[USN-7639-1] Apache HTTP Server vulnerabilities
[USN-7641-1] Bind vulnerability
[USN-7640-1] Linux kernel (IoT) vulnerabilities
[USN-7585-7] Linux kernel (Raspberry Pi) vulnerabilities
[USN-7610-3] Linux kernel (Low Latency) vulnerabilities
[USN-7639-1] Apache HTTP Server vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7639-1
July 16, 2025
apache2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description:
- apache2: Apache HTTP server
Details:
It was discovered that the Apache HTTP Server incorrectly handled certain
Content-Type response headers. A remote attacker could possibly use this
issue to perform HTTP response splitting attacks. (CVE-2024-42516)
xiaojunjie discovered that the Apache HTTP Server mod_proxy module
incorrectly handled certain requests. A remote attacker could possibly use
this issue to send outbound proxy requests to an arbitrary URL.
(CVE-2024-43204)
John Runyon discovered that the Apache HTTP Server mod_ssl module
incorrectly escaped certain data. A remote attacker could possibly use this
issue to insert escape characters into log files. (CVE-2024-47252)
Sven Hebrok, Felix Cramer, Tim Storm, Maximilian Radoy, and Juraj
Somorovsky discovered that the Apache HTTP Server mod_ssl module
incorrectly handled TLS 1.3 session resumption. A remote attacker could
possibly use this issue to bypass access control. (CVE-2025-23048)
Anthony CORSIEZ discovered that the Apache HTTP Server mod_proxy_http2
module incorrectly handled missing host headers. A remote attacker could
possibly use this issue to cause the server to crash, resulting in a denial
of service. (CVE-2025-49630)
Robert Merget discovered that the Apache HTTP Server mod_ssl module
incorrectly handled TLS upgrades. A remote attacker could possibly use this
issue to hijack an HTTP session. This update removes the old "SSLEngine
optional" configuration option, possibly requiring a configuration change
in certain environments. (CVE-2025-49812)
Gal Bar Nahum discovered that the Apache HTTP Server incorrectly handled
certain memory operations. A remote attacker could possibly use this
issue to cause the server to consume resources, leading to a denial of
service. (CVE-2025-53020)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
apache2 2.4.63-1ubuntu1.1
Ubuntu 24.04 LTS
apache2 2.4.58-1ubuntu8.7
Ubuntu 22.04 LTS
apache2 2.4.52-1ubuntu4.15
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7639-1
CVE-2024-42516, CVE-2024-43204, CVE-2024-47252, CVE-2025-23048,
CVE-2025-49630, CVE-2025-49812, CVE-2025-53020
Package Information:
https://launchpad.net/ubuntu/+source/apache2/2.4.63-1ubuntu1.1
https://launchpad.net/ubuntu/+source/apache2/2.4.58-1ubuntu8.7
https://launchpad.net/ubuntu/+source/apache2/2.4.52-1ubuntu4.15
[USN-7641-1] Bind vulnerability
==========================================================================
Ubuntu Security Notice USN-7641-1
July 16, 2025
bind9 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
Summary:
Bind could be made to crash if it received specially crafted network
traffic.
