Erlang, Kernel, Libsoup, AIOHTTP, Libmobi, LedgerSMB, PHP updates for Ubuntu

Ubuntu 6923 Published by

Ubuntu Linux has received updates addressing multiple security vulnerabilities, including those related to Erlang, Kernel, Libsoup, AIOHTTP, Libmobi, LedgerSMB, and PHP:

[USN-7443-3] Erlang vulnerability
[USN-7611-3] Linux kernel (AWS) vulnerabilities
[USN-7653-1] Linux kernel (HWE) vulnerabilities
[USN-7652-1] Linux kernel (Real-time) vulnerabilities
[USN-7651-1] Linux kernel vulnerabilities
[USN-7650-1] Linux kernel (OEM) vulnerabilities
[USN-7643-1] libsoup vulnerabilities
[USN-7649-1] Linux kernel vulnerabilities
[USN-7591-6] Linux kernel (Raspberry Pi) vulnerabilities
[USN-7609-5] Linux kernel (Azure) vulnerabilities
[USN-7642-1] AIOHTTP vulnerabilities
[USN-7638-1] Libmobi vulnerabilities
[USN-7647-1] LedgerSMB vulnerabilities
[USN-7648-1] PHP vulnerabilities




[USN-7443-3] Erlang vulnerability


==========================================================================
Ubuntu Security Notice USN-7443-3
July 17, 2025

erlang vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Erlang could be made to run programs if it received specially crafted
network traffic.

Software Description:
- erlang: Concurrent, real-time, distributed functional language

Details:

USN-7443-1 fixed a vulnerability in Erlang. This update provides the
corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

Fabian Bäumer, Marcel Maehren, Marcus Brinkmann, and Jörg Schwenk
discovered that Erlang OTP’s SSH module incorrect handled authentication. A
remote attacker could use this issue to execute arbitrary commands without
authentication, possibly leading to a system compromise.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
erlang 1:20.2.2+dfsg-1ubuntu2+esm1
Available with Ubuntu Pro
erlang-ssh 1:20.2.2+dfsg-1ubuntu2+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
erlang 1:18.3-dfsg-1ubuntu3.1+esm1
Available with Ubuntu Pro
erlang-ssh 1:18.3-dfsg-1ubuntu3.1+esm1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7443-3
https://ubuntu.com/security/notices/USN-7443-2
https://ubuntu.com/security/notices/USN-7443-3
CVE-2025-32433



[USN-7611-3] Linux kernel (AWS) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7611-3
July 17, 2025

linux-aws vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Netfilter;
- Network traffic control;
(CVE-2025-38000, CVE-2025-37890, CVE-2025-38001, CVE-2025-37997,
CVE-2025-37932)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
linux-image-6.14.0-1008-aws 6.14.0-1008.8
linux-image-6.14.0-1008-aws-64k 6.14.0-1008.8
linux-image-aws 6.14.0-1008.8
linux-image-aws-6.14 6.14.0-1008.8
linux-image-aws-64k 6.14.0-1008.8
linux-image-aws-64k-6.14 6.14.0-1008.8

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7611-3
https://ubuntu.com/security/notices/USN-7611-2
https://ubuntu.com/security/notices/USN-7611-1
CVE-2025-37890, CVE-2025-37932, CVE-2025-37997, CVE-2025-38000,
CVE-2025-38001

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/6.14.0-1008.8



[USN-7653-1] Linux kernel (HWE) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7653-1
July 17, 2025

linux-hwe-6.8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-hwe-6.8: Linux hardware enablement (HWE) kernel

Details:

