jQuery, DCMTK, FIPS, and more updates for Ubuntu

Ubuntu 6923 Published by

Ubuntu Linux has received updates addressing multiple security vulnerabilities, including issues related to jQuery, DCMTK regression, FIPS, KVM, and Ghostscript, along with vulnerabilities in Git, OnionShare, FreeRDP, and Ghostscript:

[USN-7622-1] jQuery vulnerabilities
[USN-7010-2] DCMTK regression
[USN-7627-2] Linux kernel (FIPS) vulnerabilities
[USN-7608-5] Linux kernel vulnerabilities
[USN-7609-4] Linux kernel (Azure) vulnerabilities
[USN-7607-3] Linux kernel (KVM) vulnerabilities
[USN-7594-3] Linux kernel vulnerabilities
[USN-7628-1] Linux kernel (Azure) vulnerabilities
[USN-7611-2] Linux kernel (Azure) vulnerabilities
[USN-7610-2] Linux kernel vulnerabilities
[USN-7626-1] Git vulnerabilities
[USN-7625-1] OnionShare vulnerabilities
[USN-7624-1] FreeRDP vulnerability
[USN-7623-1] Ghostscript vulnerabilities



[USN-7622-1] jQuery vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7622-1
July 08, 2025

jquery vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in jQuery.

Software Description:
- jquery: JavaScript library for dynamic web applications

Details:

It was discovered that jQuery did not correctly handle HTML tags. An
attacker could possibly use this issue to execute a cross-site scripting
(XSS) attack. This issue only affected Ubuntu 14.04 LTS. (CVE-2012-6708)

It was discovered that jQuery did not correctly handle unsanitized source
objects due to prototype pollution. An attacker could possibly use this
issue to execute a cross-site scripting (XSS) attack. (CVE-2019-11358)

Masato Kinugawa discovered that jQuery did not correctly sanitize certain
HTML elements. An attacker could possibly use this issue to execute a
cross-site scripting (XSS) attack. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-11022)

Masato Kinugawa discovered that jQuery did not correctly sanitize certain
HTML elements. An attacker could possibly use this issue to execute a
cross-site scripting (XSS) attack. This issue only affected
Ubuntu 18.04 LTS. (CVE-2020-11023)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
libjs-jquery 3.2.1-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libjs-jquery 1.11.3+dfsg-4ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libjs-jquery 1.7.2+dfsg-2ubuntu1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7622-1
CVE-2012-6708, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023



[USN-7010-2] DCMTK regression


==========================================================================
Ubuntu Security Notice USN-7010-2
July 08, 2025

dcmtk regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

USN-7010-1 introduced a regression in DCMTK

Software Description:
- dcmtk: OFFIS DICOM toolkit command line utilities

Details:

USN-7010-1 fixed vulnerabilities in DCMTK. The update introduced a
regression. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Jinsheng Ba discovered that DCMTK incorrectly handled certain requests. If
a user or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-41687, CVE-2021-41688, CVE-2021-41689, CVE-2021-41690)

Sharon Brizinov and Noam Moshe discovered that DCMTK incorrectly handled
pointers. If a user or an automated system were tricked into opening a
certain specially crafted input file, a remote attacker could possibly use
this issue to cause a denial of service. This issue only affected
Ubuntu 20.04 LTS. (CVE-2022-2121)

It was discovered that DCMTK incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2022-43272)

It was discovered that DCMTK incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a certain specially
crafted input file, a remote attacker could possibly use this issue to
execute arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2024-28130)

It was discovered that DCMTK incorrectly handled memory when processing an
invalid incoming DIMSE message. An attacker could possibly use this issue
to cause a denial of service. (CVE-2024-34508, CVE-2024-34509)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
dcmtk 3.6.4-2.1ubuntu0.2
libdcmtk14 3.6.4-2.1ubuntu0.2

Ubuntu 18.04 LTS
dcmtk 3.6.2-3ubuntu0.1~esm3
Available with Ubuntu Pro
libdcmtk12 3.6.2-3ubuntu0.1~esm3
Available with Ubuntu Pro

Ubuntu 16.04 LTS
dcmtk 3.6.1~20150924-5ubuntu0.1~esm3
Available with Ubuntu Pro
libdcmtk5 3.6.1~20150924-5ubuntu0.1~esm3
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7010-2
https://ubuntu.com/security/notices/USN-7010-2
CVE-2021-41687

Package Information:
https://launchpad.net/ubuntu/+source/dcmtk/3.6.4-2.1ubuntu0.2



[USN-7627-2] Linux kernel (FIPS) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7627-2
July 08, 2025

linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- Block layer subsystem;
- ACPI drivers;
- NILFS2 file system;
- File systems infrastructure;
- Memory management;
- Network traffic control;
- USB sound devices;
(CVE-2025-37932, CVE-2024-53197, CVE-2024-50116, CVE-2021-47379,
CVE-2024-49958, CVE-2022-49179, CVE-2024-46787, CVE-2024-41070,
CVE-2025-38000, CVE-2024-56662, CVE-2022-49176, CVE-2025-37798)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1137-fips 4.15.0-1137.148
Available with Ubuntu Pro
linux-image-4.15.0-2083-gcp-fips 4.15.0-2083.89
Available with Ubuntu Pro
linux-image-4.15.0-2099-azure-fips 4.15.0-2099.105
Available with Ubuntu Pro
linux-image-4.15.0-2120-aws-fips 4.15.0-2120.126
Available with Ubuntu Pro
linux-image-aws-fips 4.15.0.2120.114
Available with Ubuntu Pro
linux-image-aws-fips-4.15 4.15.0.2120.114
Available with Ubuntu Pro
linux-image-azure-fips 4.15.0.2099.95
Available with Ubuntu Pro
linux-image-fips 4.15.0.1137.134
Available with Ubuntu Pro
linux-image-gcp-fips 4.15.0.2083.81
Available with Ubuntu Pro
linux-image-gcp-fips-4.15 4.15.0.2083.81
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7627-2
https://ubuntu.com/security/notices/USN-7627-1
CVE-2021-47379, CVE-2022-49176, CVE-2022-49179, CVE-2024-41070,
CVE-2024-46787, CVE-2024-49958, CVE-2024-50116, CVE-2024-53197,
CVE-2024-56662, CVE-2025-37798, CVE-2025-37932, CVE-2025-38000

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/4.15.0-2120.126
https://launchpad.net/ubuntu/+source/linux-azure-fips/4.15.0-2099.105
https://launchpad.net/ubuntu/+source/linux-fips/4.15.0-1137.148
https://launchpad.net/ubuntu/+source/linux-gcp-fips/4.15.0-2083.89



