pro, which will be achieved through a standard system update.
[USN-7869-1] Raptor vulnerabilities
[USN-7868-1] Raptor vulnerabilities
Two security updates have been issued for Ubuntu, affecting various versions of the operating system. The first update addresses vulnerabilities in Intel Microcode, specifically affecting Intel Xeon processors with SGX enabled and stream cache mechanisms. A local authenticated user could potentially use these issues to escalate their privileges or cause a denial of service, prompting updates for multiple Ubuntu releases, including 25.10, 25.04, 24.04 LTS, and others. The second update addresses vulnerabilities in rust-sudo-rs, a Rust-based implementation of sudo and su, specifically with password handling during timeouts and targetpw/rootpw default settings when creating timestamp files.
[USN-7866-1] Intel Microcode vulnerabilities
[USN-7867-1] sudo-rs vulnerabilities
Ubuntu has released several security updates for its Linux Kernel packages to address various vulnerabilities. The updates cover different kernel versions, including those used by real-time systems, FIPS-compliant systems, Raspberry Pi devices, and cloud environments such as GCP and GKE. Additionally, updates have been issued for Azure and generic Linux kernel configurations.
[USN-7860-4] Linux kernel (Real-time) vulnerability
[USN-7860-3] Linux kernel (FIPS) vulnerability
[USN-7795-5] Linux kernel (Raspberry Pi) vulnerabilities
[USN-7861-2] Linux kernel (Real-time) vulnerabilities
[USN-7864-1] Linux kernel (GCP and GKE) vulnerabilities
[USN-7853-3] Linux kernel (Azure) vulnerabilities
Two separate security issues have been discovered affecting various versions of Ubuntu and its derivatives. The first issue, related to runc vulnerabilities (USN-7851-1), affects Ubuntu 25.10, 25.04, 24.04 LTS, and 22.04 LTS and can be fixed by updating the system to specific package versions. The second issue, related to Django vulnerabilities (USN-7859-1), affects Ubuntu 25.10, 25.04, 24.04 LTS, 22.04 LTS, and 20.04 LTS.
[USN-7851-1] runC vulnerabilities
[USN-7859-1] Django vulnerabilities
Ubuntu has issued several security notices to address vulnerabilities in various packages, including the Linux kernel, libssh, Squid, Unbound, and OpenStack Keystone. The most critical vulnerability was found in the Linux kernel (HWE) package, which affects Ubuntu 24.04 LTS and allows an attacker to infer data from previous stores on AMD processors. Additionally, vulnerabilities were discovered in libssh, which could be made to crash if it received specially crafted network traffic, and Squid, which could be made to crash due to incorrect handling of certain long SNMP OIDs.
[USN-7829-6] Linux kernel vulnerabilities
[USN-7856-1] Linux kernel (HWE) vulnerabilities
[USN-7849-1] libssh vulnerability
[USN-7804-2] Squid vulnerability
[USN-7855-1] Unbound vulnerability
[USN-7857-1] OpenStack Keystone vulnerability
A security issue has been discovered in Google Guest Agent, which could allow unintended access to network services on Ubuntu systems. The vulnerability affects several releases of Ubuntu, including 25.04, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS. This issue is related to a previously fixed problem in Go Cryptography, which incorrectly handled public keys during SSH operations. To fix the issue, users should update their system to the latest version of the google-guest-agent package, available from Ubuntu's security notice USN-7839-2.
[USN-7839-2] Google Guest Agent vulnerability
Steven Barrett has released a new version of the Liquorix Linux kernel, 6.17-7. This custom kernel optimizes desktop, multimedia, and gaming workloads with performance enhancements that prioritize responsiveness, reduce latency, and maximize throughput. Key features include Zen Interactive Tuning technology, improved scheduling and block layer optimizations, as well as support for High Resolution Scheduling, Budget Fair Queue disk scheduler, TCP BBR2 Congestion Control, and Compressed Swap. Users can easily install the kernel by running a script available at liquorix.net/install-liquorix.sh using curl and bash commands.