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 architecture;
- Block layer subsystem;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Network block device driver;
- Character device driver;
- TPM device driver;
- Clock framework and drivers;
- FireWire subsystem;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- I3C subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Media drivers;
- NVIDIA Tegra memory controller driver;
- Fastrpc Driver;
- Network drivers;
- Mellanox network drivers;
- Operating Performance Points (OPP) driver;
- PCI subsystem;
- x86 platform drivers;
- i.MX PM domains;
- PPS (Pulse Per Second) driver;
- PTP clock framework;
- Remote Processor subsystem;
- Real Time Clock drivers;
- SCSI subsystem;
- QCOM SoC drivers;
- Media staging drivers;
- TTY drivers;
- UFS subsystem;
- USB Gadget drivers;
- USB Host Controller drivers;
- USB Serial drivers;
- AFS file system;
- File systems infrastructure;
- BTRFS file system;
- F2FS file system;
- GFS2 file system;
- NILFS2 file system;
- File system notification infrastructure;
- Overlay file system;
- Proc file system;
- SMB network file system;
- UBI file system;
- Timer subsystem;
- KVM subsystem;
- Networking core;
- ptr_ring data structure definitions;
- Networking subsytem;
- Amateur Radio drivers;
- XFRM subsystem;
- Tracing infrastructure;
- BPF subsystem;
- Kernel CPU control infrastructure;
- Padata parallel execution mechanism;
- printk logging mechanism;
- Memory management;
- Bluetooth subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- IEEE 802.15.4 subsystem;
- Multipath TCP;
- Netfilter;
- NFC subsystem;
- Open vSwitch;
- Rose network layer;
- RxRPC session sockets;
- Network traffic control;
- VMware vSockets driver;
- Landlock security;
- Linux Security Modules (LSM) Framework;
- Tomoyo security module;
- SoC audio core drivers;
(CVE-2025-21830, CVE-2025-21678, CVE-2025-21815, CVE-2024-57974,
CVE-2025-21725, CVE-2025-21718, CVE-2025-21748, CVE-2025-21732,
CVE-2024-57953, CVE-2025-21727, CVE-2025-21816, CVE-2025-21719,
CVE-2024-53124, CVE-2024-58019, CVE-2025-38001, CVE-2025-21720,
CVE-2025-21734, CVE-2025-21672, CVE-2025-21692, CVE-2024-58076,
CVE-2025-21694, CVE-2024-58061, CVE-2025-21714, CVE-2025-21689,
CVE-2024-49887, CVE-2024-57949, CVE-2025-38177, CVE-2025-21683,
CVE-2025-21669, CVE-2025-21722, CVE-2024-57980, CVE-2025-38000,
CVE-2025-37932, CVE-2024-58034, CVE-2024-58081, CVE-2025-21733,
CVE-2025-21682, CVE-2024-57924, CVE-2025-21743, CVE-2024-57975,
CVE-2025-37798, CVE-2024-58058, CVE-2025-21809, CVE-2025-21676,
CVE-2024-57993, CVE-2025-21699, CVE-2024-58016, CVE-2025-21832,
CVE-2025-21804, CVE-2024-58011, CVE-2024-58007, CVE-2025-21826,
CVE-2024-58055, CVE-2025-21668, CVE-2025-21715, CVE-2024-58078,
CVE-2025-21829, CVE-2025-21811, CVE-2025-21814, CVE-2024-58053,
CVE-2025-21726, CVE-2025-21943, CVE-2025-37750, CVE-2025-21673,
CVE-2024-57984, CVE-2025-37997, CVE-2025-21684, CVE-2025-21750,
CVE-2024-58013, CVE-2025-21799, CVE-2024-58083, CVE-2025-21798,
CVE-2025-21731, CVE-2025-21708, CVE-2024-57986, CVE-2025-21744,
CVE-2024-58014, CVE-2025-21721, CVE-2024-58063, CVE-2024-57979,
CVE-2024-58005, CVE-2025-21728, CVE-2025-21681, CVE-2025-21806,
CVE-2024-57982, CVE-2024-58002, CVE-2024-58082, CVE-2025-21812,
CVE-2025-21745, CVE-2024-58017, CVE-2025-21665, CVE-2025-21828,
CVE-2025-37890, CVE-2024-57952, CVE-2024-57997, CVE-2025-21825,
CVE-2025-21716, CVE-2024-57948, CVE-2025-21710, CVE-2025-21674,
CVE-2025-21675, CVE-2024-50157, CVE-2025-21738, CVE-2025-22088,
CVE-2024-58071, CVE-2024-58085, CVE-2025-21723, CVE-2025-21690,
CVE-2025-21670, CVE-2025-21741, CVE-2024-57999, CVE-2025-21691,
CVE-2024-58068, CVE-2024-58057, CVE-2024-57994, CVE-2024-58072,
CVE-2025-21742, CVE-2024-58006, CVE-2024-58077, CVE-2024-58003,
CVE-2025-21753, CVE-2024-57981, CVE-2024-57973, CVE-2024-58001,
CVE-2025-21666, CVE-2025-21810, CVE-2025-21808, CVE-2024-57996,
CVE-2024-58054, CVE-2024-57998, CVE-2025-21707, CVE-2025-21736,
CVE-2025-21820, CVE-2025-21739, CVE-2024-57951, CVE-2025-21667,
CVE-2024-58070, CVE-2025-21801, CVE-2024-58051, CVE-2024-58079,
CVE-2025-21754, CVE-2024-58069, CVE-2025-37974, CVE-2025-21802,
CVE-2025-21749, CVE-2024-57990, CVE-2024-58080, CVE-2025-21705,
CVE-2025-21697, CVE-2024-58052, CVE-2025-21711, CVE-2024-58056,
CVE-2025-21724, CVE-2024-58018, CVE-2025-21735, CVE-2024-58010,
CVE-2025-21680)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-6.8.0-64-generic 6.8.0-64.67~22.04.1
linux-image-6.8.0-64-generic-64k 6.8.0-64.67~22.04.1
linux-image-generic-6.8 6.8.0-64.67~22.04.1
linux-image-generic-64k-6.8 6.8.0-64.67~22.04.1
linux-image-generic-64k-hwe-22.04 6.8.0-64.67~22.04.1
linux-image-generic-hwe-22.04 6.8.0-64.67~22.04.1
linux-image-oem-22.04 6.8.0-64.67~22.04.1
linux-image-oem-22.04a 6.8.0-64.67~22.04.1
linux-image-oem-22.04b 6.8.0-64.67~22.04.1
linux-image-oem-22.04c 6.8.0-64.67~22.04.1
linux-image-oem-22.04d 6.8.0-64.67~22.04.1
linux-image-virtual-6.8 6.8.0-64.67~22.04.1
linux-image-virtual-hwe-22.04 6.8.0-64.67~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7653-1
CVE-2024-49887, CVE-2024-50157, CVE-2024-53124, CVE-2024-57924,
CVE-2024-57948, CVE-2024-57949, CVE-2024-57951, CVE-2024-57952,
CVE-2024-57953, CVE-2024-57973, CVE-2024-57974, CVE-2024-57975,
CVE-2024-57979, CVE-2024-57980, CVE-2024-57981, CVE-2024-57982,
CVE-2024-57984, CVE-2024-57986, CVE-2024-57990, CVE-2024-57993,
CVE-2024-57994, CVE-2024-57996, CVE-2024-57997, CVE-2024-57998,
CVE-2024-57999, CVE-2024-58001, CVE-2024-58002, CVE-2024-58003,
CVE-2024-58005, CVE-2024-58006, CVE-2024-58007, CVE-2024-58010,
CVE-2024-58011, CVE-2024-58013, CVE-2024-58014, CVE-2024-58016,
CVE-2024-58017, CVE-2024-58018, CVE-2024-58019, CVE-2024-58034,
CVE-2024-58051, CVE-2024-58052, CVE-2024-58053, CVE-2024-58054,
CVE-2024-58055, CVE-2024-58056, CVE-2024-58057, CVE-2024-58058,
CVE-2024-58061, CVE-2024-58063, CVE-2024-58068, CVE-2024-58069,
CVE-2024-58070, CVE-2024-58071, CVE-2024-58072, CVE-2024-58076,
CVE-2024-58077, CVE-2024-58078, CVE-2024-58079, CVE-2024-58080,
CVE-2024-58081, CVE-2024-58082, CVE-2024-58083, CVE-2024-58085,
CVE-2025-21665, CVE-2025-21666, CVE-2025-21667, CVE-2025-21668,
CVE-2025-21669, CVE-2025-21670, CVE-2025-21672, CVE-2025-21673,
CVE-2025-21674, CVE-2025-21675, CVE-2025-21676, CVE-2025-21678,
CVE-2025-21680, CVE-2025-21681, CVE-2025-21682, CVE-2025-21683,
CVE-2025-21684, CVE-2025-21689, CVE-2025-21690, CVE-2025-21691,
CVE-2025-21692, CVE-2025-21694, CVE-2025-21697, CVE-2025-21699,
CVE-2025-21705, CVE-2025-21707, CVE-2025-21708, CVE-2025-21710,
CVE-2025-21711, CVE-2025-21714, CVE-2025-21715, CVE-2025-21716,
CVE-2025-21718, CVE-2025-21719, CVE-2025-21720, CVE-2025-21721,
CVE-2025-21722, CVE-2025-21723, CVE-2025-21724, CVE-2025-21725,
CVE-2025-21726, CVE-2025-21727, CVE-2025-21728, CVE-2025-21731,
CVE-2025-21732, CVE-2025-21733, CVE-2025-21734, CVE-2025-21735,
CVE-2025-21736, CVE-2025-21738, CVE-2025-21739, CVE-2025-21741,
CVE-2025-21742, CVE-2025-21743, CVE-2025-21744, CVE-2025-21745,
CVE-2025-21748, CVE-2025-21749, CVE-2025-21750, CVE-2025-21753,
CVE-2025-21754, CVE-2025-21798, CVE-2025-21799, CVE-2025-21801,
CVE-2025-21802, CVE-2025-21804, CVE-2025-21806, CVE-2025-21808,
CVE-2025-21809, CVE-2025-21810, CVE-2025-21811, CVE-2025-21812,
CVE-2025-21814, CVE-2025-21815, CVE-2025-21816, CVE-2025-21820,
CVE-2025-21825, CVE-2025-21826, CVE-2025-21828, CVE-2025-21829,
CVE-2025-21830, CVE-2025-21832, CVE-2025-21943, CVE-2025-22088,
CVE-2025-2312, CVE-2025-37750, CVE-2025-37798, CVE-2025-37890,
CVE-2025-37932, CVE-2025-37974, CVE-2025-37997, CVE-2025-38000,
CVE-2025-38001, CVE-2025-38177

Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-64.67~22.04.1



[USN-7652-1] Linux kernel (Real-time) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7652-1
July 17, 2025

linux-realtime vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-realtime: Linux kernel for Real-time systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 architecture;
- Block layer subsystem;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Network block device driver;
- Character device driver;
- TPM device driver;
- Clock framework and drivers;
- FireWire subsystem;
- GPU drivers;
- HID subsystem;
- I3C subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- Media drivers;
- NVIDIA Tegra memory controller driver;
- Fastrpc Driver;
- Network drivers;
- Operating Performance Points (OPP) driver;
- PCI subsystem;
- x86 platform drivers;
- PPS (Pulse Per Second) driver;
- PTP clock framework;
- Remote Processor subsystem;
- Real Time Clock drivers;
- SCSI subsystem;
- QCOM SoC drivers;
- Media staging drivers;
- TTY drivers;
- UFS subsystem;
- USB Gadget drivers;
- USB Host Controller drivers;
- File systems infrastructure;
- BTRFS file system;
- F2FS file system;
- NILFS2 file system;
- SMB network file system;
- UBI file system;
- Timer subsystem;
- KVM subsystem;
- Networking core;
- ptr_ring data structure definitions;
- Networking subsytem;
- Amateur Radio drivers;
- XFRM subsystem;
- Tracing infrastructure;
- BPF subsystem;
- Padata parallel execution mechanism;
- printk logging mechanism;
- Memory management;
- Bluetooth subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- NFC subsystem;
- Rose network layer;
- RxRPC session sockets;
- Network traffic control;
- Landlock security;
- Linux Security Modules (LSM) Framework;
- Tomoyo security module;
- SoC audio core drivers;
(CVE-2024-58055, CVE-2024-58077, CVE-2024-58080, CVE-2024-58082,
CVE-2025-21743, CVE-2024-57953, CVE-2024-57994, CVE-2025-21806,
CVE-2024-58007, CVE-2024-58002, CVE-2024-57974, CVE-2024-57980,
CVE-2025-21720, CVE-2024-57990, CVE-2025-21725, CVE-2024-58057,
CVE-2024-58018, CVE-2024-58011, CVE-2025-21814, CVE-2025-21799,
CVE-2024-58017, CVE-2024-58014, CVE-2025-21731, CVE-2024-58072,
CVE-2024-58069, CVE-2024-58006, CVE-2024-57984, CVE-2025-21710,
CVE-2024-58061, CVE-2024-57997, CVE-2024-57975, CVE-2025-21724,
CVE-2025-37974, CVE-2025-21808, CVE-2024-58056, CVE-2025-21753,
CVE-2024-58068, CVE-2025-21728, CVE-2025-21714, CVE-2024-58054,
CVE-2025-21741, CVE-2025-21736, CVE-2025-21715, CVE-2025-21802,
CVE-2025-21739, CVE-2025-21727, CVE-2025-21749, CVE-2024-58053,
CVE-2024-58081, CVE-2025-21828, CVE-2025-21705, CVE-2024-58051,
CVE-2024-57979, CVE-2025-21754, CVE-2025-21734, CVE-2025-21829,
CVE-2025-21735, CVE-2025-21826, CVE-2025-21738, CVE-2024-58079,
CVE-2025-21815, CVE-2025-21708, CVE-2024-57986, CVE-2024-58085,
CVE-2025-21801, CVE-2024-58071, CVE-2025-21810, CVE-2025-21726,
CVE-2025-21744, CVE-2025-21830, CVE-2025-21748, CVE-2024-58001,
CVE-2024-58063, CVE-2024-57996, CVE-2025-21716, CVE-2024-58013,
CVE-2024-58019, CVE-2025-21811, CVE-2025-21711, CVE-2024-58076,
CVE-2024-58070, CVE-2024-57982, CVE-2024-57998, CVE-2025-21745,
CVE-2025-21804, CVE-2024-57973, CVE-2024-58083, CVE-2025-21742,
CVE-2025-37750, CVE-2025-21733, CVE-2025-21750, CVE-2024-57981,
CVE-2025-21718, CVE-2024-58058, CVE-2024-49887, CVE-2024-58003,
CVE-2024-57993, CVE-2024-57999, CVE-2024-58010, CVE-2025-21825,
CVE-2025-21732, CVE-2025-21719, CVE-2025-21721, CVE-2024-58034,
CVE-2024-58005, CVE-2025-21707, CVE-2025-21809, CVE-2024-58078,
CVE-2025-21812, CVE-2024-58016, CVE-2025-21816, CVE-2024-58052,
CVE-2025-21722, CVE-2025-21832, CVE-2025-21723, CVE-2025-21820,
CVE-2025-21798)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.1-1025-realtime 6.8.1-1025.26
Available with Ubuntu Pro
linux-image-realtime 6.8.1-1025.26
Available with Ubuntu Pro
linux-image-realtime-6.8.1 6.8.1-1025.26
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7652-1
CVE-2024-49887, CVE-2024-57953, CVE-2024-57973, CVE-2024-57974,
CVE-2024-57975, CVE-2024-57979, CVE-2024-57980, CVE-2024-57981,
CVE-2024-57982, CVE-2024-57984, CVE-2024-57986, CVE-2024-57990,
CVE-2024-57993, CVE-2024-57994, CVE-2024-57996, CVE-2024-57997,
CVE-2024-57998, CVE-2024-57999, CVE-2024-58001, CVE-2024-58002,
CVE-2024-58003, CVE-2024-58005, CVE-2024-58006, CVE-2024-58007,
CVE-2024-58010, CVE-2024-58011, CVE-2024-58013, CVE-2024-58014,
CVE-2024-58016, CVE-2024-58017, CVE-2024-58018, CVE-2024-58019,
CVE-2024-58034, CVE-2024-58051, CVE-2024-58052, CVE-2024-58053,
CVE-2024-58054, CVE-2024-58055, CVE-2024-58056, CVE-2024-58057,
CVE-2024-58058, CVE-2024-58061, CVE-2024-58063, CVE-2024-58068,
CVE-2024-58069, CVE-2024-58070, CVE-2024-58071, CVE-2024-58072,
CVE-2024-58076, CVE-2024-58077, CVE-2024-58078, CVE-2024-58079,
CVE-2024-58080, CVE-2024-58081, CVE-2024-58082, CVE-2024-58083,
CVE-2024-58085, CVE-2025-21705, CVE-2025-21707, CVE-2025-21708,
CVE-2025-21710, CVE-2025-21711, CVE-2025-21714, CVE-2025-21715,
CVE-2025-21716, CVE-2025-21718, CVE-2025-21719, CVE-2025-21720,
CVE-2025-21721, CVE-2025-21722, CVE-2025-21723, CVE-2025-21724,
CVE-2025-21725, CVE-2025-21726, CVE-2025-21727, CVE-2025-21728,
CVE-2025-21731, CVE-2025-21732, CVE-2025-21733, CVE-2025-21734,
CVE-2025-21735, CVE-2025-21736, CVE-2025-21738, CVE-2025-21739,
CVE-2025-21741, CVE-2025-21742, CVE-2025-21743, CVE-2025-21744,
CVE-2025-21745, CVE-2025-21748, CVE-2025-21749, CVE-2025-21750,
CVE-2025-21753, CVE-2025-21754, CVE-2025-21798, CVE-2025-21799,
CVE-2025-21801, CVE-2025-21802, CVE-2025-21804, CVE-2025-21806,
CVE-2025-21808, CVE-2025-21809, CVE-2025-21810, CVE-2025-21811,
CVE-2025-21812, CVE-2025-21814, CVE-2025-21815, CVE-2025-21816,
CVE-2025-21820, CVE-2025-21825, CVE-2025-21826, CVE-2025-21828,
CVE-2025-21829, CVE-2025-21830, CVE-2025-21832, CVE-2025-37750,
CVE-2025-37974

