[USN-7746-1] cipher-base vulnerability
[USN-7745-1] CUPS vulnerabilities
[USN-7744-1] QEMU vulnerabilities
[USN-7746-1] cipher-base vulnerability
==========================================================================
Ubuntu Security Notice USN-7746-1
September 11, 2025
node-cipher-base vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
cipher-base could be made to stall or return incorrect hash values if it
received specially crafted input.
Software Description:
- node-cipher-base: abstract base class for crypto-streams
Details:
Nikita Skovoroda discovered that cipher-base did not properly manage
certain inputs. An attacker could possibly use this issue to manipulate
the internal state of hash functions, resulting in hash collisions,
denial of service, or other unspecified impact.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
node-cipher-base 1.0.4-6+deb13u1ubuntu0.25.04.1
Ubuntu 24.04 LTS
node-cipher-base 1.0.4-6+deb13u1ubuntu0.24.04.1
Ubuntu 22.04 LTS
node-cipher-base 1.0.4-6+deb13u1ubuntu0.22.04.1
Ubuntu 20.04 LTS
node-cipher-base 1.0.4-4ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
node-cipher-base 1.0.4-1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7746-1
CVE-2025-9287
Package Information:
https://launchpad.net/ubuntu/+source/node-cipher-base/1.0.4-6+deb13u1ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/node-cipher-base/1.0.4-6+deb13u1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/node-cipher-base/1.0.4-6+deb13u1ubuntu0.22.04.1
[USN-7745-1] CUPS vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7745-1
September 11, 2025
cups vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in CUPS.
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
It was discovered that CUPS incorrectly handled authentication types other
than Basic. An attacker could possibly use this issue to bypass
authentication. (CVE-2025-58060)
It was discovered that CUPS incorrectly handled deserialization and
validation of printer attributes. An attacker could possibly use this
issue to cause a denial of service. (CVE-2025-58364)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
cups 2.4.12-0ubuntu1.1
Ubuntu 24.04 LTS
cups 2.4.7-1.2ubuntu7.4
Ubuntu 22.04 LTS
cups 2.4.1op1-1ubuntu4.12
Ubuntu 20.04 LTS
cups 2.3.1-9ubuntu1.9+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
cups 2.2.7-1ubuntu2.10+esm7
Available with Ubuntu Pro
Ubuntu 16.04 LTS
cups 2.1.3-4ubuntu0.11+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7745-1
CVE-2025-58060, CVE-2025-58364
Package Information:
https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu1.1
https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.4
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.12
[USN-7744-1] QEMU vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7744-1
September 11, 2025
qemu vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
Details:
It was discovered that QEMU incorrectly handled certain virtio devices. A
privileged guest attacker could use this issue to cause QEMU to crash,
leading to a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3446)
It was discovered that QEMU incorrectly handled SDHCI device emulation. A
guest attacker could possibly use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-3447)
It was discovered that QEMU incorrectly handled calculating the checksum
of a short-sized fragmented packet. A guest attacker could possibly use
this issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 24.04 LTS. (CVE-2024-3567)
It was discovered that the QEMU qemu-img utility incorrectly handled
certain crafted image files. An attacker could use this issue to cause QEMU
to consume resources, leading to a denial of service, or possibly read and
write to an existing external file. This issue only affected Ubuntu 22.04
LTS and Ubuntu 24.04 LTS. (CVE-2024-4467)
It was discovered that QEMU incorrectly handled the RSS feature on
virtio-net devices. A privileged guest attacker could possibly use this
issue to cause QEMU to crash, leading to a denial of service. This
issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-6505)
It was discovered that QEMU incorrectly handled the NBD server. An attacker
could use this issue to cause QEMU to consume resources, leading to a
denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu
24.04 LTS. (CVE-2024-7409)
It was discovered that QEMU incorrectly handled certain USB devices. A
guest attacker could possibly use this issue to cause QEMU to crash,
leading to a denial of service. This issue only affected Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-8354)
It was discovered that the QEMU package incorrectly set up a binfmt_misc
registration with the C (Credential) flag. A local attacker could use this
with a suid/sgid binary to escalate privileges. This update will no longer
run foreign-architecture binaries with suid/sgid with elevated privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
qemu-system 1:9.2.1+ds-1ubuntu5.2
qemu-system-arm 1:9.2.1+ds-1ubuntu5.2
qemu-system-mips 1:9.2.1+ds-1ubuntu5.2
qemu-system-misc 1:9.2.1+ds-1ubuntu5.2
qemu-system-ppc 1:9.2.1+ds-1ubuntu5.2
qemu-system-riscv 1:9.2.1+ds-1ubuntu5.2
qemu-system-s390x 1:9.2.1+ds-1ubuntu5.2
qemu-system-sparc 1:9.2.1+ds-1ubuntu5.2
qemu-system-x86 1:9.2.1+ds-1ubuntu5.2
qemu-system-x86-xen 1:9.2.1+ds-1ubuntu5.2
qemu-system-xen 1:9.2.1+ds-1ubuntu5.2
Ubuntu 24.04 LTS
qemu-system 1:8.2.2+ds-0ubuntu1.10
qemu-system-arm 1:8.2.2+ds-0ubuntu1.10
qemu-system-mips 1:8.2.2+ds-0ubuntu1.10
qemu-system-misc 1:8.2.2+ds-0ubuntu1.10
qemu-system-ppc 1:8.2.2+ds-0ubuntu1.10
qemu-system-s390x 1:8.2.2+ds-0ubuntu1.10
qemu-system-sparc 1:8.2.2+ds-0ubuntu1.10
qemu-system-x86 1:8.2.2+ds-0ubuntu1.10
qemu-system-x86-xen 1:8.2.2+ds-0ubuntu1.10
qemu-system-xen 1:8.2.2+ds-0ubuntu1.10
Ubuntu 22.04 LTS
qemu-system 1:6.2+dfsg-2ubuntu6.27
qemu-system-arm 1:6.2+dfsg-2ubuntu6.27
qemu-system-mips 1:6.2+dfsg-2ubuntu6.27
qemu-system-misc 1:6.2+dfsg-2ubuntu6.27
qemu-system-ppc 1:6.2+dfsg-2ubuntu6.27
qemu-system-s390x 1:6.2+dfsg-2ubuntu6.27
qemu-system-sparc 1:6.2+dfsg-2ubuntu6.27
qemu-system-x86 1:6.2+dfsg-2ubuntu6.27
qemu-system-x86-microvm 1:6.2+dfsg-2ubuntu6.27
qemu-system-x86-xen 1:6.2+dfsg-2ubuntu6.27
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7744-1
CVE-2024-3446, CVE-2024-3447, CVE-2024-3567, CVE-2024-4467,
CVE-2024-6505, CVE-2024-7409, CVE-2024-8354, https://bugs.launchpad.net/bugs/2120814
Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:9.2.1+ds-1ubuntu5.2
https://launchpad.net/ubuntu/+source/qemu/1:8.2.2+ds-0ubuntu1.10
https://launchpad.net/ubuntu/+source/qemu/1:6.2+dfsg-2ubuntu6.27
