Ubuntu has released several security notices (USN-7897-1, USN-7890-1, USN-7898-1, USN-7852-2, USN-7896-1, and USN-7895-1) to address vulnerabilities in various packages, including CUPS, FFmpeg, OpenVPN, libxml2, and WebKitGTK. The vulnerabilities could allow attackers to crash or run programs as administrators, cause denial of service, or execute arbitrary code. Affected Ubuntu releases include 25.10, 25.04, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS.

[USN-7897-1] CUPS vulnerability
[USN-7890-1] FFmpeg vulnerability
[USN-7898-1] OpenVPN vulnerability
[USN-7852-2] libxml2 vulnerability
[USN-7896-1] libxml2 vulnerabilities
[USN-7895-1] WebKitGTK vulnerabilities

[USN-7897-1] CUPS vulnerability

==========================================================================
Ubuntu Security Notice USN-7897-1
November 27, 2025

cups vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

CUPS could be made to crash or run programs as an administrator if it
opened a specially crafted file.

Software Description:
- cups: Common UNIX Printing System(tm)

Details:

It was discovered that CUPS incorrectly handled input from users in the web
configuration settings. An attacker could use this issue to insert
malicious configuration options, causing a denial of service or possibly
executing arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
cups 2.4.12-0ubuntu3.3
cups-daemon 2.4.12-0ubuntu3.3

Ubuntu 25.04
cups 2.4.12-0ubuntu1.4
cups-daemon 2.4.12-0ubuntu1.4

Ubuntu 24.04 LTS
cups 2.4.7-1.2ubuntu7.7
cups-daemon 2.4.7-1.2ubuntu7.7

Ubuntu 22.04 LTS
cups 2.4.1op1-1ubuntu4.15
cups-daemon 2.4.1op1-1ubuntu4.15

Ubuntu 20.04 LTS
cups 2.3.1-9ubuntu1.9+esm3
Available with Ubuntu Pro
cups-daemon 2.3.1-9ubuntu1.9+esm3
Available with Ubuntu Pro

Ubuntu 18.04 LTS
cups 2.2.7-1ubuntu2.10+esm9
Available with Ubuntu Pro
cups-daemon 2.2.7-1ubuntu2.10+esm9
Available with Ubuntu Pro

Ubuntu 16.04 LTS
cups 2.1.3-4ubuntu0.11+esm11
Available with Ubuntu Pro
cups-daemon 2.1.3-4ubuntu0.11+esm11
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7897-1
CVE-2025-61915

Package Information:
https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu3.3
https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu1.4
https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.7
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.15

[USN-7890-1] FFmpeg vulnerability

==========================================================================
Ubuntu Security Notice USN-7890-1
November 26, 2025

ffmpeg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

FFmpeg could be made to crash if it opened a specially crafted file.

Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

It was discovered that FFmpeg did not properly handle the parsing of
certain malformed HLS playlists. If a user were tricked into opening a
specially crafted HLS playlist, an attacker could possibly use this issue
to cause FFmpeg to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
ffmpeg 7:2.8.17-0ubuntu0.1+esm13
Available with Ubuntu Pro
libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm13
Available with Ubuntu Pro
libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm13
Available with Ubuntu Pro
libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm13
Available with Ubuntu Pro
libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm13
Available with Ubuntu Pro
libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm13
Available with Ubuntu Pro
libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm13
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7890-1
CVE-2023-6603

[USN-7898-1] OpenVPN vulnerability

==========================================================================
Ubuntu Security Notice USN-7898-1
November 27, 2025

openvpn vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS

Summary:

OpenVPN could allow unintended access to network services.

Software Description:
- openvpn: virtual private network software

Details:

Joshua Rogers discovered that OpenVPN incorrectly handled HMAC verification
checks. A remote attacker could possibly use this issue to bypass source IP
address validation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
openvpn 2.6.14-2ubuntu1.1

Ubuntu 25.04
openvpn 2.6.14-0ubuntu0.25.04.3

Ubuntu 24.04 LTS
openvpn 2.6.14-0ubuntu0.24.04.3

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7898-1
CVE-2025-13086

Package Information:
https://launchpad.net/ubuntu/+source/openvpn/2.6.14-2ubuntu1.1
https://launchpad.net/ubuntu/+source/openvpn/2.6.14-0ubuntu0.25.04.3
https://launchpad.net/ubuntu/+source/openvpn/2.6.14-0ubuntu0.24.04.3

[USN-7852-2] libxml2 vulnerability

==========================================================================
Ubuntu Security Notice USN-7852-2
November 27, 2025

libxml2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

libxml2 could be made to crash or run programs if it opened a specially crafted file.