Package Information:
https://launchpad.net/ubuntu/+source/linux-realtime/6.8.1-1025.26



[USN-7651-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7651-1
July 17, 2025

linux, linux-aws, linux-oem-6.8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-oem-6.8: Linux kernel for OEM systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- S390 architecture;
- Block layer subsystem;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Network block device driver;
- Character device driver;
- TPM device driver;
- Clock framework and drivers;
- FireWire subsystem;
- GPU drivers;
- HID subsystem;
- I3C subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- Media drivers;
- NVIDIA Tegra memory controller driver;
- Fastrpc Driver;
- Network drivers;
- Operating Performance Points (OPP) driver;
- PCI subsystem;
- x86 platform drivers;
- PPS (Pulse Per Second) driver;
- PTP clock framework;
- Remote Processor subsystem;
- Real Time Clock drivers;
- SCSI subsystem;
- QCOM SoC drivers;
- Media staging drivers;
- TTY drivers;
- UFS subsystem;
- USB Gadget drivers;
- USB Host Controller drivers;
- File systems infrastructure;
- BTRFS file system;
- F2FS file system;
- NILFS2 file system;
- SMB network file system;
- UBI file system;
- Timer subsystem;
- KVM subsystem;
- Networking core;
- ptr_ring data structure definitions;
- Networking subsytem;
- Amateur Radio drivers;
- XFRM subsystem;
- Tracing infrastructure;
- BPF subsystem;
- Padata parallel execution mechanism;
- printk logging mechanism;
- Memory management;
- Bluetooth subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- NFC subsystem;
- Rose network layer;
- RxRPC session sockets;
- Network traffic control;
- Landlock security;
- Linux Security Modules (LSM) Framework;
- Tomoyo security module;
- SoC audio core drivers;
(CVE-2024-57980, CVE-2024-58061, CVE-2025-21742, CVE-2025-21820,
CVE-2024-57993, CVE-2024-58071, CVE-2024-58017, CVE-2024-58019,
CVE-2025-21745, CVE-2024-58016, CVE-2024-58011, CVE-2024-58054,
CVE-2025-21731, CVE-2024-58058, CVE-2024-58082, CVE-2025-21722,
CVE-2024-58063, CVE-2024-58014, CVE-2025-21735, CVE-2025-21828,
CVE-2025-21804, CVE-2024-58018, CVE-2025-21814, CVE-2024-58005,
CVE-2024-58078, CVE-2025-21832, CVE-2025-21725, CVE-2025-21732,
CVE-2025-21718, CVE-2024-58069, CVE-2024-58052, CVE-2024-57973,
CVE-2025-21825, CVE-2024-58056, CVE-2024-58080, CVE-2025-21810,
CVE-2024-57953, CVE-2025-37974, CVE-2024-57979, CVE-2025-21708,
CVE-2024-57974, CVE-2025-21753, CVE-2025-21736, CVE-2025-21728,
CVE-2025-21743, CVE-2025-21815, CVE-2025-21802, CVE-2025-21739,
CVE-2024-57986, CVE-2024-57982, CVE-2025-21749, CVE-2025-21806,
CVE-2025-21754, CVE-2025-21738, CVE-2025-21716, CVE-2025-21705,
CVE-2024-57998, CVE-2024-58006, CVE-2024-58068, CVE-2025-21748,
CVE-2024-58077, CVE-2025-21723, CVE-2024-58013, CVE-2025-21719,
CVE-2024-58002, CVE-2025-21750, CVE-2024-58053, CVE-2024-58070,
CVE-2025-21809, CVE-2024-57975, CVE-2025-21816, CVE-2025-21798,
CVE-2024-58051, CVE-2024-58083, CVE-2025-21808, CVE-2025-21799,
CVE-2024-57996, CVE-2024-58085, CVE-2025-21744, CVE-2024-57994,
CVE-2024-58055, CVE-2024-58076, CVE-2025-21710, CVE-2025-21707,
CVE-2024-58072, CVE-2025-21726, CVE-2025-21811, CVE-2025-37750,
CVE-2024-58001, CVE-2025-21714, CVE-2025-21711, CVE-2025-21830,
CVE-2024-58007, CVE-2025-21812, CVE-2025-21734, CVE-2024-58034,
CVE-2024-58081, CVE-2024-58079, CVE-2024-58003, CVE-2025-21721,
CVE-2024-49887, CVE-2024-57984, CVE-2025-21715, CVE-2025-21801,
CVE-2024-57997, CVE-2025-21741, CVE-2025-21727, CVE-2024-58057,
CVE-2025-21724, CVE-2024-57990, CVE-2024-57981, CVE-2024-57999,
CVE-2025-21733, CVE-2025-21829, CVE-2024-58010, CVE-2025-21720,
CVE-2025-21826)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1031-oem 6.8.0-1031.31
linux-image-6.8.0-1032-aws 6.8.0-1032.34
linux-image-6.8.0-1032-aws-64k 6.8.0-1032.34
linux-image-6.8.0-64-generic 6.8.0-64.67
linux-image-6.8.0-64-generic-64k 6.8.0-64.67
linux-image-aws-6.8 6.8.0-1032.34
linux-image-aws-64k-6.8 6.8.0-1032.34
linux-image-aws-64k-lts-24.04 6.8.0-1032.34
linux-image-aws-lts-24.04 6.8.0-1032.34
linux-image-generic 6.8.0-64.67
linux-image-generic-6.8 6.8.0-64.67
linux-image-generic-64k 6.8.0-64.67
linux-image-generic-64k-6.8 6.8.0-64.67
linux-image-generic-lpae 6.8.0-64.67
linux-image-kvm 6.8.0-64.67
linux-image-oem-24.04 6.8.0-1031.31
linux-image-oem-24.04a 6.8.0-1031.31
linux-image-oem-6.8 6.8.0-1031.31
linux-image-virtual 6.8.0-64.67
linux-image-virtual-6.8 6.8.0-64.67