Software Description:
- bind9: Internet Domain Name Server
Details:
It was discovered that Bind incorrectly handled configurations where the
stale-answer-client-timeout option is set to 0. A remote attacker could
possibly use this issue to cause Bind to crash, resulting in a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
bind9 1:9.20.4-3ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7641-1
CVE-2025-40777
Package Information:
https://launchpad.net/ubuntu/+source/bind9/1:9.20.4-3ubuntu1.2
[USN-7640-1] Linux kernel (IoT) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7640-1
July 16, 2025
linux-iot vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-iot: Linux kernel for IoT platforms
Details:
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Block layer subsystem;
- Drivers core;
- Network block device driver;
- Character device driver;
- iSCSI Boot Firmware Table Attributes driver;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- PPS (Pulse Per Second) driver;
- PTP clock framework;
- RapidIO drivers;
- Real Time Clock drivers;
- SCSI subsystem;
- SLIMbus drivers;
- QCOM SoC drivers;
- Trusted Execution Environment drivers;
- Thermal drivers;
- USB DSL drivers;
- USB Device Class drivers;
- USB core drivers;
- USB Gadget drivers;
- USB Host Controller drivers;
- Renesas USBHS Controller drivers;
- File systems infrastructure;
- BTRFS file system;
- Ceph distributed file system;
- JFS file system;
- NILFS2 file system;
- UBI file system;
- KVM subsystem;
- L3 Master device support module;
- Netfilter;
- Process Accounting mechanism;
- printk logging mechanism;
- Scheduler infrastructure;
- Tracing infrastructure;
- Memory management;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Logical Link layer;
- NFC subsystem;
- Open vSwitch;
- Rose network layer;
- Network traffic control;
- Sun RPC protocol;
- Wireless networking;
- Tomoyo security module;
- USB sound devices;
(CVE-2025-21753, CVE-2025-22071, CVE-2025-21898, CVE-2025-22073,
CVE-2024-58072, CVE-2025-21905, CVE-2024-57986, CVE-2025-21749,
CVE-2024-58020, CVE-2025-21806, CVE-2025-21917, CVE-2025-21719,
CVE-2025-21835, CVE-2025-21735, CVE-2025-21922, CVE-2025-21781,
CVE-2025-21904, CVE-2025-39735, CVE-2025-21715, CVE-2025-22007,
CVE-2024-58010, CVE-2024-58052, CVE-2025-22021, CVE-2025-21996,
CVE-2025-22086, CVE-2025-21971, CVE-2023-53034, CVE-2025-21721,
CVE-2025-22035, CVE-2025-21722, CVE-2025-22045, CVE-2025-21935,
CVE-2024-58069, CVE-2024-58017, CVE-2025-21823, CVE-2025-21959,
CVE-2024-26996, CVE-2024-58058, CVE-2025-21846, CVE-2024-58009,
CVE-2025-22018, CVE-2025-21926, CVE-2024-57980, CVE-2025-21728,
CVE-2025-21909, CVE-2025-21992, CVE-2024-26689, CVE-2024-57973,
CVE-2025-21772, CVE-2024-56599, CVE-2025-21791, CVE-2025-21718,
CVE-2025-21866, CVE-2025-21708, CVE-2024-58055, CVE-2025-21957,
CVE-2025-37937, CVE-2025-21704, CVE-2024-58093, CVE-2025-21877,
CVE-2025-22054, CVE-2023-52664, CVE-2025-21776, CVE-2024-50055,
CVE-2025-21765, CVE-2025-21862, CVE-2025-21865, CVE-2024-58014,
CVE-2021-47211, CVE-2025-21956, CVE-2025-21736, CVE-2021-47191,
CVE-2025-21647, CVE-2025-21920, CVE-2024-58051, CVE-2025-21782,