[USN-7608-5] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7608-5
July 08, 2025

linux-ibm-5.15, linux-intel-iotg, linux-nvidia-tegra,
linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-intel-iotg: Linux kernel for Intel IoT platforms
- linux-nvidia-tegra: Linux kernel for NVIDIA Tegra systems
- linux-nvidia-tegra-igx: Linux kernel for NVIDIA Tegra IGX systems
- linux-ibm-5.15: Linux kernel for IBM cloud systems
- linux-nvidia-tegra-5.15: Linux kernel for NVIDIA Tegra systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- SMB network file system;
- Memory management;
- Netfilter;
- Network traffic control;
(CVE-2025-37890, CVE-2024-46787, CVE-2025-37798, CVE-2025-38000,
CVE-2025-37932, CVE-2025-38001, CVE-2025-37997, CVE-2024-50047,
CVE-2024-53051)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1029-nvidia-tegra-igx 5.15.0-1029.29
linux-image-5.15.0-1029-nvidia-tegra-igx-rt 5.15.0-1029.29
linux-image-5.15.0-1040-nvidia-tegra 5.15.0-1040.40
linux-image-5.15.0-1040-nvidia-tegra-rt 5.15.0-1040.40
linux-image-5.15.0-1082-intel-iotg 5.15.0-1082.88
linux-image-intel-iotg 5.15.0.1082.82
linux-image-intel-iotg-5.15 5.15.0.1082.82
linux-image-nvidia-tegra 5.15.0.1040.40
linux-image-nvidia-tegra-5.15 5.15.0.1040.40
linux-image-nvidia-tegra-igx 5.15.0.1029.31
linux-image-nvidia-tegra-igx-5.15 5.15.0.1029.31
linux-image-nvidia-tegra-igx-rt 5.15.0.1029.31
linux-image-nvidia-tegra-igx-rt-5.15 5.15.0.1029.31
linux-image-nvidia-tegra-rt 5.15.0.1040.40
linux-image-nvidia-tegra-rt-5.15 5.15.0.1040.40

Ubuntu 20.04 LTS
linux-image-5.15.0-1040-nvidia-tegra 5.15.0-1040.40~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1040-nvidia-tegra-rt 5.15.0-1040.40~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1079-ibm 5.15.0-1079.82~20.04.1
Available with Ubuntu Pro
linux-image-ibm 5.15.0.1079.82~20.04.1
Available with Ubuntu Pro
linux-image-ibm-5.15 5.15.0.1079.82~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra 5.15.0.1040.40~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra-5.15 5.15.0.1040.40~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra-rt 5.15.0.1040.40~20.04.1
Available with Ubuntu Pro
linux-image-nvidia-tegra-rt-5.15 5.15.0.1040.40~20.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7608-5
https://ubuntu.com/security/notices/USN-7608-4
https://ubuntu.com/security/notices/USN-7608-3
https://ubuntu.com/security/notices/USN-7608-2
https://ubuntu.com/security/notices/USN-7608-1
CVE-2024-46787, CVE-2024-50047, CVE-2024-53051, CVE-2025-37798,
CVE-2025-37890, CVE-2025-37932, CVE-2025-37997, CVE-2025-38000,
CVE-2025-38001

Package Information:
https://launchpad.net/ubuntu/+source/linux-intel-iotg/5.15.0-1082.88
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra/5.15.0-1040.40
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra-igx/5.15.0-1029.29



[USN-7609-4] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7609-4
July 08, 2025

linux-azure vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- InfiniBand drivers;
- Netfilter;
- Network traffic control;
(CVE-2025-38001, CVE-2025-37798, CVE-2025-37932, CVE-2025-37997,
CVE-2025-38000, CVE-2025-22088, CVE-2025-37890)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1031-azure 6.8.0-1031.36
linux-image-6.8.0-1031-azure-fde 6.8.0-1031.36
linux-image-azure-6.8 6.8.0-1031.36
linux-image-azure-fde-6.8 6.8.0-1031.36
linux-image-azure-fde-lts-24.04 6.8.0-1031.36
linux-image-azure-lts-24.04 6.8.0-1031.36

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7609-4
https://ubuntu.com/security/notices/USN-7609-3
https://ubuntu.com/security/notices/USN-7609-2
https://ubuntu.com/security/notices/USN-7609-1
CVE-2025-22088, CVE-2025-37798, CVE-2025-37890, CVE-2025-37932,
CVE-2025-37997, CVE-2025-38000, CVE-2025-38001

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1031.36



[USN-7607-3] Linux kernel (KVM) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7607-3
July 08, 2025

linux-kvm vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-kvm: Linux kernel for cloud environments

Details:

It was discovered that a use-after-free vulnerability existed in the
Bluetooth stack in the Linux kernel. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3640)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SCSI subsystem;
- Network file system (NFS) client;
- NILFS2 file system;
- File systems infrastructure;
- Memory management;
- Bluetooth subsystem;
- Network traffic control;
- USB sound devices;
(CVE-2024-50116, CVE-2021-47576, CVE-2024-53197, CVE-2024-46787,
CVE-2025-37798, CVE-2024-49958, CVE-2021-47260, CVE-2025-37932,
CVE-2022-49909)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
linux-image-4.4.0-1146-kvm 4.4.0-1146.157
Available with Ubuntu Pro
linux-image-kvm 4.4.0.1146.143
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7607-3
https://ubuntu.com/security/notices/USN-7607-2
https://ubuntu.com/security/notices/USN-7607-1
CVE-2021-47260, CVE-2021-47576, CVE-2022-3640, CVE-2022-49909,
CVE-2024-46787, CVE-2024-49958, CVE-2024-50116, CVE-2024-53197,
CVE-2025-37798, CVE-2025-37932



[USN-7594-3] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7594-3
July 08, 2025