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7651-1
CVE-2024-49887, CVE-2024-57953, CVE-2024-57973, CVE-2024-57974,
CVE-2024-57975, CVE-2024-57979, CVE-2024-57980, CVE-2024-57981,
CVE-2024-57982, CVE-2024-57984, CVE-2024-57986, CVE-2024-57990,
CVE-2024-57993, CVE-2024-57994, CVE-2024-57996, CVE-2024-57997,
CVE-2024-57998, CVE-2024-57999, CVE-2024-58001, CVE-2024-58002,
CVE-2024-58003, CVE-2024-58005, CVE-2024-58006, CVE-2024-58007,
CVE-2024-58010, CVE-2024-58011, CVE-2024-58013, CVE-2024-58014,
CVE-2024-58016, CVE-2024-58017, CVE-2024-58018, CVE-2024-58019,
CVE-2024-58034, CVE-2024-58051, CVE-2024-58052, CVE-2024-58053,
CVE-2024-58054, CVE-2024-58055, CVE-2024-58056, CVE-2024-58057,
CVE-2024-58058, CVE-2024-58061, CVE-2024-58063, CVE-2024-58068,
CVE-2024-58069, CVE-2024-58070, CVE-2024-58071, CVE-2024-58072,
CVE-2024-58076, CVE-2024-58077, CVE-2024-58078, CVE-2024-58079,
CVE-2024-58080, CVE-2024-58081, CVE-2024-58082, CVE-2024-58083,
CVE-2024-58085, CVE-2025-21705, CVE-2025-21707, CVE-2025-21708,
CVE-2025-21710, CVE-2025-21711, CVE-2025-21714, CVE-2025-21715,
CVE-2025-21716, CVE-2025-21718, CVE-2025-21719, CVE-2025-21720,
CVE-2025-21721, CVE-2025-21722, CVE-2025-21723, CVE-2025-21724,
CVE-2025-21725, CVE-2025-21726, CVE-2025-21727, CVE-2025-21728,
CVE-2025-21731, CVE-2025-21732, CVE-2025-21733, CVE-2025-21734,
CVE-2025-21735, CVE-2025-21736, CVE-2025-21738, CVE-2025-21739,
CVE-2025-21741, CVE-2025-21742, CVE-2025-21743, CVE-2025-21744,
CVE-2025-21745, CVE-2025-21748, CVE-2025-21749, CVE-2025-21750,
CVE-2025-21753, CVE-2025-21754, CVE-2025-21798, CVE-2025-21799,
CVE-2025-21801, CVE-2025-21802, CVE-2025-21804, CVE-2025-21806,
CVE-2025-21808, CVE-2025-21809, CVE-2025-21810, CVE-2025-21811,
CVE-2025-21812, CVE-2025-21814, CVE-2025-21815, CVE-2025-21816,
CVE-2025-21820, CVE-2025-21825, CVE-2025-21826, CVE-2025-21828,
CVE-2025-21829, CVE-2025-21830, CVE-2025-21832, CVE-2025-37750,
CVE-2025-37974

Package Information:
https://launchpad.net/ubuntu/+source/linux/6.8.0-64.67
https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1032.34
https://launchpad.net/ubuntu/+source/linux-oem-6.8/6.8.0-1031.31



[USN-7650-1] Linux kernel (OEM) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7650-1
July 17, 2025

linux-oem-6.14 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-oem-6.14: Linux kernel for OEM systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PA-RISC architecture;
- PowerPC architecture;
- S390 architecture;
- x86 architecture;
- Compute Acceleration Framework;
- Ublk userspace block driver;
- ARM SCMI message protocol;
- GPU drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Network drivers;
- PCI subsystem;
- PTP clock framework;
- SPI subsystem;
- BTRFS file system;
- SMB network file system;
- eXpress Data Path;
- Universal MIDI packet (UMP) support module;
- Tracing infrastructure;
- Memory management;
- IPv4 networking;
- IPv6 networking;
- Network traffic control;
- AMD SoC Alsa drivers;
- SoC Audio generic drivers;
(CVE-2025-37899, CVE-2025-37905, CVE-2025-37916, CVE-2025-37935,
CVE-2025-37923, CVE-2025-37906, CVE-2025-37929, CVE-2025-37907,
CVE-2025-37909, CVE-2025-37910, CVE-2025-37921, CVE-2025-37927,
CVE-2025-38216, CVE-2025-37914, CVE-2025-37928, CVE-2025-37915,
CVE-2025-37990, CVE-2025-37917, CVE-2025-37936, CVE-2025-37946,
CVE-2025-37934, CVE-2025-37894, CVE-2025-37898, CVE-2025-37911,
CVE-2025-37912, CVE-2025-37920, CVE-2025-37926, CVE-2025-37919,
CVE-2025-37900, CVE-2025-37908, CVE-2025-37924, CVE-2025-37974,
CVE-2025-37901, CVE-2025-37903, CVE-2025-37891, CVE-2025-37922,
CVE-2025-37991, CVE-2025-37930, CVE-2025-37896, CVE-2025-37897,
CVE-2025-37913, CVE-2025-37895, CVE-2025-37933, CVE-2025-37904,
CVE-2025-37931)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.14.0-1007-oem 6.14.0-1007.7
linux-image-oem-24.04c 6.14.0-1007.7
linux-image-oem-6.14 6.14.0-1007.7

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7650-1
CVE-2025-37891, CVE-2025-37894, CVE-2025-37895, CVE-2025-37896,
CVE-2025-37897, CVE-2025-37898, CVE-2025-37899, CVE-2025-37900,
CVE-2025-37901, CVE-2025-37903, CVE-2025-37904, CVE-2025-37905,
CVE-2025-37906, CVE-2025-37907, CVE-2025-37908, CVE-2025-37909,
CVE-2025-37910, CVE-2025-37911, CVE-2025-37912, CVE-2025-37913,
CVE-2025-37914, CVE-2025-37915, CVE-2025-37916, CVE-2025-37917,
CVE-2025-37919, CVE-2025-37920, CVE-2025-37921, CVE-2025-37922,
CVE-2025-37923, CVE-2025-37924, CVE-2025-37926, CVE-2025-37927,
CVE-2025-37928, CVE-2025-37929, CVE-2025-37930, CVE-2025-37931,
CVE-2025-37933, CVE-2025-37934, CVE-2025-37935, CVE-2025-37936,
CVE-2025-37946, CVE-2025-37974, CVE-2025-37990, CVE-2025-37991,
CVE-2025-38216

Package Information:
https://launchpad.net/ubuntu/+source/linux-oem-6.14/6.14.0-1007.7



[USN-7643-1] libsoup vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7643-1
July 17, 2025

libsoup3, libsoup2.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in libsoup.