CVE-2025-21934, CVE-2023-52741, CVE-2025-38637, CVE-2025-21925,
CVE-2025-21763, CVE-2025-22063, CVE-2024-26982, CVE-2025-23136,
CVE-2024-57979, CVE-2025-22079, CVE-2025-22005, CVE-2025-21785,
CVE-2025-21859, CVE-2024-58085, CVE-2025-21764, CVE-2024-53168,
CVE-2024-58002, CVE-2025-21928, CVE-2025-21914, CVE-2024-56551,
CVE-2024-58007, CVE-2024-58001, CVE-2024-57981, CVE-2024-58083,
CVE-2025-21762, CVE-2025-21910, CVE-2025-21760, CVE-2025-21948,
CVE-2025-21993, CVE-2024-58090, CVE-2025-21991, CVE-2025-21848,
CVE-2025-21811, CVE-2024-58071, CVE-2025-21787, CVE-2025-21731,
CVE-2025-21814, CVE-2025-22004, CVE-2025-21744, CVE-2025-21858,
CVE-2025-21916, CVE-2023-52927, CVE-2025-22020, CVE-2025-21871,
CVE-2025-21761, CVE-2024-58063, CVE-2024-57977)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1051-iot 5.4.0-1051.54
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7640-1
CVE-2021-47191, CVE-2021-47211, CVE-2023-52664, CVE-2023-52741,
CVE-2023-52927, CVE-2023-53034, CVE-2024-26689, CVE-2024-26982,
CVE-2024-26996, CVE-2024-50055, CVE-2024-53168, CVE-2024-56551,
CVE-2024-56599, CVE-2024-57973, CVE-2024-57977, CVE-2024-57979,
CVE-2024-57980, CVE-2024-57981, CVE-2024-57986, CVE-2024-58001,
CVE-2024-58002, CVE-2024-58007, CVE-2024-58009, CVE-2024-58010,
CVE-2024-58014, CVE-2024-58017, CVE-2024-58020, CVE-2024-58051,
CVE-2024-58052, CVE-2024-58055, CVE-2024-58058, CVE-2024-58063,
CVE-2024-58069, CVE-2024-58071, CVE-2024-58072, CVE-2024-58083,
CVE-2024-58085, CVE-2024-58090, CVE-2024-58093, CVE-2025-21647,
CVE-2025-21704, CVE-2025-21708, CVE-2025-21715, CVE-2025-21718,
CVE-2025-21719, CVE-2025-21721, CVE-2025-21722, CVE-2025-21728,
CVE-2025-21731, CVE-2025-21735, CVE-2025-21736, CVE-2025-21744,
CVE-2025-21749, CVE-2025-21753, CVE-2025-21760, CVE-2025-21761,
CVE-2025-21762, CVE-2025-21763, CVE-2025-21764, CVE-2025-21765,
CVE-2025-21772, CVE-2025-21776, CVE-2025-21781, CVE-2025-21782,
CVE-2025-21785, CVE-2025-21787, CVE-2025-21791, CVE-2025-21806,
CVE-2025-21811, CVE-2025-21814, CVE-2025-21823, CVE-2025-21835,
CVE-2025-21846, CVE-2025-21848, CVE-2025-21858, CVE-2025-21859,
CVE-2025-21862, CVE-2025-21865, CVE-2025-21866, CVE-2025-21871,
CVE-2025-21877, CVE-2025-21898, CVE-2025-21904, CVE-2025-21905,
CVE-2025-21909, CVE-2025-21910, CVE-2025-21914, CVE-2025-21916,
CVE-2025-21917, CVE-2025-21920, CVE-2025-21922, CVE-2025-21925,
CVE-2025-21926, CVE-2025-21928, CVE-2025-21934, CVE-2025-21935,
CVE-2025-21948, CVE-2025-21956, CVE-2025-21957, CVE-2025-21959,
CVE-2025-21971, CVE-2025-21991, CVE-2025-21992, CVE-2025-21993,
CVE-2025-21996, CVE-2025-22004, CVE-2025-22005, CVE-2025-22007,
CVE-2025-22018, CVE-2025-22020, CVE-2025-22021, CVE-2025-22035,
CVE-2025-22045, CVE-2025-22054, CVE-2025-22063, CVE-2025-22071,
CVE-2025-22073, CVE-2025-22079, CVE-2025-22086, CVE-2025-2312,
CVE-2025-23136, CVE-2025-37937, CVE-2025-38637, CVE-2025-39735
[USN-7585-7] Linux kernel (Raspberry Pi) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7585-7
July 16, 2025
linux-raspi, linux-raspi-5.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-raspi-5.4: Linux kernel for Raspberry Pi systems
Details:
