[USN-6885-5] Apache HTTP Server vulnerabilities
[USN-7658-1] Drupal vulnerabilities
[USN-7656-1] Erlang vulnerabilities
[USN-7657-1] jq vulnerabilities
[USN-7611-4] Linux kernel (Oracle) vulnerabilities
[USN-7659-1] Nokogiri vulnerabilities
[USN-6885-5] Apache HTTP Server vulnerabilities
==========================================================================
Ubuntu Security Notice USN-6885-5
July 21, 2025
apache2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description:
- apache2: Apache HTTP server
Details:
USN-6885-1 fixed vulnerabilities in Apache. This update provides
the corresponding updates for Ubuntu 14.04 LTS.
Original advisory details:
Orange Tsai discovered that the Apache HTTP Server mod_rewrite module
incorrectly handled certain substitutions. A remote attacker could
possibly use this issue to execute scripts in directories not directly
reachable by any URL, or cause a denial of service. Some environments
may require using the new UnsafeAllow3F flag to handle unsafe
substitutions. (CVE-2024-38474, CVE-2024-38475)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
apache2 2.4.7-1ubuntu4.22+esm10
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6885-5
https://ubuntu.com/security/notices/USN-6885-4
https://ubuntu.com/security/notices/USN-6885-3
https://ubuntu.com/security/notices/USN-6885-2
https://ubuntu.com/security/notices/USN-6885-1
CVE-2024-38474, CVE-2024-38475
[USN-7658-1] Drupal vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7658-1
July 21, 2025
drupal7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Drupal.
Software Description:
- drupal7: fully-featured content management framework
Details:
It was discovered that Drupal incorrectly parsed untrusted HTML. A
remote attacker could possibly use this issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
drupal7 7.44-1ubuntu1~16.04.0+esm3
Available with Ubuntu Pro
Ubuntu 14.04 LTS
drupal7 7.26-1ubuntu0.1+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7658-1
CVE-2020-11022, CVE-2020-11023
[USN-7656-1] Erlang vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7656-1
July 21, 2025
erlang vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Erlang.
Software Description:
- erlang: Concurrent, real-time, distributed functional language
Details:
It was discovered that Erlang OTP’s SSH module incorrectly enforced strict
KEX handshake hardening measures. A remote attacker able to intercept
communications could possibly use this issue to insert optional messages
into connections during the handshake. (CVE-2025-46712)
It was discovered that Erlang OTP incorrectly handled ZIP archives. If a
user or automated system were tricked into opening a specially crafted ZIP
archive, a remote attacker could possibly use this issue to overwrite
arbitrary files outside of the intended directory. (CVE-2025-4748)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
erlang 1:27.3+dfsg-1ubuntu1.2
erlang-ssh 1:27.3+dfsg-1ubuntu1.2
Ubuntu 24.04 LTS
erlang 1:25.3.2.8+dfsg-1ubuntu4.4
erlang-ssh 1:25.3.2.8+dfsg-1ubuntu4.4
Ubuntu 22.04 LTS
erlang 1:24.2.1+dfsg-1ubuntu0.5
erlang-ssh 1:24.2.1+dfsg-1ubuntu0.5
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7656-1
CVE-2025-46712, CVE-2025-4748
Package Information:
https://launchpad.net/ubuntu/+source/erlang/1:27.3+dfsg-1ubuntu1.2
https://launchpad.net/ubuntu/+source/erlang/1:25.3.2.8+dfsg-1ubuntu4.4
https://launchpad.net/ubuntu/+source/erlang/1:24.2.1+dfsg-1ubuntu0.5
[USN-7657-1] jq vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7657-1
July 21, 2025
jq vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in jq.
Software Description:
- jq: lightweight and flexible command-line JSON processor
Details:
It was discovered that jq incorrectly handled certain values when parsing
JSON data. A remote attacker could possibly use this issue to cause jq to
crash, resulting in a denial of service. (CVE-2024-23337)
It was discovered that jq incorrectly handled NaN values when parsing JSON
data. A remote attacker could possibly use this issue to cause jq to crash,
resulting in a denial of service. This issue only affected Ubuntu 24.04
LTS, and Ubuntu 25.04. (CVE-2024-53427)
It was discovered that jq incorrectly handled certain values when parsing
JSON data. A remote attacker could use this issue to cause jq to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2025-48060)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
jq 1.7.1-3ubuntu1.1
libjq1 1.7.1-3ubuntu1.1
Ubuntu 24.04 LTS
jq 1.7.1-3ubuntu0.24.04.1
libjq1 1.7.1-3ubuntu0.24.04.1
Ubuntu 22.04 LTS
jq 1.6-2.1ubuntu3.1
libjq1 1.6-2.1ubuntu3.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7657-1
CVE-2024-23337, CVE-2024-53427, CVE-2025-48060
Package Information:
https://launchpad.net/ubuntu/+source/jq/1.7.1-3ubuntu1.1
https://launchpad.net/ubuntu/+source/jq/1.7.1-3ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/jq/1.6-2.1ubuntu3.1
[USN-7611-4] Linux kernel (Oracle) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7611-4
July 21, 2025
linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oracle: Linux kernel for Oracle Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Netfilter;
- Network traffic control;
(CVE-2025-38000, CVE-2025-37890, CVE-2025-38001, CVE-2025-37997,
CVE-2025-37932)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
linux-image-6.14.0-1008-oracle 6.14.0-1008.8
linux-image-6.14.0-1008-oracle-64k 6.14.0-1008.8
linux-image-oracle 6.14.0-1008.8
linux-image-oracle-6.14 6.14.0-1008.8
linux-image-oracle-64k 6.14.0-1008.8
linux-image-oracle-64k-6.14 6.14.0-1008.8
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7611-4
https://ubuntu.com/security/notices/USN-7611-3
https://ubuntu.com/security/notices/USN-7611-2
https://ubuntu.com/security/notices/USN-7611-1
CVE-2025-37890, CVE-2025-37932, CVE-2025-37997, CVE-2025-38000,
CVE-2025-38001
Package Information:
https://launchpad.net/ubuntu/+source/linux-oracle/6.14.0-1008.8
[USN-7659-1] Nokogiri vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7659-1
July 21, 2025
ruby-nokogiri vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Nokogiri.
Software Description:
- ruby-nokogiri: HTML, XML, SAX, and Reader parser for Ruby
Details:
It was discovered Nokogiri did not correctly parse XML Schemas.
If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-26247)
Agustin Gianni discovered that Nokogiri did not correctly parse
XML and HTML files. If a user or automated system were tricked into
opening a specially crafted file, an attacker could possibly use this
issue to cause a denial of service or leak sensitive information.
(CVE-2022-29181)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
ruby-nokogiri 1.13.1+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ruby-nokogiri 1.10.7+dfsg1-2ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7659-1
CVE-2020-26247, CVE-2022-29181, CVE-2022-40303