linux-aws, linux-oracle vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-oracle: Linux kernel for Oracle Cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Compute Acceleration Framework;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- Ublk userspace block driver;
- Bluetooth drivers;
- Bus devices;
- TPM device driver;
- Clock framework and drivers;
- CPU frequency scaling framework;
- Buffer Sharing and Synchronization framework;
- DMA engine subsystem;
- GPU drivers;
- HID subsystem;
- HSI subsystem;
- I2C subsystem;
- I3C subsystem;
- IIO subsystem;
- InfiniBand drivers;
- IOMMU subsystem;
- IRQ chip drivers;
- MCB driver;
- Multiple devices driver;
- Media drivers;
- MemoryStick subsystem;
- Multifunction device drivers;
- Microchip PCI driver;
- Intel Management Engine Interface driver;
- PCI Endpoint Test driver;
- MTD block device drivers;
- Network drivers;
- Ethernet bonding driver;
- Mellanox network drivers;
- STMicroelectronics network drivers;
- NTB driver;
- NVME drivers;
- PCI subsystem;
- Synopsys DesignWare PCIe PMU;
- Mellanox platform drivers;
- PWM drivers;
- Remote Processor subsystem;
- S/390 drivers;
- SCSI subsystem;
- Samsung SoC drivers;
- SPI subsystem;
- GPIB drivers;
- VideoCore services drivers;
- Thermal drivers;
- TTY drivers;
- UFS subsystem;
- Cadence USB3 driver;
- ChipIdea USB driver;
- USB Device Class drivers;
- DesignWare USB3 driver;
- USB Gadget drivers;
- USB Host Controller drivers;
- USB Type-C support driver;
- Virtio Host (VHOST) subsystem;
- Backlight driver;
- Framebuffer layer;
- W1 Dallas's 1-wire bus driver;
- 9P distributed file system;
- File systems infrastructure;
- BTRFS file system;
- Ext4 file system;
- F2FS file system;
- JFS file system;
- Network file systems library;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- Overlay file system;
- SMB network file system;
- Ethernet bridge;
- io_uring subsystem;
- Perf events;
- Memory management;
- UProbes tracing;
- Amateur Radio drivers;
- SCTP protocol;
- Network sockets;
- RDMA verbs API;
- BPF subsystem;
- Kernel fork() syscall;
- Hibernation control;
- Scheduler infrastructure;
- Tracing infrastructure;
- Watch queue notification mechanism;
- Vector I/O iterator library;
- 802.1Q VLAN protocol;
- 9P file system network protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- Distributed Switch Architecture;
- Ethtool driver;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Management Component Transport Protocol (MCTP);
- Multipath TCP;
- Netfilter;
- Open vSwitch;
- Network traffic control;
- TIPC protocol;
- TLS protocol;
- Wireless networking;
- ALSA framework;
- WCD audio codecs;
- SoC Audio for Freescale CPUs drivers;
- SoC Audio generic drivers;
- Intel ASoC drivers;
- QCOM ASoC drivers;
- Virtio sound driver;
- CPU Power monitoring subsystem;
(CVE-2025-37806, CVE-2025-22084, CVE-2025-39688, CVE-2025-22030,
CVE-2025-37754, CVE-2025-37783, CVE-2025-37825, CVE-2025-37752,
CVE-2025-22104, CVE-2025-40014, CVE-2025-22103, CVE-2025-37874,
CVE-2025-37773, CVE-2025-37741, CVE-2025-37763, CVE-2025-37859,
CVE-2025-37779, CVE-2025-23155, CVE-2025-23143, CVE-2025-37788,
CVE-2025-22028, CVE-2024-58096, CVE-2025-37842, CVE-2025-37854,
CVE-2025-38637, CVE-2024-58097, CVE-2023-53034, CVE-2025-37797,
CVE-2025-37851, CVE-2025-37941, CVE-2025-37942, CVE-2025-37748,
CVE-2025-37982, CVE-2025-22058, CVE-2025-37781, CVE-2025-23130,
CVE-2025-23149, CVE-2025-23146, CVE-2025-37809, CVE-2025-37801,
CVE-2025-22080, CVE-2025-23160, CVE-2025-37823, CVE-2025-37827,
CVE-2025-39755, CVE-2025-22124, CVE-2025-22033, CVE-2025-22075,
CVE-2025-37850, CVE-2025-37757, CVE-2025-22060, CVE-2025-37979,
CVE-2025-22098, CVE-2025-39989, CVE-2025-37989, CVE-2025-37790,
CVE-2025-37885, CVE-2025-37875, CVE-2025-22066, CVE-2025-37975,
CVE-2025-37819, CVE-2025-37755, CVE-2025-37794, CVE-2025-23148,
CVE-2025-22067, CVE-2025-22061, CVE-2025-22109, CVE-2025-37884,
CVE-2025-37852, CVE-2025-37866, CVE-2025-37872, CVE-2025-37751,
CVE-2025-23156, CVE-2025-22065, CVE-2025-37837, CVE-2025-22069,
CVE-2025-37822, CVE-2025-22128, CVE-2025-22087, CVE-2025-22023,
CVE-2025-22038, CVE-2025-22096, CVE-2025-22076, CVE-2025-22045,
CVE-2025-38049, CVE-2025-37870, CVE-2025-37939, CVE-2025-37865,