Software Description:
- libsoup2.4: HTTP client/server library for GNOME
- libsoup3: HTTP client/server library for GNOME

Details:

Jan Różański discovered that libsoup incorrectly handled range headers in
an HTTP request. An attacker could possibly use this issue to cause libsoup
to consume excessive memory, resulting in a denial of service.
(CVE-2025-32907)

Alon Zahavi discovered that libsoup incorrectly handled memory when parsing
HTTP requests. An attacker could possibly use this issue to send a
maliciously crafted HTTP request to the server, causing a denial of service
or obtaining sensitive information. This issue only affected Ubuntu 25.04.
(CVE-2025-32914)

It was discovered that libsoup incorrectly handled memory when parsing
the expiration date of maliciously crafted cookies. An attacker could
possibly use this issue to cause a denial of service. (CVE-2025-4945)

It was discovered that libsoup incorrectly handled integer calculations
when parsing multipart data. An attacker could possibly use this issue to
cause a denial of service. (CVE-2025-4948)

It was discovered that libsoup incorrectly handled buffer reading when
locating boundaries in multipart forms. An attacker could possibly use this
issue to cause a denial of service or obtain sensitive information.
(CVE-2025-4969)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libsoup-2.4-1 2.74.3-10ubuntu0.4
libsoup-3.0-0 3.6.5-1ubuntu0.2

Ubuntu 24.04 LTS
libsoup-2.4-1 2.74.3-6ubuntu1.6
libsoup-3.0-0 3.4.4-5ubuntu0.5

Ubuntu 22.04 LTS
libsoup-3.0-0 3.0.7-0ubuntu1+esm5
Available with Ubuntu Pro
libsoup2.4-1 2.74.2-3ubuntu0.6

Ubuntu 20.04 LTS
libsoup2.4-1 2.70.0-1ubuntu0.5+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libsoup2.4-1 2.62.1-1ubuntu0.4+esm6
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libsoup2.4-1 2.52.2-1ubuntu0.3+esm5
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7643-1
CVE-2025-32907, CVE-2025-32914, CVE-2025-4945, CVE-2025-4948,
CVE-2025-4969

Package Information:
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-10ubuntu0.4
https://launchpad.net/ubuntu/+source/libsoup3/3.6.5-1ubuntu0.2
https://launchpad.net/ubuntu/+source/libsoup2.4/2.74.3-6ubuntu1.6
https://launchpad.net/ubuntu/+source/libsoup3/3.4.4-5ubuntu0.5



[USN-7649-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7649-1
July 17, 2025

linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-realtime: Linux kernel for Real-time systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PA-RISC architecture;
- PowerPC architecture;
- S390 architecture;
- x86 architecture;
- Compute Acceleration Framework;
- Ublk userspace block driver;
- Bluetooth drivers;
- ARM SCMI message protocol;
- GPU drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- Multiple devices driver;
- Network drivers;
- PCI subsystem;
- PTP clock framework;
- SPI subsystem;
- BTRFS file system;
- SMB network file system;
- eXpress Data Path;
- Universal MIDI packet (UMP) support module;
- Tracing infrastructure;
- Memory management;
- IPv4 networking;
- IPv6 networking;
- Network traffic control;
- AMD SoC Alsa drivers;
- SoC Audio generic drivers;
(CVE-2025-37898, CVE-2025-37990, CVE-2025-37974, CVE-2025-37991,
CVE-2025-37894, CVE-2025-37906, CVE-2025-37896, CVE-2025-37909,
CVE-2025-37923, CVE-2025-37899, CVE-2025-37901, CVE-2025-37914,
CVE-2025-38216, CVE-2025-37931, CVE-2025-37928, CVE-2025-37916,
CVE-2025-37908, CVE-2025-37915, CVE-2025-37917, CVE-2025-37921,
CVE-2025-37903, CVE-2025-37922, CVE-2025-37895, CVE-2025-37936,
CVE-2025-37933, CVE-2025-37891, CVE-2025-37926, CVE-2025-37912,
CVE-2025-37920, CVE-2025-37924, CVE-2025-37927, CVE-2025-37946,
CVE-2025-37907, CVE-2025-37930, CVE-2025-37911, CVE-2025-37905,
CVE-2025-37900, CVE-2025-37929, CVE-2025-37910, CVE-2025-37913,
CVE-2025-37935, CVE-2025-37919, CVE-2025-37918, CVE-2025-37897,
CVE-2025-37904, CVE-2025-37934)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
linux-image-6.14.0-1006-realtime 6.14.0-1006.6
linux-image-6.14.0-1009-raspi 6.14.0-1009.9
linux-image-6.14.0-1011-gcp 6.14.0-1011.11
linux-image-6.14.0-1011-gcp-64k 6.14.0-1011.11
linux-image-6.14.0-24-generic 6.14.0-24.24
linux-image-6.14.0-24-generic-64k 6.14.0-24.24
linux-image-gcp 6.14.0-1011.11
linux-image-gcp-6.14 6.14.0-1011.11
linux-image-gcp-64k 6.14.0-1011.11
linux-image-gcp-64k-6.14 6.14.0-1011.11
linux-image-generic 6.14.0-24.24
linux-image-generic-6.14 6.14.0-24.24
linux-image-generic-64k 6.14.0-24.24
linux-image-generic-64k-6.14 6.14.0-24.24
linux-image-generic-64k-hwe-24.04 6.14.0-24.24
linux-image-generic-hwe-24.04 6.14.0-24.24
linux-image-oem-24.04 6.14.0-24.24
linux-image-oem-24.04a 6.14.0-24.24
linux-image-raspi 6.14.0-1009.9
linux-image-raspi-6.14 6.14.0-1009.9
linux-image-realtime 6.14.0-1006.6
linux-image-realtime-6.14 6.14.0-1006.6
linux-image-realtime-hwe-24.04 6.14.0-1006.6
linux-image-virtual 6.14.0-24.24
linux-image-virtual-6.14 6.14.0-24.24
linux-image-virtual-hwe-24.04 6.14.0-24.24

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7649-1
CVE-2025-37891, CVE-2025-37894, CVE-2025-37895, CVE-2025-37896,
CVE-2025-37897, CVE-2025-37898, CVE-2025-37899, CVE-2025-37900,
CVE-2025-37901, CVE-2025-37903, CVE-2025-37904, CVE-2025-37905,
CVE-2025-37906, CVE-2025-37907, CVE-2025-37908, CVE-2025-37909,
CVE-2025-37910, CVE-2025-37911, CVE-2025-37912, CVE-2025-37913,
CVE-2025-37914, CVE-2025-37915, CVE-2025-37916, CVE-2025-37917,
CVE-2025-37918, CVE-2025-37919, CVE-2025-37920, CVE-2025-37921,
CVE-2025-37922, CVE-2025-37923, CVE-2025-37924, CVE-2025-37926,
CVE-2025-37927, CVE-2025-37928, CVE-2025-37929, CVE-2025-37930,
CVE-2025-37931, CVE-2025-37933, CVE-2025-37934, CVE-2025-37935,
CVE-2025-37936, CVE-2025-37946, CVE-2025-37974, CVE-2025-37990,
CVE-2025-37991, CVE-2025-38216

Package Information:
https://launchpad.net/ubuntu/+source/linux/6.14.0-24.24
https://launchpad.net/ubuntu/+source/linux-gcp/6.14.0-1011.11
https://launchpad.net/ubuntu/+source/linux-raspi/6.14.0-1009.9
https://launchpad.net/ubuntu/+source/linux-realtime/6.14.0-1006.6