It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- iSCSI Boot Firmware Table Attributes driver;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- SCSI subsystem;
- Thermal drivers;
- JFS file system;
- File systems infrastructure;
- Tracing infrastructure;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- Sun RPC protocol;
- USB sound devices;
(CVE-2025-22007, CVE-2025-21959, CVE-2025-22021, CVE-2025-22063,
CVE-2025-22045, CVE-2024-58093, CVE-2022-49636, CVE-2025-22020,
CVE-2024-53168, CVE-2025-22071, CVE-2025-39735, CVE-2025-21991,
CVE-2025-21992, CVE-2025-21996, CVE-2025-22035, CVE-2023-53034,
CVE-2025-22054, CVE-2025-23136, CVE-2025-22073, CVE-2024-56551,
CVE-2025-22005, CVE-2025-37937, CVE-2021-47211, CVE-2025-22086,
CVE-2025-21956, CVE-2025-38637, CVE-2025-22004, CVE-2025-22018,
CVE-2025-22079, CVE-2025-21957, CVE-2025-21993)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.4.0-1130-raspi 5.4.0-1130.143
Available with Ubuntu Pro
linux-image-raspi 5.4.0.1130.161
Available with Ubuntu Pro
linux-image-raspi2 5.4.0.1130.161
Available with Ubuntu Pro
Ubuntu 18.04 LTS
linux-image-5.4.0-1130-raspi 5.4.0-1130.143~18.04.1
Available with Ubuntu Pro
linux-image-raspi-hwe-18.04 5.4.0.1130.143~18.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7585-7
https://ubuntu.com/security/notices/USN-7585-6
https://ubuntu.com/security/notices/USN-7585-5
https://ubuntu.com/security/notices/USN-7585-4
https://ubuntu.com/security/notices/USN-7585-3
https://ubuntu.com/security/notices/USN-7585-2
https://ubuntu.com/security/notices/USN-7585-1
CVE-2021-47211, CVE-2022-49636, CVE-2023-53034, CVE-2024-53168,
CVE-2024-56551, CVE-2024-58093, CVE-2025-21956, CVE-2025-21957,
CVE-2025-21959, CVE-2025-21991, CVE-2025-21992, CVE-2025-21993,
CVE-2025-21996, CVE-2025-22004, CVE-2025-22005, CVE-2025-22007,
CVE-2025-22018, CVE-2025-22020, CVE-2025-22021, CVE-2025-22035,
CVE-2025-22045, CVE-2025-22054, CVE-2025-22063, CVE-2025-22071,
CVE-2025-22073, CVE-2025-22079, CVE-2025-22086, CVE-2025-2312,
CVE-2025-23136, CVE-2025-37937, CVE-2025-38637, CVE-2025-39735
[USN-7610-3] Linux kernel (Low Latency) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7610-3
July 15, 2025
linux-lowlatency-hwe-6.11 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-lowlatency-hwe-6.11: Linux low latency kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Netfilter;
- Network traffic control;
(CVE-2025-38001, CVE-2025-37997, CVE-2025-37798, CVE-2025-38000,
CVE-2025-37932, CVE-2025-37890)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.11.0-1016-lowlatency 6.11.0-1016.17~24.04.1
linux-image-6.11.0-1016-lowlatency-64k 6.11.0-1016.17~24.04.1
linux-image-lowlatency-6.11 6.11.0-1016.17~24.04.1
linux-image-lowlatency-64k-6.11 6.11.0-1016.17~24.04.1
linux-image-lowlatency-64k-hwe-24.04 6.11.0-1016.17~24.04.1
linux-image-lowlatency-hwe-24.04 6.11.0-1016.17~24.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7610-3
https://ubuntu.com/security/notices/USN-7610-2
https://ubuntu.com/security/notices/USN-7610-1
CVE-2025-37798, CVE-2025-37890, CVE-2025-37932, CVE-2025-37997,
CVE-2025-38000, CVE-2025-38001
Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.11/6.11.0-1016.17~24.04.1