CVE-2025-37860, CVE-2025-37771, CVE-2025-23144, CVE-2025-22081,
CVE-2025-39778, CVE-2025-23153, CVE-2025-22036, CVE-2025-23154,
CVE-2025-22101, CVE-2025-37808, CVE-2025-37772, CVE-2025-22070,
CVE-2025-37789, CVE-2025-22025, CVE-2025-22019, CVE-2025-37868,
CVE-2025-22083, CVE-2025-22095, CVE-2025-23161, CVE-2025-22027,
CVE-2025-37843, CVE-2025-37985, CVE-2025-23132, CVE-2025-22073,
CVE-2025-37940, CVE-2025-23140, CVE-2025-37828, CVE-2025-22063,
CVE-2025-22053, CVE-2025-37787, CVE-2025-23152, CVE-2025-37840,
CVE-2025-22118, CVE-2025-37981, CVE-2025-22111, CVE-2025-22091,
CVE-2025-37841, CVE-2025-23142, CVE-2025-37838, CVE-2025-37775,
CVE-2025-23147, CVE-2025-22022, CVE-2025-37745, CVE-2025-37785,
CVE-2025-37821, CVE-2025-37988, CVE-2025-37986, CVE-2025-23138,
CVE-2025-37836, CVE-2025-37792, CVE-2025-23141, CVE-2025-23159,
CVE-2025-38240, CVE-2025-37764, CVE-2025-22120, CVE-2025-37881,
CVE-2025-37777, CVE-2025-37987, CVE-2025-37811, CVE-2025-22032,
CVE-2025-22044, CVE-2025-37943, CVE-2025-37802, CVE-2025-37829,
CVE-2025-37862, CVE-2025-38575, CVE-2025-37799, CVE-2025-37882,
CVE-2025-37812, CVE-2025-37765, CVE-2025-37813, CVE-2025-37980,
CVE-2025-37873, CVE-2025-37766, CVE-2025-37761, CVE-2025-37892,
CVE-2025-22094, CVE-2025-22035, CVE-2025-22055, CVE-2025-22100,
CVE-2025-37816, CVE-2025-22062, CVE-2025-22110, CVE-2025-22088,
CVE-2025-23129, CVE-2025-38479, CVE-2025-37740, CVE-2025-23136,
CVE-2025-37846, CVE-2025-23163, CVE-2025-37977, CVE-2025-37879,
CVE-2025-22082, CVE-2025-22046, CVE-2025-22050, CVE-2025-22126,
CVE-2025-37796, CVE-2025-37815, CVE-2025-22127, CVE-2025-22105,
CVE-2025-22068, CVE-2025-22119, CVE-2025-22089, CVE-2025-37858,
CVE-2025-37826, CVE-2025-37945, CVE-2025-23157, CVE-2025-22054,
CVE-2025-37805, CVE-2025-37856, CVE-2025-37878, CVE-2025-37768,
CVE-2025-22040, CVE-2025-37944, CVE-2025-37774, CVE-2025-22117,
CVE-2025-37888, CVE-2025-37857, CVE-2025-37791, CVE-2025-37817,
CVE-2025-22041, CVE-2025-37983, CVE-2025-22039, CVE-2025-37749,
CVE-2025-22097, CVE-2025-37747, CVE-2025-37762, CVE-2025-22114,
CVE-2025-37831, CVE-2025-23133, CVE-2025-22020, CVE-2025-22085,
CVE-2025-37807, CVE-2025-22059, CVE-2025-22042, CVE-2025-22123,
CVE-2025-22107, CVE-2025-37759, CVE-2024-58094, CVE-2025-40114,
CVE-2025-37810, CVE-2025-37833, CVE-2025-23134, CVE-2025-23151,
CVE-2025-37743, CVE-2025-22034, CVE-2025-37739, CVE-2025-37863,
CVE-2025-39735, CVE-2025-39930, CVE-2025-37847, CVE-2025-37803,
CVE-2025-37786, CVE-2025-22112, CVE-2025-37830, CVE-2025-22108,
CVE-2025-37767, CVE-2025-37814, CVE-2025-37798, CVE-2025-22086,
CVE-2025-37778, CVE-2024-58093, CVE-2025-37848, CVE-2025-22024,
CVE-2025-37776, CVE-2025-38104, CVE-2025-37938, CVE-2025-37861,
CVE-2025-23150, CVE-2025-22021, CVE-2025-22018, CVE-2025-23137,
CVE-2025-37756, CVE-2025-37784, CVE-2025-37769, CVE-2025-37820,
CVE-2025-37758, CVE-2025-22047, CVE-2025-37844, CVE-2025-22093,
CVE-2025-23162, CVE-2025-22051, CVE-2025-22115, CVE-2025-37845,
CVE-2025-22074, CVE-2025-37883, CVE-2025-22116, CVE-2025-37824,
CVE-2025-22052, CVE-2025-22090, CVE-2025-37750, CVE-2025-39728,
CVE-2025-23145, CVE-2025-22125, CVE-2025-37834, CVE-2025-37738,
CVE-2025-37760, CVE-2025-22079, CVE-2025-37877, CVE-2025-37849,
CVE-2025-22026, CVE-2025-37886, CVE-2025-22043, CVE-2025-22122,
CVE-2025-37937, CVE-2025-22071, CVE-2025-37742, CVE-2025-37744,
CVE-2025-22106, CVE-2025-38152, CVE-2025-37869, CVE-2025-23135,
CVE-2025-22056, CVE-2024-58095, CVE-2025-37853, CVE-2025-37770,
CVE-2025-22031, CVE-2025-23158, CVE-2025-22072, CVE-2025-22102,
CVE-2025-40325, CVE-2025-22037, CVE-2025-37876, CVE-2025-37864,
CVE-2025-37867, CVE-2025-37855, CVE-2025-37984, CVE-2025-37839,
CVE-2025-23131, CVE-2025-22121, CVE-2025-22078, CVE-2025-37800,
CVE-2025-37880, CVE-2025-37925, CVE-2025-22113, CVE-2025-22064,
CVE-2025-22057, CVE-2025-22092, CVE-2025-37780, CVE-2025-37887,
CVE-2025-22099, CVE-2025-37793, CVE-2025-37978, CVE-2025-37746)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
linux-image-6.14.0-1007-aws 6.14.0-1007.7
linux-image-6.14.0-1007-aws-64k 6.14.0-1007.7
linux-image-6.14.0-1007-oracle 6.14.0-1007.7
linux-image-6.14.0-1007-oracle-64k 6.14.0-1007.7
linux-image-aws 6.14.0-1007.7+1
linux-image-aws-64k 6.14.0-1007.7+1
linux-image-oracle 6.14.0-1007.7
linux-image-oracle-64k 6.14.0-1007.7

