[USN-7615-1] ClamAV vulnerabilities
[USN-7614-1] pcs vulnerabilities
[USN-7612-1] Flask-CORS vulnerabilities
[USN-7613-1] mongo-c-driver vulnerabilities
[USN-7616-1] logback vulnerabilities
[USN-7615-1] ClamAV vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7615-1
July 02, 2025
clamav vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in ClamAV.
Software Description:
- clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV incorrectly handled scanning UDF files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2025-20234)
It was discovered that ClamAV incorrectly handled scanning PDF files. A
remote attacker could use this issue to cause ClamAV to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2025-20260)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
clamav 1.4.3+dfsg-0ubuntu0.25.04.1
Ubuntu 24.10
clamav 1.4.3+dfsg-0ubuntu0.24.10.1
Ubuntu 24.04 LTS
clamav 1.4.3+dfsg-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
clamav 1.4.3+dfsg-0ubuntu0.22.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-7615-1
CVE-2025-20234, CVE-2025-20260
Package Information:
https://launchpad.net/ubuntu/+source/clamav/1.4.3+dfsg-0ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/clamav/1.4.3+dfsg-0ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/clamav/1.4.3+dfsg-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/clamav/1.4.3+dfsg-0ubuntu0.22.04.1
[USN-7614-1] pcs vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7614-1
July 02, 2025
pcs vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in pcs.
Software Description:
- pcs: Pacemaker Configuration System
Details:
Cedric Buissart discovered that pcs did not correctly handle certain
parameters. An attacker could possibly use this issue to leak sensitive
information or elevate their privileges. This issue only affected
Ubuntu 16.04 LTS. (CVE-2018-1086)
Ondrej Mular discovered that pcs did not correctly handle Unix socket
permissions. An attacker could possibly use this issue to elevate their
privileges. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-2735)
It was discovered that pcs did not correctly handle PAM authentication.
An attacker could possibly use this issue to bypass authentication
mechanisms. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-1049)
It was discovered that pcs did not correctly handle the validation of
Node names. An attacker could possibly use this issue to execute a
cross-site scripting (XSS) attack. This issue only affected
Ubuntu 16.04 LTS. (CVE-2017-2661)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
pcs 0.10.11-2ubuntu3+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
pcs 0.10.4-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
pcs 0.9.149-1ubuntu1.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7614-1
CVE-2017-2661, CVE-2018-1086, CVE-2022-1049, CVE-2022-2735
[USN-7612-1] Flask-CORS vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7612-1
July 02, 2025
python-flask-cors vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Flask-CORS.
Software Description:
- python-flask-cors: Flask extension for handling Cross Origin Resource Sharing (CORS)
Details:
It was discovered that Flask-CORS did not correctly handle certain regular
expressions. A remote attacker could possibly use this issue to leak
sensitive information or bypass authentication mechanisms. (CVE-2024-6839)
It was discovered that Flask-CORS allowed certain CORS headers to be
enabled by default. A remote attacker could possibly use this issue to leak
sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu
22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-6221) It was
discovered that Flask-CORS did not correctly handle case sensitivity when
matching paths. A remote attacker could possibly use this issue to leak
sensitive information. (CVE-2024-6866) It was discovered that Flask-CORS
did not correctly handle certain characters in URL paths. A remote attacker
could possibly use this issue to leak sensitive information or bypass
authentication mechanisms. (CVE-2024-6844) Elias Hohl was discovered that
Flask-CORS did not correctly sanitize log entries. A remote attacker could
possibly use this issue to corrupt log files. This issue only affected
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-1681)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
python3-flask-cors 5.0.0-1ubuntu0.1
Ubuntu 24.10
python3-flask-cors 4.0.1-1ubuntu0.1
Ubuntu 24.04 LTS
python3-flask-cors 4.0.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
python3-flask-cors 3.0.9-2ubuntu0.1
Ubuntu 20.04 LTS
python3-flask-cors 3.0.8-2ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7612-1
CVE-2024-1681, CVE-2024-6221, CVE-2024-6839, CVE-2024-6844,
CVE-2024-6866
Package Information:
https://launchpad.net/ubuntu/+source/python-flask-cors/5.0.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-flask-cors/4.0.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-flask-cors/3.0.9-2ubuntu0.1
[USN-7613-1] mongo-c-driver vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7613-1
July 02, 2025
mongo-c-driver vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in mongo-c-driver.
Software Description:
- mongo-c-driver: MongoDB driver for the C language
Details:
Karman Liu discovered that mongo-c-driver did not correctly handle certain
memory operations. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2024-6381)
Karman Liu discovered that mongo-c-driver did not correctly handle certain
memory operations. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS. (CVE-2024-6383, CVE-2025-0755)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libbson-1.0-0t64 1.26.0-1.1ubuntu2+esm1
Available with Ubuntu Pro
libbson-dev 1.26.0-1.1ubuntu2+esm1
Available with Ubuntu Pro
libmongoc-1.0-0t64 1.26.0-1.1ubuntu2+esm1
Available with Ubuntu Pro
libmongoc-dev 1.26.0-1.1ubuntu2+esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libbson-1.0-0 1.21.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbson-dev 1.21.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
libmongoc-1.0-0 1.21.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
libmongoc-dev 1.21.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libbson-1.0-0 1.16.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbson-dev 1.16.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
libmongoc-1.0-0 1.16.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7613-1
CVE-2024-6381, CVE-2024-6383, CVE-2025-0755
[USN-7616-1] logback vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7616-1
July 02, 2025
logback vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in logback.
Software Description:
- logback: A reliable, generic, fast and flexible logging library for Java
Details:
It was discovered that logback could read malicious configuration files
from LDAP servers. An attacker with the required permissions could possibly
use this issue to execute arbitrary code. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-42550) It was
discovered that logback contained a serialization vulnerability. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2023-6378)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
liblogback-java 1:1.2.10-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
liblogback-java 1:1.2.3-5ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
liblogback-java 1:1.2.3-2ubuntu1~18.04.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
liblogback-java 1:1.1.3-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7616-1
CVE-2021-42550, CVE-2023-6378