[USN-7591-6] Linux kernel (Raspberry Pi) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7591-6
July 17, 2025

linux-raspi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems

Details:

Michael Randrianantenaina discovered that the Bluetooth driver in the Linux
Kernel contained an improper access control vulnerability. A nearby
attacker could use this to connect a rougue device and possibly execute
arbitrary code. (CVE-2024-8805)

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Clock framework and drivers;
- GPU drivers;
- HID subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- Mellanox network drivers;
- NTB driver;
- PCI subsystem;
- Voltage and Current Regulator drivers;
- Remote Processor subsystem;
- SCSI subsystem;
- QCOM SoC drivers;
- Thermal drivers;
- BTRFS file system;
- Ext4 file system;
- JFS file system;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- File systems infrastructure;
- Proc file system;
- SMB network file system;
- IPv6 networking;
- RDMA verbs API;
- SoC audio core drivers;
- Tracing infrastructure;
- Watch queue notification mechanism;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- Networking core;
- IPv4 networking;
- Netfilter;
- Network traffic control;
- SMC sockets;
- SoC Audio for Freescale CPUs drivers;
(CVE-2025-23138, CVE-2025-21956, CVE-2025-21970, CVE-2025-22025,
CVE-2024-46753, CVE-2025-21962, CVE-2025-37889, CVE-2025-21992,
CVE-2025-39728, CVE-2025-22054, CVE-2025-21959, CVE-2024-53144,
CVE-2022-49728, CVE-2024-58093, CVE-2025-38637, CVE-2025-21981,
CVE-2025-21963, CVE-2025-21968, CVE-2025-22014, CVE-2024-46812,
CVE-2025-22005, CVE-2025-21994, CVE-2025-22071, CVE-2025-22008,
CVE-2022-49636, CVE-2025-22007, CVE-2023-53034, CVE-2025-22035,
CVE-2025-22010, CVE-2025-22081, CVE-2025-22021, CVE-2024-46821,
CVE-2025-21999, CVE-2025-38575, CVE-2025-22073, CVE-2025-22004,
CVE-2024-42230, CVE-2025-21941, CVE-2024-56664, CVE-2025-22044,
CVE-2025-39735, CVE-2025-22060, CVE-2025-22055, CVE-2025-21957,
CVE-2025-21975, CVE-2025-22075, CVE-2025-22089, CVE-2025-37937,
CVE-2025-38152, CVE-2025-22020, CVE-2025-22066, CVE-2025-22056,
CVE-2025-22050, CVE-2025-21964, CVE-2025-21996, CVE-2025-22079,
CVE-2025-23136, CVE-2025-22063, CVE-2024-36945, CVE-2025-22097,
CVE-2025-37785, CVE-2025-21991, CVE-2025-22086, CVE-2025-22045,
CVE-2025-22018)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1080-raspi 5.15.0-1080.83
linux-image-raspi 5.15.0.1080.78
linux-image-raspi-nolpae 5.15.0.1080.78

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7591-6
https://ubuntu.com/security/notices/USN-7591-5
https://ubuntu.com/security/notices/USN-7591-4
https://ubuntu.com/security/notices/USN-7591-3
https://ubuntu.com/security/notices/USN-7591-2
https://ubuntu.com/security/notices/USN-7591-1
CVE-2022-49636, CVE-2022-49728, CVE-2023-53034, CVE-2024-36945,
CVE-2024-42230, CVE-2024-46753, CVE-2024-46812, CVE-2024-46821,
CVE-2024-53144, CVE-2024-56664, CVE-2024-58093, CVE-2024-8805,
CVE-2025-21941, CVE-2025-21956, CVE-2025-21957, CVE-2025-21959,
CVE-2025-21962, CVE-2025-21963, CVE-2025-21964, CVE-2025-21968,
CVE-2025-21970, CVE-2025-21975, CVE-2025-21981, CVE-2025-21991,
CVE-2025-21992, CVE-2025-21994, CVE-2025-21996, CVE-2025-21999,
CVE-2025-22004, CVE-2025-22005, CVE-2025-22007, CVE-2025-22008,
CVE-2025-22010, CVE-2025-22014, CVE-2025-22018, CVE-2025-22020,
CVE-2025-22021, CVE-2025-22025, CVE-2025-22035, CVE-2025-22044,
CVE-2025-22045, CVE-2025-22050, CVE-2025-22054, CVE-2025-22055,
CVE-2025-22056, CVE-2025-22060, CVE-2025-22063, CVE-2025-22066,
CVE-2025-22071, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079,
CVE-2025-22081, CVE-2025-22086, CVE-2025-22089, CVE-2025-22097,
CVE-2025-2312, CVE-2025-23136, CVE-2025-23138, CVE-2025-37785,
CVE-2025-37889, CVE-2025-37937, CVE-2025-38152, CVE-2025-38575,
CVE-2025-38637, CVE-2025-39728, CVE-2025-39735

Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/5.15.0-1080.83



[USN-7609-5] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7609-5
July 17, 2025

linux-azure-6.8, linux-azure-nvidia vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-nvidia: Linux kernel for Microsoft Azure Cloud systems, N-Series
- linux-azure-6.8: Linux kernel for Microsoft Azure cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- InfiniBand drivers;
- Netfilter;
- Network traffic control;
(CVE-2025-38001, CVE-2025-37798, CVE-2025-37932, CVE-2025-37997,
CVE-2025-38000, CVE-2025-22088, CVE-2025-37890)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1019-azure-nvidia 6.8.0-1019.20
linux-image-azure-nvidia 6.8.0-1019.20
linux-image-azure-nvidia-6.8 6.8.0-1019.20

Ubuntu 22.04 LTS
linux-image-6.8.0-1031-azure 6.8.0-1031.36~22.04.1
linux-image-6.8.0-1031-azure-fde 6.8.0-1031.36~22.04.1
linux-image-azure 6.8.0-1031.36~22.04.1
linux-image-azure-6.8 6.8.0-1031.36~22.04.1
linux-image-azure-fde 6.8.0-1031.36~22.04.1
linux-image-azure-fde-6.8 6.8.0-1031.36~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7609-5
https://ubuntu.com/security/notices/USN-7609-4
https://ubuntu.com/security/notices/USN-7609-3
https://ubuntu.com/security/notices/USN-7609-2
https://ubuntu.com/security/notices/USN-7609-1
CVE-2025-22088, CVE-2025-37798, CVE-2025-37890, CVE-2025-37932,
CVE-2025-37997, CVE-2025-38000, CVE-2025-38001

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-nvidia/6.8.0-1019.20
https://launchpad.net/ubuntu/+source/linux-azure-6.8/6.8.0-1031.36~22.04.1



[USN-7642-1] AIOHTTP vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7642-1
July 17, 2025

python-aiohttp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in AIOHTTP.