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7594-3
https://ubuntu.com/security/notices/USN-7594-2
https://ubuntu.com/security/notices/USN-7594-1
CVE-2023-53034, CVE-2024-58093, CVE-2024-58094, CVE-2024-58095,
CVE-2024-58096, CVE-2024-58097, CVE-2025-22018, CVE-2025-22019,
CVE-2025-22020, CVE-2025-22021, CVE-2025-22022, CVE-2025-22023,
CVE-2025-22024, CVE-2025-22025, CVE-2025-22026, CVE-2025-22027,
CVE-2025-22028, CVE-2025-22030, CVE-2025-22031, CVE-2025-22032,
CVE-2025-22033, CVE-2025-22034, CVE-2025-22035, CVE-2025-22036,
CVE-2025-22037, CVE-2025-22038, CVE-2025-22039, CVE-2025-22040,
CVE-2025-22041, CVE-2025-22042, CVE-2025-22043, CVE-2025-22044,
CVE-2025-22045, CVE-2025-22046, CVE-2025-22047, CVE-2025-22050,
CVE-2025-22051, CVE-2025-22052, CVE-2025-22053, CVE-2025-22054,
CVE-2025-22055, CVE-2025-22056, CVE-2025-22057, CVE-2025-22058,
CVE-2025-22059, CVE-2025-22060, CVE-2025-22061, CVE-2025-22062,
CVE-2025-22063, CVE-2025-22064, CVE-2025-22065, CVE-2025-22066,
CVE-2025-22067, CVE-2025-22068, CVE-2025-22069, CVE-2025-22070,
CVE-2025-22071, CVE-2025-22072, CVE-2025-22073, CVE-2025-22074,
CVE-2025-22075, CVE-2025-22076, CVE-2025-22078, CVE-2025-22079,
CVE-2025-22080, CVE-2025-22081, CVE-2025-22082, CVE-2025-22083,
CVE-2025-22084, CVE-2025-22085, CVE-2025-22086, CVE-2025-22087,
CVE-2025-22088, CVE-2025-22089, CVE-2025-22090, CVE-2025-22091,
CVE-2025-22092, CVE-2025-22093, CVE-2025-22094, CVE-2025-22095,
CVE-2025-22096, CVE-2025-22097, CVE-2025-22098, CVE-2025-22099,
CVE-2025-22100, CVE-2025-22101, CVE-2025-22102, CVE-2025-22103,
CVE-2025-22104, CVE-2025-22105, CVE-2025-22106, CVE-2025-22107,
CVE-2025-22108, CVE-2025-22109, CVE-2025-22110, CVE-2025-22111,
CVE-2025-22112, CVE-2025-22113, CVE-2025-22114, CVE-2025-22115,
CVE-2025-22116, CVE-2025-22117, CVE-2025-22118, CVE-2025-22119,
CVE-2025-22120, CVE-2025-22121, CVE-2025-22122, CVE-2025-22123,
CVE-2025-22124, CVE-2025-22125, CVE-2025-22126, CVE-2025-22127,
CVE-2025-22128, CVE-2025-23129, CVE-2025-23130, CVE-2025-23131,
CVE-2025-23132, CVE-2025-23133, CVE-2025-23134, CVE-2025-23135,
CVE-2025-23136, CVE-2025-23137, CVE-2025-23138, CVE-2025-23140,
CVE-2025-23141, CVE-2025-23142, CVE-2025-23143, CVE-2025-23144,
CVE-2025-23145, CVE-2025-23146, CVE-2025-23147, CVE-2025-23148,
CVE-2025-23149, CVE-2025-23150, CVE-2025-23151, CVE-2025-23152,
CVE-2025-23153, CVE-2025-23154, CVE-2025-23155, CVE-2025-23156,
CVE-2025-23157, CVE-2025-23158, CVE-2025-23159, CVE-2025-23160,
CVE-2025-23161, CVE-2025-23162, CVE-2025-23163, CVE-2025-37738,
CVE-2025-37739, CVE-2025-37740, CVE-2025-37741, CVE-2025-37742,
CVE-2025-37743, CVE-2025-37744, CVE-2025-37745, CVE-2025-37746,
CVE-2025-37747, CVE-2025-37748, CVE-2025-37749, CVE-2025-37750,
CVE-2025-37751, CVE-2025-37752, CVE-2025-37754, CVE-2025-37755,
CVE-2025-37756, CVE-2025-37757, CVE-2025-37758, CVE-2025-37759,
CVE-2025-37760, CVE-2025-37761, CVE-2025-37762, CVE-2025-37763,
CVE-2025-37764, CVE-2025-37765, CVE-2025-37766, CVE-2025-37767,
CVE-2025-37768, CVE-2025-37769, CVE-2025-37770, CVE-2025-37771,
CVE-2025-37772, CVE-2025-37773, CVE-2025-37774, CVE-2025-37775,
CVE-2025-37776, CVE-2025-37777, CVE-2025-37778, CVE-2025-37779,
CVE-2025-37780, CVE-2025-37781, CVE-2025-37783, CVE-2025-37784,
CVE-2025-37785, CVE-2025-37786, CVE-2025-37787, CVE-2025-37788,
CVE-2025-37789, CVE-2025-37790, CVE-2025-37791, CVE-2025-37792,
CVE-2025-37793, CVE-2025-37794, CVE-2025-37796, CVE-2025-37797,
CVE-2025-37798, CVE-2025-37799, CVE-2025-37800, CVE-2025-37801,
CVE-2025-37802, CVE-2025-37803, CVE-2025-37805, CVE-2025-37806,
CVE-2025-37807, CVE-2025-37808, CVE-2025-37809, CVE-2025-37810,
CVE-2025-37811, CVE-2025-37812, CVE-2025-37813, CVE-2025-37814,
CVE-2025-37815, CVE-2025-37816, CVE-2025-37817, CVE-2025-37819,
CVE-2025-37820, CVE-2025-37821, CVE-2025-37822, CVE-2025-37823,
CVE-2025-37824, CVE-2025-37825, CVE-2025-37826, CVE-2025-37827,
CVE-2025-37828, CVE-2025-37829, CVE-2025-37830, CVE-2025-37831,
CVE-2025-37833, CVE-2025-37834, CVE-2025-37836, CVE-2025-37837,
CVE-2025-37838, CVE-2025-37839, CVE-2025-37840, CVE-2025-37841,
CVE-2025-37842, CVE-2025-37843, CVE-2025-37844, CVE-2025-37845,
CVE-2025-37846, CVE-2025-37847, CVE-2025-37848, CVE-2025-37849,
CVE-2025-37850, CVE-2025-37851, CVE-2025-37852, CVE-2025-37853,
CVE-2025-37854, CVE-2025-37855, CVE-2025-37856, CVE-2025-37857,
CVE-2025-37858, CVE-2025-37859, CVE-2025-37860, CVE-2025-37861,
CVE-2025-37862, CVE-2025-37863, CVE-2025-37864, CVE-2025-37865,
CVE-2025-37866, CVE-2025-37867, CVE-2025-37868, CVE-2025-37869,
CVE-2025-37870, CVE-2025-37872, CVE-2025-37873, CVE-2025-37874,
CVE-2025-37875, CVE-2025-37876, CVE-2025-37877, CVE-2025-37878,
CVE-2025-37879, CVE-2025-37880, CVE-2025-37881, CVE-2025-37882,
CVE-2025-37883, CVE-2025-37884, CVE-2025-37885, CVE-2025-37886,
CVE-2025-37887, CVE-2025-37888, CVE-2025-37892, CVE-2025-37925,
CVE-2025-37937, CVE-2025-37938, CVE-2025-37939, CVE-2025-37940,
CVE-2025-37941, CVE-2025-37942, CVE-2025-37943, CVE-2025-37944,
CVE-2025-37945, CVE-2025-37975, CVE-2025-37977, CVE-2025-37978,
CVE-2025-37979, CVE-2025-37980, CVE-2025-37981, CVE-2025-37982,
CVE-2025-37983, CVE-2025-37984, CVE-2025-37985, CVE-2025-37986,
CVE-2025-37987, CVE-2025-37988, CVE-2025-37989, CVE-2025-38049,
CVE-2025-38104, CVE-2025-38152, CVE-2025-38240, CVE-2025-38479,
CVE-2025-38575, CVE-2025-38637, CVE-2025-39688, CVE-2025-39728,
CVE-2025-39735, CVE-2025-39755, CVE-2025-39778, CVE-2025-39930,
CVE-2025-39989, CVE-2025-40014, CVE-2025-40114, CVE-2025-40325

