Ubuntu Linux has released several security updates to address vulnerabilities in different software packages. The USN-7899-1 update addresses issues with GNU binutils, while the next three updates (USN-7900-1 through USN-7902-1) target various vulnerabilities in CRaC JDK versions 17, 21, and 25. These updates aim to improve system security by patching known weaknesses. Users are advised to review the specific details of each update for more information on the affected packages and recommended actions.
[USN-7899-1] GNU binutils vulnerabilities
[USN-7900-1] CRaC JDK 17 vulnerabilities
[USN-7901-1] CRaC JDK 21 vulnerabilities
[USN-7902-1] CRaC JDK 25 vulnerabilities
Liquorix Linux kernel version 6.17-12 has been released, which is based on the stable Linux kernel 6.17.10 and designed to optimize desktop experiences for multimedia and gaming workloads. The new kernel has several important updates, like adjustments that make the system respond faster instead of saving power, better management of input/output and memory, and improved CPUFreq control for quicker responses when needed. Additionally, Liquorix 6.17-12 includes better scheduling for high-resolution tasks, a way to manage real-time processes, and support for Budget Fair Queue (BFQ) and TCP BBR2 Congestion Control The kernel can be easily installed on Debian, Ubuntu, or Arch Linux using a provided script or through their own PPA, making it a straightforward replacement for the standard kernel.
Steven Barrett has released the Liquorix Linux kernel 6.17-11. The kernel features Zen Interactive Tuning, which adjusts system settings to prioritize responsiveness over power-saving, as well as optimized I/O and memory management. There are also improvements for better performance, like more precise scheduling, better handling of real-time tasks, and support for Budget Fair Queue (BFQ Users can easily install the kernel using a provided script or by downloading binary builds from Liquorix's PPA repository, which supports Debian, Ubuntu, and Arch Linux distributions.
A security issue has been discovered in EDK II, which affects Ubuntu 24.04 LTS and 22.04 LTS systems. The issue was introduced as part of an earlier update to fix vulnerabilities in EDK II, but it inadvertently caused a regression in UEFI network boot functionality. To address this issue, users need to update their systems to specific package versions and then restart any virtual machines that use the affected firmware. This update is intended to revert the fixes for two CVEs (CVE-2023-45236 and CVE-2023-45237) while further investigation into the issue continues.
[USN-7894-2] EDK II regression
Ubuntu has released several security notices (USN-7897-1, USN-7890-1, USN-7898-1, USN-7852-2, USN-7896-1, and USN-7895-1) to address vulnerabilities in various packages, including CUPS, FFmpeg, OpenVPN, libxml2, and WebKitGTK. The vulnerabilities could allow attackers to crash or run programs as administrators, cause denial of service, or execute arbitrary code. Affected Ubuntu releases include 25.10, 25.04, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS.
[USN-7897-1] CUPS vulnerability
[USN-7890-1] FFmpeg vulnerability
[USN-7898-1] OpenVPN vulnerability
[USN-7852-2] libxml2 vulnerability
[USN-7896-1] libxml2 vulnerabilities
[USN-7895-1] WebKitGTK vulnerabilities
Ubuntu Linux has released several security updates to address vulnerabilities in various components. These updates include fixes for the Linux kernel (Real-time and FIPS) as well as other affected packages such as H2O, Valkey, Python, rust-openssl, and EDK II. Additionally, vulnerabilities in the Linux kernel have also been addressed. Users are advised to install these security updates to ensure their system's security.
[USN-7889-3] Linux kernel (Real-time) vulnerabilities
[USN-7889-2] Linux kernel (FIPS) vulnerabilities
[USN-7879-3] Linux kernel vulnerabilities
[USN-7892-1] H2O vulnerability
[USN-7893-1] Valkey vulnerabilities
[USN-7886-2] Python vulnerabilities
[USN-7891-1] rust-openssl vulnerabilities
[USN-7894-1] EDK II vulnerabilities
Ubuntu has issued security notices for several vulnerabilities affecting various packages, including runC, cups-filters, and Python. The notices address issues such as incorrect handling of masked paths (CVE-2025-31133), malformed TIFF image files (CVE-2025-57812), and inefficiently handled expanding system environment variables in Python (CVE-2025-6075). Additionally, the Linux kernel (Raspberry Pi Real-time) has been updated to fix vulnerabilities affecting various subsystems. Users are advised to update their systems with the corresponding package versions to address these security issues.