Software Description:
- python-aiohttp: Asynchronous HTTP client/server Python framework

Details:

Ben Kallus discovered that AIOHTTP did not correctly parse HTTP
headers. A remote attacker could possibly use this issue to perform
request smuggling. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2023-47627)

Ivan Novikov discovered that AIOHTTP did not properly validate certain
inputs. A remote attacker could possibly use this issue to perform request
smuggling. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2023-49081, CVE-2023-49082)

Paul J. Dorn discovered that AIOHTTP did not properly validate certain
inputs. A remote attacker could possibly use this issue to perform request
smuggling. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and
Ubuntu 24.04 LTS. (CVE-2024-23829)

Takeshi Kaneko discovered that AIOHTTP did not properly sanitize certain
inputs. A remote attacker could possibly use this issue to perform a
cross-site scripting (XSS) attack. (CVE-2024-27306)

It was discovered that AIOHTTP did not correctly handle certain POST
requests. A remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-30251)

Jeppe Bonde Weikop discovered that AIOHTTP did not correctly handle
parsing newlines in certain inputs. A remote attacker could possibly use
this issue to perform request smuggling. (CVE-2024-52304)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
python3-aiohttp 3.9.1-1ubuntu0.1+esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
python3-aiohttp 3.8.1-4ubuntu0.2+esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
python3-aiohttp 3.6.2-1ubuntu1+esm4
Available with Ubuntu Pro

Ubuntu 18.04 LTS
python3-aiohttp 3.0.1-1ubuntu0.1~esm5
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7642-1
CVE-2023-47627, CVE-2023-49081, CVE-2023-49082, CVE-2024-23829,
CVE-2024-27306, CVE-2024-30251, CVE-2024-52304



[USN-7638-1] Libmobi vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7638-1
July 16, 2025

libmobi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Libmobi.

Software Description:
- libmobi: C library for handling Kindle (MOBI) formats of ebook documents

Details:

It was discovered that Libmobi did not correctly handle certain memory
operations, which could lead to a buffer overflow. A local attacker
could possibly trigger this vulnerability to cause a denial of service.
(CVE-2022-1907, CVE-2022-1908)

It was discovered that Libmobi could dereference a NULL pointer via the
component mobi_buffer_getpointer. A local attacker could possibly
trigger this vulnerability to cause a denial of service.
(CVE-2022-29788)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
libmobi0 0.9+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7638-1
CVE-2022-1907, CVE-2022-1908, CVE-2022-29788



[USN-7647-1] LedgerSMB vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7647-1
July 17, 2025

ledgersmb vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in LedgerSMB.

Software Description:
- ledgersmb: A libre software double entry accounting and enterprise resource planning (ERP) system

Details:

It was discovered that LedgerSMB did not check the origin of HTML
fragments. An attacker could possibly use this issue to send a
maliciously crafted URL to the server and obtain sensitive
information, or execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04.
(CVE-2021-3693)

It was discovered that LedgerSMB did not properly encode HTML
error messages. An attacker could possibly use this issue to send
a maliciously crafted URL to the server and obtain sensitive
information, or execute arbitrary code. This issue only affected
Ubuntu 18.04 LTS. (CVE-2021-3694)

It was discovered that LedgerSMB did not guard against discrete
link redirections. An attacker could possibly use this issue to
obtain sensitive information. This issue only affected Ubuntu
16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-3731)

It was discovered that LedgerSMB did not properly set the 'Secure'
attribute during HTTPS sessions. If a user were tricked into using
an unencrypted connection, an attacker could possibly use this
issue to obtain sensitive information. This issue only affected
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
25.04. (CVE-2021-3882)

It was discovered that LedgerSMB could create admin accounts via
a URL. If an admin were tricked into clicking a maliciously
crafted URL, an attacker could possibly use this issue to
achieve privilege escalation. This issue only affected Ubuntu 20.04
LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.04.
(CVE-2024-23831)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
ledgersmb 1.6.33+ds-2.2ubuntu0.25.04.1

Ubuntu 24.04 LTS
ledgersmb 1.6.33+ds-2.1ubuntu0.1

Ubuntu 22.04 LTS
ledgersmb 1.6.33+ds-1ubuntu0.1

Ubuntu 20.04 LTS
ledgersmb 1.6.9+ds-1ubuntu0.1+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
ledgersmb 1.4.42+ds-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
ledgersmb 1.3.46-1ubuntu0.1~esm1
Available with Ubuntu Pro

After a standard system update you need to restart LedgerSMB to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7647-1
CVE-2021-3693, CVE-2021-3694, CVE-2021-3731, CVE-2021-3882,
CVE-2024-23831

Package Information:
https://launchpad.net/ubuntu/+source/ledgersmb/1.6.33+ds-2.2ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/ledgersmb/1.6.33+ds-2.1ubuntu0.1
https://launchpad.net/ubuntu/+source/ledgersmb/1.6.33+ds-1ubuntu0.1



[USN-7648-1] PHP vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7648-1
July 17, 2025

php8.1, php8.3, php8.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
- php8.4: HTML-embedded scripting language interpreter
- php8.3: HTML-embedded scripting language interpreter
- php8.1: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled certain hostnames containing
null characters. A remote attacker could possibly use this issue to bypass
certain hostname validation checks. (CVE-2025-1220)

It was discovered that PHP incorrectly handled the pgsql and pdo_pgsql
escaping functions. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. (CVE-2025-1735)

It was discovered that PHP incorrectly handled parsing certain XML data in
SOAP extensions. A remote attacker could possibly use this issue to cause
PHP to crash, resulting in a denial of service. (CVE-2025-6491)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libapache2-mod-php8.4 8.4.5-1ubuntu1.1
php8.4 8.4.5-1ubuntu1.1
php8.4-cgi 8.4.5-1ubuntu1.1
php8.4-cli 8.4.5-1ubuntu1.1
php8.4-fpm 8.4.5-1ubuntu1.1
php8.4-pgsql 8.4.5-1ubuntu1.1

Ubuntu 24.04 LTS
libapache2-mod-php8.3 8.3.6-0ubuntu0.24.04.5
php8.3 8.3.6-0ubuntu0.24.04.5
php8.3-cgi 8.3.6-0ubuntu0.24.04.5
php8.3-cli 8.3.6-0ubuntu0.24.04.5
php8.3-fpm 8.3.6-0ubuntu0.24.04.5
php8.3-pgsql 8.3.6-0ubuntu0.24.04.5

Ubuntu 22.04 LTS
libapache2-mod-php7.4 8.1.2-1ubuntu2.22
libapache2-mod-php8.0 8.1.2-1ubuntu2.22
libapache2-mod-php8.1 8.1.2-1ubuntu2.22
php8.1 8.1.2-1ubuntu2.22
php8.1-cgi 8.1.2-1ubuntu2.22
php8.1-cli 8.1.2-1ubuntu2.22
php8.1-fpm 8.1.2-1ubuntu2.22
php8.1-pgsql 8.1.2-1ubuntu2.22

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7648-1
CVE-2025-1220, CVE-2025-1735, CVE-2025-6491

Package Information:
https://launchpad.net/ubuntu/+source/php8.4/8.4.5-1ubuntu1.1
https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.5
https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.22


Gstreamer-Plugins-Good, Kubernetes, LibXML2, FFmpeg, Coreutils, Poppler, Python updates for SUSE

Chromium and Commons-Beanutils updates for Debian

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.org  I ...