Software Description:
- libxml2: GNOME XML library

Details:

USN-7582-1 fixed a vulnerability in libxml2. This update provides the
corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
libxml2 2.9.10+dfsg-5ubuntu0.20.04.10+esm3
Available with Ubuntu Pro
python-libxml2 2.9.10+dfsg-5ubuntu0.20.04.10+esm3
Available with Ubuntu Pro
python3-libxml2 2.9.10+dfsg-5ubuntu0.20.04.10+esm3
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libxml2 2.9.4+dfsg1-6.1ubuntu1.9+esm6
Available with Ubuntu Pro
python-libxml2 2.9.4+dfsg1-6.1ubuntu1.9+esm6
Available with Ubuntu Pro
python3-libxml2 2.9.4+dfsg1-6.1ubuntu1.9+esm6
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libxml2 2.9.3+dfsg1-1ubuntu0.7+esm11
Available with Ubuntu Pro
python-libxml2 2.9.3+dfsg1-1ubuntu0.7+esm11
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7852-2
https://ubuntu.com/security/notices/USN-7852-1
CVE-2025-7425

[USN-7896-1] libxml2 vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7896-1
November 27, 2025

libxml2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in libxml2.

Software Description:
- libxml2: GNOME XML library

Details:

It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)

It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)

It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.
(CVE-2025-7425)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
libxml2 2.9.1+dfsg1-3ubuntu4.13+esm10
Available with Ubuntu Pro
python-libxml2 2.9.1+dfsg1-3ubuntu4.13+esm10
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7896-1
CVE-2025-32414, CVE-2025-32415, CVE-2025-7425

[USN-7895-1] WebKitGTK vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7895-1
November 27, 2025

webkit2gtk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in WebKitGTK.

Software Description:
- webkit2gtk: Web content engine library for GTK+

Details:

Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libjavascriptcoregtk-4.1-0 2.50.1-0ubuntu0.25.10.1
libjavascriptcoregtk-6.0-1 2.50.1-0ubuntu0.25.10.1
libwebkit2gtk-4.1-0 2.50.1-0ubuntu0.25.10.1
libwebkitgtk-6.0-4 2.50.1-0ubuntu0.25.10.1

Ubuntu 25.04
libjavascriptcoregtk-4.1-0 2.50.1-0ubuntu0.25.04.2
libjavascriptcoregtk-6.0-1 2.50.1-0ubuntu0.25.04.2
libwebkit2gtk-4.1-0 2.50.1-0ubuntu0.25.04.2
libwebkitgtk-6.0-4 2.50.1-0ubuntu0.25.04.2

Ubuntu 24.04 LTS
libjavascriptcoregtk-4.1-0 2.50.1-0ubuntu0.24.04.1
libjavascriptcoregtk-6.0-1 2.50.1-0ubuntu0.24.04.1
libwebkit2gtk-4.1-0 2.50.1-0ubuntu0.24.04.1
libwebkitgtk-6.0-4 2.50.1-0ubuntu0.24.04.1

Ubuntu 22.04 LTS
libjavascriptcoregtk-4.0-18 2.50.1-0ubuntu0.22.04.1
libjavascriptcoregtk-4.1-0 2.50.1-0ubuntu0.22.04.1
libjavascriptcoregtk-6.0-1 2.50.1-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.50.1-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.50.1-0ubuntu0.22.04.1
libwebkitgtk-6.0-4 2.50.1-0ubuntu0.22.04.1

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7895-1
CVE-2025-43343

Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.50.1-0ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.50.1-0ubuntu0.25.04.2
https://launchpad.net/ubuntu/+source/webkit2gtk/2.50.1-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.50.1-0ubuntu0.22.04.1