[USN-7851-2] runC regression
[USN-7878-2] cups-filters vulnerabilities
[USN-7887-1] Linux kernel (Raspberry Pi Real-time) vulnerabilities
[USN-7886-1] Python vulnerabilities
Liquorix Linux Kernel 6.17-10 has been released by Steven Barrett, based on the stable kernel 6.17.9, with several notable improvements aimed at optimizing desktop performance for multimedia and gaming workloads. The kernel features interactive tuning to prioritize responsiveness over power saving, optimized I/O and memory management, and enhanced CPUFreq control for faster responsiveness when needed. Liquorix 6.17-10 also has extra features to improve performance, like better scheduling, handling of real-time tasks, and support for Budget Fair Queue (BFQ) and TCP The kernel is designed to be easy to deploy on Debian, Ubuntu, or Arch Linux using binary builds available through the Liquorix PPA, and installation is made simple by an automatic installation script.
Ubuntu Linux has released several security updates to address vulnerabilities in the operating system. These updates include fixes for the Linux kernel, specifically affecting OEM and real-time versions. The updates aim to improve the security of Ubuntu by patching known issues in the core components of the system.
[USN-7880-1] Linux kernel (OEM) vulnerabilities
[USN-7879-2] Linux kernel (Real-time) vulnerabilities
[USN-7879-1] Linux kernel vulnerabilities
Ubuntu Security Notices USN-7876-1, USN-7878-1, and USN-7877-1 have been issued for vulnerabilities in ImageMagick, cups-filters, and libcupsfilters, respectively. The notices affect various Ubuntu releases, including 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, 16.04 LTS, and 14.04 LTS, as well as newer releases such as Ubuntu 25.10 and 25.04. The vulnerabilities in ImageMagick could allow an attacker to crash the program or execute arbitrary code by opening a specially crafted file, while cups-filters and libcupsfilters had issues with handling malformed TIFF image files and PDF document files. Users are advised to update their systems to the latest package versions to fix these security issues.
[USN-7876-1] ImageMagick vulnerability
[USN-7878-1] cups-filters vulnerabilities
[USN-7877-1] libcupsfilters vulnerabilities
Ubuntu Linux has released several security updates to address various vulnerabilities. The updates include patches for the Linux kernel, with specific fixes available for FIPS, non-FIPS, AWS, and Oracle versions. Additionally, MySQL vulnerabilities have been addressed in one of the updates.
[USN-7874-2] Linux kernel (FIPS) vulnerabilities
[USN-7874-1] Linux kernel vulnerabilities
[USN-7873-1] MySQL vulnerabilities
[USN-7861-4] Linux kernel (AWS) vulnerabilities
[USN-7875-1] Linux kernel (Oracle) vulnerabilities
Ubuntu has released updates to address several security vulnerabilities in various software packages, including the Linux kernel and Lasso libraries. The Linux kernel updates fix multiple vulnerabilities that could lead to denial-of-service or memory corruption attacks, affecting Ubuntu releases from 14.04 to 24.04 LTS. Lasso library updates resolve four vulnerabilities discovered in SAML protocol handling, which could allow remote attackers to cause a denial of service or potentially execute arbitrary code. Users are advised to update their systems to the latest package versions using a standard system update to fix these security issues.
[LSN-0116-1] Linux kernel vulnerability
[USN-7872-1] Lasso vulnerabilities
Ubuntu has released two security notices to address vulnerabilities in its Freeglut and FFmpeg software packages. The first notice (USN-7870-1) affects 8 Ubuntu releases, including Ubuntu 25.10 and 25.04, due to memory management issues in Freeglut that could lead to denial of service attacks. The second notice (USN-7871-1) only affects Ubuntu 25.10 and 25.04, as FFmpeg's ALS audio decoder has a vulnerability that can cause the software to crash when opening a specially crafted file.