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/6.14.0-1007.7
https://launchpad.net/ubuntu/+source/linux-oracle/6.14.0-1007.7



[USN-7628-1] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7628-1
July 08, 2025

linux-azure, linux-azure-6.11 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-6.11: Linux kernel for Microsoft Azure cloud systems

Details:

It was discovered that the CIFS network file system implementation in the
Linux kernel did not properly verify the target namespace when handling
upcalls. An attacker could use this to expose sensitive information.
(CVE-2025-2312)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM32 architecture;
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- Compute Acceleration Framework;
- ACPI drivers;
- Ublk userspace block driver;
- Compressed RAM block device driver;
- Bus devices;
- AMD CDX bus driver;
- Clock framework and drivers;
- DMA engine subsystem;
- DPLL subsystem;
- Qualcomm firmware drivers;
- GPIO subsystem;
- GPU drivers;
- HID subsystem;
- IIO subsystem;
- InfiniBand drivers;
- Multiple devices driver;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- Mellanox network drivers;
- NTB driver;
- NVME drivers;
- PCI subsystem;
- Pin controllers subsystem;
- RapidIO drivers;
- Voltage and Current Regulator drivers;
- Remote Processor subsystem;
- SCSI subsystem;
- SLIMbus drivers;
- QCOM SoC drivers;
- VideoCore services drivers;
- Thermal drivers;
- USB DSL drivers;
- USB Host Controller drivers;
- Renesas USBHS Controller drivers;
- USB Type-C Connector System Software Interface driver;
- Virtio Host (VHOST) subsystem;
- Framebuffer layer;
- ACRN Hypervisor Service Module driver;
- W1 Dallas's 1-wire bus driver;
- 9P distributed file system;
- File systems infrastructure;
- Ext4 file system;
- JFS file system;
- Network file systems library;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- Proc file system;
- SMB network file system;
- Memory Management;
- Key Management;
- Memory management;
- Scheduler infrastructure;
- UProbes tracing;
- RDMA verbs API;
- SoC audio core drivers;
- BPF subsystem;
- Perf events;
- Kernel fork() syscall;
- Tracing infrastructure;
- Watch queue notification mechanism;
- 802.1Q VLAN protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Bluetooth subsystem;
- Networking core;
- Devlink API;
- IPv4 networking;
- IPv6 networking;
- Logical Link layer;
- Management Component Transport Protocol (MCTP);
- Netfilter;
- Network traffic control;
- SCTP protocol;
- Switch device API;
- Wireless networking;
- eXpress Data Path;
- Key management;
- ALSA framework;
- SoC Audio for Freescale CPUs drivers;
(CVE-2025-39728, CVE-2025-22059, CVE-2025-22008, CVE-2025-37932,
CVE-2025-22033, CVE-2025-21984, CVE-2025-22063, CVE-2025-22065,
CVE-2025-21991, CVE-2025-38479, CVE-2025-21948, CVE-2025-21936,
CVE-2025-22038, CVE-2025-21951, CVE-2025-21906, CVE-2025-21924,
CVE-2025-21966, CVE-2025-22073, CVE-2025-22020, CVE-2025-21974,
CVE-2025-22043, CVE-2025-22088, CVE-2025-21959, CVE-2025-38575,
CVE-2025-22035, CVE-2025-23134, CVE-2025-22009, CVE-2025-22010,
CVE-2025-21941, CVE-2025-21914, CVE-2025-22066, CVE-2025-22017,
CVE-2025-21911, CVE-2025-21928, CVE-2025-21998, CVE-2025-21920,
CVE-2025-21961, CVE-2025-21992, CVE-2025-21995, CVE-2025-21997,
CVE-2025-22084, CVE-2025-22011, CVE-2025-22039, CVE-2025-21977,
CVE-2025-21963, CVE-2025-21981, CVE-2024-53222, CVE-2025-22037,
CVE-2025-22070, CVE-2025-21950, CVE-2025-21980, CVE-2025-22023,
CVE-2025-38049, CVE-2025-22018, CVE-2025-22072, CVE-2025-22021,
CVE-2025-21986, CVE-2025-22019, CVE-2025-22045, CVE-2025-21990,
CVE-2025-21926, CVE-2025-39989, CVE-2025-21902, CVE-2025-21946,
CVE-2025-21908, CVE-2025-22081, CVE-2025-22042, CVE-2024-58092,
CVE-2025-21939, CVE-2025-22086, CVE-2025-21996, CVE-2025-21929,
CVE-2025-21947, CVE-2025-21919, CVE-2025-21922, CVE-2023-53034,
CVE-2025-22013, CVE-2025-21979, CVE-2025-21968, CVE-2025-22056,
CVE-2025-37937, CVE-2025-22047, CVE-2025-21956, CVE-2025-22064,
CVE-2025-21903, CVE-2025-22062, CVE-2025-21934, CVE-2025-22050,
CVE-2025-21957, CVE-2025-39778, CVE-2025-21970, CVE-2025-21944,
CVE-2025-37890, CVE-2025-21945, CVE-2025-22046, CVE-2025-38152,
CVE-2025-23138, CVE-2025-39735, CVE-2025-22041, CVE-2025-22083,
CVE-2025-21969, CVE-2025-37785, CVE-2025-21967, CVE-2025-21910,
CVE-2025-22078, CVE-2025-21915, CVE-2025-22089, CVE-2025-39688,
CVE-2025-21923, CVE-2025-22002, CVE-2025-22014, CVE-2025-38240,
CVE-2025-21943, CVE-2025-21904, CVE-2025-21893, CVE-2025-21913,
CVE-2025-22034, CVE-2025-22015, CVE-2025-21925, CVE-2025-22087,
CVE-2025-40114, CVE-2025-21917, CVE-2025-22040, CVE-2025-21989,
CVE-2025-21927, CVE-2025-22075, CVE-2025-21912, CVE-2025-38000,
CVE-2025-22057, CVE-2025-22025, CVE-2025-22058, CVE-2025-22016,
CVE-2025-22027, CVE-2025-22097, CVE-2025-22095, CVE-2025-22007,
CVE-2025-22001, CVE-2025-23136, CVE-2025-21982, CVE-2025-21999,
CVE-2025-22079, CVE-2025-22055, CVE-2025-22000, CVE-2025-22004,
CVE-2025-21964, CVE-2025-38001, CVE-2025-37889, CVE-2025-21909,
CVE-2025-38637, CVE-2025-22071, CVE-2025-22044, CVE-2025-22032,
CVE-2025-21973, CVE-2025-22003, CVE-2025-21894, CVE-2025-21994,
CVE-2025-22080, CVE-2024-58093, CVE-2025-21975, CVE-2025-22054,
CVE-2025-37798, CVE-2025-22060, CVE-2025-21955, CVE-2025-22028,
CVE-2025-21978, CVE-2025-22090, CVE-2025-22053, CVE-2025-21918,
CVE-2025-21962, CVE-2025-22024, CVE-2025-22005, CVE-2025-21935,
CVE-2025-21937, CVE-2025-21972, CVE-2025-21916, CVE-2025-37997,
CVE-2025-22022, CVE-2025-21905, CVE-2025-22068, CVE-2025-22030,
CVE-2025-21930, CVE-2025-21960)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
linux-image-6.11.0-1018-azure 6.11.0-1018.18
linux-image-6.11.0-1018-azure-fde 6.11.0-1018.18
linux-image-azure 6.11.0-1018.18
linux-image-azure-6.11 6.11.0-1018.18
linux-image-azure-fde 6.11.0-1018.18
linux-image-azure-fde-6.11 6.11.0-1018.18

