[USN-7958-1] AngularJS vulnerabilities
[USN-7961-1] Erlang vulnerability
[USN-7959-1] klibc vulnerabilities
[USN-7963-1] libpng vulnerabilities
[USN-7958-1] AngularJS vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7958-1
January 14, 2026
angular.js vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in AngularJS.
Software Description:
- angular.js: JavaScript-based web framework
Details:
It was discovered that AngularJS did not properly sanitize certain
`xlink:href` attributes. A remote attacker could possibly use this issue
to perform cross site scripting. This issue only affected Ubuntu 16.04
LTS. (CVE-2019-14863)
It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04
LTS and Ubuntu 25.04. (CVE-2022-25844)
It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
(CVE-2023-26116, CVE-2023-26117)
It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2023-26118, CVE-2024-21490)
It was discovered that AngularJS did not properly sanitize certain inputs
in HTML elements. A remote attacker could possibly use this issue to
perform spoofing and obtain sensitive information. This issue only
affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu
24.04 LTS and Ubuntu 25.04. (CVE-2024-8372, CVE-2024-8373, CVE-2025-2336)
It was discovered that AngularJS did not properly sanitize certain inputs
in HTML elements. A remote attacker could possibly use this issue to
perform spoofing and obtain sensitive information. (CVE-2025-0716)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libjs-angularjs 1.8.3-1ubuntu0.25.04.1
Ubuntu 24.04 LTS
libjs-angularjs 1.8.3-1ubuntu0.24.04.1
Ubuntu 22.04 LTS
libjs-angularjs 1.8.2-2ubuntu0.1
Ubuntu 20.04 LTS
libjs-angularjs 1.7.9-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libjs-angularjs 1.5.10-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libjs-angularjs 1.2.28-1ubuntu2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7958-1
CVE-2019-14863, CVE-2022-25844, CVE-2023-26116, CVE-2023-26117,
CVE-2023-26118, CVE-2024-21490, CVE-2024-8372, CVE-2024-8373,
CVE-2025-0716, CVE-2025-2336
Package Information:
https://launchpad.net/ubuntu/+source/angular.js/1.8.3-1ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/angular.js/1.8.3-1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/angular.js/1.8.2-2ubuntu0.1
[USN-7961-1] Erlang vulnerability
==========================================================================
Ubuntu Security Notice USN-7961-1
January 14, 2026
erlang vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Erlang could allow unintended access to network services.
Software Description:
- erlang: Concurrent, real-time, distributed functional language
Details:
It was discovered that Erlang incorrectly validated peer certificates
when incorrect extended key usage was presented. A remote attacker could
possibly use this issue to bypass SSL key usage restrictions.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
erlang 1:25.3.2.8+dfsg-1ubuntu4.6
erlang-ssl 1:25.3.2.8+dfsg-1ubuntu4.6
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7961-1
CVE-2024-53846
Package Information:
https://launchpad.net/ubuntu/+source/erlang/1:25.3.2.8+dfsg-1ubuntu4.6
[USN-7959-1] klibc vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7959-1
January 14, 2026
klibc vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
klibc could be made to crash if it received specially crafted input.
Software Description:
- klibc: Minimalistic libc subset for use with initramfs
Details:
It was discovered that zlib, vendored in klibc, did not properly handle
integer arithmetic. An attacker could possibly use this issue to execute
arbitrary code or cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
klibc-utils 2.0.14-1ubuntu1.1
libklibc 2.0.14-1ubuntu1.1
Ubuntu 25.04
klibc-utils 2.0.13-4ubuntu1.1
libklibc 2.0.13-4ubuntu1.1
Ubuntu 24.04 LTS
klibc-utils 2.0.13-4ubuntu0.2
libklibc 2.0.13-4ubuntu0.2
Ubuntu 22.04 LTS
klibc-utils 2.0.10-4ubuntu0.2
libklibc 2.0.10-4ubuntu0.2
Ubuntu 20.04 LTS
klibc-utils 2.0.7-1ubuntu5.2+esm1
Available with Ubuntu Pro
libklibc 2.0.7-1ubuntu5.2+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
klibc-utils 2.0.4-9ubuntu2.2+esm2
Available with Ubuntu Pro
libklibc 2.0.4-9ubuntu2.2+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
klibc-utils 2.0.4-8ubuntu1.16.04.4+esm3
Available with Ubuntu Pro
libklibc 2.0.4-8ubuntu1.16.04.4+esm3
Available with Ubuntu Pro
Ubuntu 14.04 LTS
klibc-utils 2.0.3-0ubuntu1.14.04.3+esm4
Available with Ubuntu Pro
libklibc 2.0.3-0ubuntu1.14.04.3+esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7959-1
CVE-2016-9843
Package Information:
https://launchpad.net/ubuntu/+source/klibc/2.0.14-1ubuntu1.1
https://launchpad.net/ubuntu/+source/klibc/2.0.13-4ubuntu1.1
https://launchpad.net/ubuntu/+source/klibc/2.0.13-4ubuntu0.2
https://launchpad.net/ubuntu/+source/klibc/2.0.10-4ubuntu0.2
[USN-7963-1] libpng vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7963-1
January 14, 2026
libpng1.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in libpng.
Software Description:
- libpng1.6: PNG (Portable Network Graphics) file library
Details:
It was discovered that the libpng simplified API incorrectly processed
palette PNG images with partial transparency and gamma correction. If a
user or automated system were tricked into opening a specially crafted PNG
file, an attacker could use this issue to cause libpng to crash, resulting
in a denial of service. (CVE-2025-66293)
Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng
simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit
output format and non-minimal row strides. If a user or automated system
were tricked into opening a specially crafted PNG file, an attacker could
use this issue to cause libpng to crash, resulting in a denial of service.
(CVE-2026-22695)
Cosmin Truta discovered that the libpng simplified API incorrectly handled
invalid row strides. If a user or automated system were tricked into
opening a specially crafted PNG file, an attacker could use this issue to
cause libpng to crash, resulting in a denial of service. (CVE-2026-22801)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libpng16-16t64 1.6.50-1ubuntu0.3
Ubuntu 25.04
libpng16-16t64 1.6.47-1.1ubuntu0.3
Ubuntu 24.04 LTS
libpng16-16t64 1.6.43-5ubuntu0.3
Ubuntu 22.04 LTS
libpng16-16 1.6.37-3ubuntu0.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7963-1
CVE-2025-66293, CVE-2026-22695, CVE-2026-22801
Package Information:
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.50-1ubuntu0.3
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.47-1.1ubuntu0.3
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.43-5ubuntu0.3
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.37-3ubuntu0.3