[USN-7870-1] Freeglut vulnerabilities
[USN-7871-1] FFmpeg vulnerability
Liquorix Linux Kernel 6.17-9 has been released, offering improved performance and responsiveness for desktop users, particularly those engaged in multimedia and gaming workloads. The kernel features several notable improvements, including Zen Interactive Tuning, which prioritizes system speed over power savings, as well as optimized I/O and memory management. Additionally, Liquorix 6.17-9 has several technical upgrades, like better scheduling for high-resolution tasks, improved handling of real-time systems, and support for Budget Fair Queue (BFQ) and TCP BBR2 Congestion Control.
Canonical has updated its approach to Ubuntu Pro by extending the legacy add-on option for long-lived production systems, increasing the standard security maintenance period from 12 years to a substantial 15-year window. This change is particularly helpful for organizations operating in highly regulated environments or with hardware-dependent setups where system upgrades can be tricky. The core Legacy add-on remains unchanged but now covers a longer period of time, providing users with extra runway when planning upgrades or managing complex compliance requirements. Existing Ubuntu Pro subscribers won't see any disruption from this move, and the extended coverage applies to all existing and future Ubuntu LTS versions.
Ubuntu has released two security notices, USN-7862-3 and USN-7861-3, to address vulnerabilities in the Linux kernel. The first notice affects Ubuntu 22.04 LTS and fixes a VMSCAPE flaw that could allow an attacker in a guest VM to expose sensitive information from the host OS. The second notice affects both Ubuntu 24.04 LTS and 22.04 LTS and fixes multiple security issues, including flaws in the HSI, Bluetooth, and Timer subsystems.
[USN-7862-3] Linux kernel (Xilinx ZynqMP) vulnerability
[USN-7861-3] Linux kernel vulnerabilities
Ubuntu Security Notice USN-7835-6 and USN-7836-2 report vulnerabilities fixed in the Linux kernel and Bind. For USN-7835-6, multiple security issues were discovered in the Linux kernel, affecting various subsystems, including ARM64 architecture, PowerPC architecture, and network drivers. To fix these issues, users need to update their systems with new package versions, which include linux-image-6.8.0-1041-aws for Ubuntu Linux 22.04 LTS and bind9 1:9.18.30-0ubuntu0.20.04.2+esm1 for Ubuntu Linux 20.04 LTS.
[USN-7835-6] Linux kernel (AWS) vulnerabilities
[USN-7836-2] Bind vulnerabilities
Two separate security notices have been issued for the Raptor vulnerability in Ubuntu systems. The first notice (USN-7869-1) affects Ubuntu 18.04 LTS and 16.04 LTS, while the second notice (USN-7868-1) only affects Ubuntu 16.04 LTS. Multiple vulnerabilities were discovered in Raptor, including issues with memory operations that could potentially cause a denial of service or allow an attacker to execute arbitrary code. To fix these issues, users can update their systems to the latest package versions available through Ubuntu Pro, which will be achieved through a standard system update.
[USN-7869-1] Raptor vulnerabilities
[USN-7868-1] Raptor vulnerabilities
Two security updates have been issued for Ubuntu, affecting various versions of the operating system. The first update addresses vulnerabilities in Intel Microcode, specifically affecting Intel Xeon processors with SGX enabled and stream cache mechanisms. A local authenticated user could potentially use these issues to escalate their privileges or cause a denial of service, prompting updates for multiple Ubuntu releases, including 25.10, 25.04, 24.04 LTS, and others. The second update addresses vulnerabilities in rust-sudo-rs, a Rust-based implementation of sudo and su, specifically with password handling during timeouts and targetpw/rootpw default settings when creating timestamp files.
[USN-7866-1] Intel Microcode vulnerabilities
[USN-7867-1] sudo-rs vulnerabilities