Ubuntu 24.04 LTS
linux-image-6.11.0-1018-azure 6.11.0-1018.18~24.04.1
linux-image-6.11.0-1018-azure-fde 6.11.0-1018.18~24.04.1
linux-image-azure 6.11.0-1018.18~24.04.1
linux-image-azure-6.11 6.11.0-1018.18~24.04.1
linux-image-azure-fde 6.11.0-1018.18~24.04.1
linux-image-azure-fde-6.11 6.11.0-1018.18~24.04.1
linux-image-azure-fde-edge 6.11.0-1018.18~24.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7628-1
CVE-2023-53034, CVE-2024-53222, CVE-2024-58092, CVE-2024-58093,
CVE-2025-21893, CVE-2025-21894, CVE-2025-21902, CVE-2025-21903,
CVE-2025-21904, CVE-2025-21905, CVE-2025-21906, CVE-2025-21908,
CVE-2025-21909, CVE-2025-21910, CVE-2025-21911, CVE-2025-21912,
CVE-2025-21913, CVE-2025-21914, CVE-2025-21915, CVE-2025-21916,
CVE-2025-21917, CVE-2025-21918, CVE-2025-21919, CVE-2025-21920,
CVE-2025-21922, CVE-2025-21923, CVE-2025-21924, CVE-2025-21925,
CVE-2025-21926, CVE-2025-21927, CVE-2025-21928, CVE-2025-21929,
CVE-2025-21930, CVE-2025-21934, CVE-2025-21935, CVE-2025-21936,
CVE-2025-21937, CVE-2025-21939, CVE-2025-21941, CVE-2025-21943,
CVE-2025-21944, CVE-2025-21945, CVE-2025-21946, CVE-2025-21947,
CVE-2025-21948, CVE-2025-21950, CVE-2025-21951, CVE-2025-21955,
CVE-2025-21956, CVE-2025-21957, CVE-2025-21959, CVE-2025-21960,
CVE-2025-21961, CVE-2025-21962, CVE-2025-21963, CVE-2025-21964,
CVE-2025-21966, CVE-2025-21967, CVE-2025-21968, CVE-2025-21969,
CVE-2025-21970, CVE-2025-21972, CVE-2025-21973, CVE-2025-21974,
CVE-2025-21975, CVE-2025-21977, CVE-2025-21978, CVE-2025-21979,
CVE-2025-21980, CVE-2025-21981, CVE-2025-21982, CVE-2025-21984,
CVE-2025-21986, CVE-2025-21989, CVE-2025-21990, CVE-2025-21991,
CVE-2025-21992, CVE-2025-21994, CVE-2025-21995, CVE-2025-21996,
CVE-2025-21997, CVE-2025-21998, CVE-2025-21999, CVE-2025-22000,
CVE-2025-22001, CVE-2025-22002, CVE-2025-22003, CVE-2025-22004,
CVE-2025-22005, CVE-2025-22007, CVE-2025-22008, CVE-2025-22009,
CVE-2025-22010, CVE-2025-22011, CVE-2025-22013, CVE-2025-22014,
CVE-2025-22015, CVE-2025-22016, CVE-2025-22017, CVE-2025-22018,
CVE-2025-22019, CVE-2025-22020, CVE-2025-22021, CVE-2025-22022,
CVE-2025-22023, CVE-2025-22024, CVE-2025-22025, CVE-2025-22027,
CVE-2025-22028, CVE-2025-22030, CVE-2025-22032, CVE-2025-22033,
CVE-2025-22034, CVE-2025-22035, CVE-2025-22037, CVE-2025-22038,
CVE-2025-22039, CVE-2025-22040, CVE-2025-22041, CVE-2025-22042,
CVE-2025-22043, CVE-2025-22044, CVE-2025-22045, CVE-2025-22046,
CVE-2025-22047, CVE-2025-22050, CVE-2025-22053, CVE-2025-22054,
CVE-2025-22055, CVE-2025-22056, CVE-2025-22057, CVE-2025-22058,
CVE-2025-22059, CVE-2025-22060, CVE-2025-22062, CVE-2025-22063,
CVE-2025-22064, CVE-2025-22065, CVE-2025-22066, CVE-2025-22068,
CVE-2025-22070, CVE-2025-22071, CVE-2025-22072, CVE-2025-22073,
CVE-2025-22075, CVE-2025-22078, CVE-2025-22079, CVE-2025-22080,
CVE-2025-22081, CVE-2025-22083, CVE-2025-22084, CVE-2025-22086,
CVE-2025-22087, CVE-2025-22088, CVE-2025-22089, CVE-2025-22090,
CVE-2025-22095, CVE-2025-22097, CVE-2025-2312, CVE-2025-23134,
CVE-2025-23136, CVE-2025-23138, CVE-2025-37785, CVE-2025-37798,
CVE-2025-37889, CVE-2025-37890, CVE-2025-37932, CVE-2025-37937,
CVE-2025-37997, CVE-2025-38000, CVE-2025-38001, CVE-2025-38049,
CVE-2025-38152, CVE-2025-38240, CVE-2025-38479, CVE-2025-38575,
CVE-2025-38637, CVE-2025-39688, CVE-2025-39728, CVE-2025-39735,
CVE-2025-39778, CVE-2025-39989, CVE-2025-40114

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.11.0-1018.18
https://launchpad.net/ubuntu/+source/linux-azure-6.11/6.11.0-1018.18~24.04.1



[USN-7611-2] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7611-2
July 08, 2025

linux-azure vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Netfilter;
- Network traffic control;
(CVE-2025-38000, CVE-2025-37890, CVE-2025-38001, CVE-2025-37997,
CVE-2025-37932)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
linux-image-6.14.0-1008-azure 6.14.0-1008.8
linux-image-6.14.0-1008-azure-fde 6.14.0-1008.8
linux-image-azure 6.14.0-1008.8
linux-image-azure-6.14 6.14.0-1008.8
linux-image-azure-fde 6.14.0-1008.8
linux-image-azure-fde-6.14 6.14.0-1008.8

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7611-2
https://ubuntu.com/security/notices/USN-7611-1
CVE-2025-37890, CVE-2025-37932, CVE-2025-37997, CVE-2025-38000,
CVE-2025-38001

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.14.0-1008.8



[USN-7610-2] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7610-2
July 08, 2025

linux-lowlatency, linux-oem-6.11 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lowlatency: Linux low latency kernel
- linux-oem-6.11: Linux kernel for OEM systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Netfilter;
- Network traffic control;
(CVE-2025-38001, CVE-2025-37997, CVE-2025-37798, CVE-2025-38000,
CVE-2025-37932, CVE-2025-37890)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
linux-image-6.11.0-1016-lowlatency 6.11.0-1016.17
linux-image-6.11.0-1016-lowlatency-64k 6.11.0-1016.17
linux-image-lowlatency 6.11.0-1016.17
linux-image-lowlatency-6.11 6.11.0-1016.17
linux-image-lowlatency-64k 6.11.0-1016.17
linux-image-lowlatency-64k-6.11 6.11.0-1016.17

Ubuntu 24.04 LTS
linux-image-6.11.0-1025-oem 6.11.0-1025.25
linux-image-oem-24.04b 6.11.0-1025.25
linux-image-oem-6.11 6.11.0-1025.25

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7610-2
https://ubuntu.com/security/notices/USN-7610-1
CVE-2025-37798, CVE-2025-37890, CVE-2025-37932, CVE-2025-37997,
CVE-2025-38000, CVE-2025-38001

Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.11.0-1016.17
https://launchpad.net/ubuntu/+source/linux-oem-6.11/6.11.0-1025.25



[USN-7626-1] Git vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7626-1
July 08, 2025

git vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Git.

Software Description:
- git: fast, scalable, distributed revision control system

Details:

Avi Halachmi discovered that Git incorrectly managed file modification
constraints with Gitk. An attacker could possibly use this issue to create
or write to arbitrary files on the system. (CVE-2025-27613)

Avi Halachmi discovered that Git incorrectly handled arguments when
invoking the Gitk utility. If a user were tricked into cloning a malicious
Git repository, an attacker could possibly use this issue to run arbitrary
commands. This issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10, and
Ubuntu 25.04. (CVE-2025-27614)

Johannes Sixt discovered that Git incorrectly managed file modification
constraints with Git GUI. If a user were tricked into editing a file in a
malicious Git repository, an attacker could possibly use this issue to
create or write to arbitrary files on the system. (CVE-2025-46835)

David Leadbeater discovered that Git incorrectly stripped CRLF characters
when editing configuration files. An attacker could possibly use this issue
to execute arbitrary code. (CVE-2025-48384)

David Leadbeater discovered that Git incorrectly handled verification when
fetching remote Git repositories. An attacker could possibly use this issue
to perform protocol injection, leading to arbitrary code execution. This
issue only affected Ubuntu 24.04 LTS, Ubuntu 24.10, and Ubuntu 25.04.
(CVE-2025-48385)

David Leadbeater discovered that Git incorrectly handled memory with the
wincred credential helper. An attacker could possibly use this issue to
cause a denial of service. (CVE-2025-48386)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
git 1:2.48.1-0ubuntu1.1
git-gui 1:2.48.1-0ubuntu1.1
gitk 1:2.48.1-0ubuntu1.1

Ubuntu 24.10
git 1:2.45.2-1ubuntu1.2
git-gui 1:2.45.2-1ubuntu1.2
gitk 1:2.45.2-1ubuntu1.2

Ubuntu 24.04 LTS
git 1:2.43.0-1ubuntu7.3
git-gui 1:2.43.0-1ubuntu7.3
gitk 1:2.43.0-1ubuntu7.3

Ubuntu 22.04 LTS
git 1:2.34.1-1ubuntu1.13
git-gui 1:2.34.1-1ubuntu1.13
gitk 1:2.34.1-1ubuntu1.13

Ubuntu 20.04 LTS
git 1:2.25.1-1ubuntu3.14+esm1
Available with Ubuntu Pro
git-gui 1:2.25.1-1ubuntu3.14+esm1
Available with Ubuntu Pro
gitk 1:2.25.1-1ubuntu3.14+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
git 1:2.17.1-1ubuntu0.18+esm2
Available with Ubuntu Pro
git-gui 1:2.17.1-1ubuntu0.18+esm2
Available with Ubuntu Pro
gitk 1:2.17.1-1ubuntu0.18+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
git 1:2.7.4-0ubuntu1.10+esm9
Available with Ubuntu Pro
git-gui 1:2.7.4-0ubuntu1.10+esm9
Available with Ubuntu Pro
gitk 1:2.7.4-0ubuntu1.10+esm9
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7626-1
CVE-2025-27613, CVE-2025-27614, CVE-2025-46835, CVE-2025-48384,
CVE-2025-48385, CVE-2025-48386

Package Information:
https://launchpad.net/ubuntu/+source/git/1:2.48.1-0ubuntu1.1
https://launchpad.net/ubuntu/+source/git/1:2.45.2-1ubuntu1.2
https://launchpad.net/ubuntu/+source/git/1:2.43.0-1ubuntu7.3
https://launchpad.net/ubuntu/+source/git/1:2.34.1-1ubuntu1.13



[USN-7625-1] OnionShare vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7625-1
July 08, 2025

onionshare vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OnionShare.

Software Description:
- onionshare: An open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network

Details:

It was discovered that OnionShare could be exploited when run with
the --debug argument. A local attacker could possibly use this
issue to access sensitive information. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-19960)

It was discovered that OnionShare could be blocked from uploading
files. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-21689)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
onionshare 2.2-3ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
onionshare 2.2-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
onionshare 0.9.2-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
onionshare 0.8.1-1ubuntu0.1~esm1
Available with Ubuntu Pro

After a standard system update you need to restart OnionShare to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7625-1
CVE-2018-19960, CVE-2022-21689



[USN-7624-1] FreeRDP vulnerability


==========================================================================
Ubuntu Security Notice USN-7624-1
July 08, 2025

freerdp3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS

Summary:

FreeRDP could be made to crash if it received specially crafted network
traffic.

Software Description:
- freerdp3: RDP client for Windows Terminal Services

Details:

It was discovered that FreeRDP incorrectly handled certain RDP packets. A
remote attacker could possibly use this issue to cause FreeRDP to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libfreerdp3-3 3.14.0+dfsg-1ubuntu1.1

Ubuntu 24.04 LTS
libfreerdp3-3 3.5.1+dfsg1-0ubuntu1.1

After a standard system update you need to restart your session to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7624-1
CVE-2025-4478

Package Information:
https://launchpad.net/ubuntu/+source/freerdp3/3.14.0+dfsg-1ubuntu1.1
https://launchpad.net/ubuntu/+source/freerdp3/3.5.1+dfsg1-0ubuntu1.1



[USN-7623-1] Ghostscript vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7623-1
July 08, 2025

ghostscript vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Ghostscript.

Software Description:
- ghostscript: PostScript and PDF interpreter

Details:

It was discovered that OpenJPEG, vendored in Ghostscript did not correctly
handle large image files. If a user or system were tricked into opening a
specially crafted file, an attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu
18.04 LTS. (CVE-2023-39327) Thomas Rinsma discovered that Ghostscript did
not correctly handle printing certain variables. An attacker could possibly
use this issue to leak sensitive information. This issue only affected
Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-29508) It was discovered
that Ghostscript did not correctly handle loading certain libraries. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS. (CVE-2024-33871) It was discovered
that Ghostscript did not correctly handle certain memory operations. An
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-56826,
CVE-2024-56827, CVE-2025-27832, CVE-2025-27835, CVE-2025-27836) Vasileios
Flengas discovered that Ghostscript did not correctly handle argument
sanitization. An attacker could possibly use this issue to leak sensitive
information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS, Ubuntu 24.10 and Ubuntu 25.04. (CVE-2025-48708)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
ghostscript 10.05.0dfsg1-0ubuntu1.1
libgs10 10.05.0dfsg1-0ubuntu1.1

Ubuntu 24.10
ghostscript 10.03.1~dfsg1-0ubuntu2.4
libgs10 10.03.1~dfsg1-0ubuntu2.4

Ubuntu 24.04 LTS
ghostscript 10.02.1~dfsg1-0ubuntu7.7
libgs10 10.02.1~dfsg1-0ubuntu7.7

Ubuntu 22.04 LTS
ghostscript 9.55.0~dfsg1-0ubuntu5.12
ghostscript-x 9.55.0~dfsg1-0ubuntu5.12
libgs9 9.55.0~dfsg1-0ubuntu5.12

Ubuntu 20.04 LTS
libgs9 9.50~dfsg-5ubuntu4.15+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
ghostscript 9.26~dfsg+0-0ubuntu0.18.04.18+esm4
Available with Ubuntu Pro
ghostscript-x 9.26~dfsg+0-0ubuntu0.18.04.18+esm4
Available with Ubuntu Pro
libgs-dev 9.26~dfsg+0-0ubuntu0.18.04.18+esm4
Available with Ubuntu Pro
libgs9 9.26~dfsg+0-0ubuntu0.18.04.18+esm4
Available with Ubuntu Pro
libgs9-common 9.26~dfsg+0-0ubuntu0.18.04.18+esm4
Available with Ubuntu Pro

Ubuntu 16.04 LTS
ghostscript 9.26~dfsg+0-0ubuntu0.16.04.14+esm9
Available with Ubuntu Pro
ghostscript-x 9.26~dfsg+0-0ubuntu0.16.04.14+esm9
Available with Ubuntu Pro
libgs-dev 9.26~dfsg+0-0ubuntu0.16.04.14+esm9
Available with Ubuntu Pro
libgs9 9.26~dfsg+0-0ubuntu0.16.04.14+esm9
Available with Ubuntu Pro
libgs9-common 9.26~dfsg+0-0ubuntu0.16.04.14+esm9
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7623-1
CVE-2023-39327, CVE-2024-29508, CVE-2024-56826, CVE-2024-56827,
CVE-2025-27832, CVE-2025-27835, CVE-2025-27836, CVE-2025-48708

Package Information:
https://launchpad.net/ubuntu/+source/ghostscript/10.05.0dfsg1-0ubuntu1.1
https://launchpad.net/ubuntu/+source/ghostscript/10.03.1~dfsg1-0ubuntu2.4
https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.7
https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.12


Kernel, Systemd, Python-Django updates for SUSE

Slurm-WLM security update for Debian 12

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...