[USN-7572-1] KaTeX vulnerabilities
[USN-7576-1] dwarfutils vulnerabilities
[USN-7575-1] MuJS vulnerabilities
[USN-7577-1] libblockdev vulnerability
[USN-7578-1] UDisks vulnerability
[USN-7573-2] X.Org X Server vulnerabilities
[USN-7574-1] Go vulnerabilities
[USN-7578-2] UDisks vulnerability
[USN-7577-2] libblockdev vulnerability
[USN-7579-1] Godot Engine vulnerabilities
[USN-7580-1] PAM vulnerability
[USN-7572-1] KaTeX vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7572-1
June 17, 2025
node-katex vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in KaTeX.
Software Description:
- node-katex: JavaScript library for TeX math rendering
Details:
Juho Forsén discovered that KaTeX did not correctly handle certain
inputs, which could lead to an infinite loop. If a user or application
were tricked into opening a specially crafted file, an attacker could
possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS. (CVE-2024-28243)
Tobias S. Fink discovered that KaTeX did not correctly block certain
URL protocols. If a user or system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS.
(CVE-2024-28246)
It was discovered that KaTeX did not correctly handle certain inputs. If
a user or system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2024-28245)
Sean Ng discovered that KaTeX did not correctly handle certain inputs. If
a user or system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to execute arbitrary code.
(CVE-2025-23207)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
katex 0.16.10+~cs6.1.0-2ubuntu0.25.04.1
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.25.04.1
Ubuntu 24.10
katex 0.16.10+~cs6.1.0-2ubuntu0.24.10.1
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.24.10.1
Ubuntu 24.04 LTS
katex 0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libjs-katex 0.16.10+~cs6.1.0-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
katex 0.13.11+~cs6.0.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
libjs-katex 0.13.11+~cs6.0.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7572-1
CVE-2024-28243, CVE-2024-28245, CVE-2024-28246, CVE-2025-23207
Package Information:
https://launchpad.net/ubuntu/+source/node-katex/0.16.10+~cs6.1.0-2ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/node-katex/0.16.10+~cs6.1.0-2ubuntu0.24.10.1
[USN-7576-1] dwarfutils vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7576-1
June 18, 2025
dwarfutils vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
dwarfutils could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- dwarfutils: Utilities for DWARF debugging information
Details:
It was discovered that dwarfutils did not correctly certain memory
operations, which could lead to a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
dwarfdump 20210528-1ubuntu0.25.04.1
libdwarf-dev 20210528-1ubuntu0.25.04.1
libdwarf1 20210528-1ubuntu0.25.04.1
Ubuntu 24.10
dwarfdump 20210528-1ubuntu0.24.10.1
libdwarf-dev 20210528-1ubuntu0.24.10.1
libdwarf1 20210528-1ubuntu0.24.10.1
Ubuntu 24.04 LTS
dwarfdump 20210528-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libdwarf-dev 20210528-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
libdwarf1 20210528-1ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
dwarfdump 20210528-1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
libdwarf-dev 20210528-1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
libdwarf1 20210528-1ubuntu0.22.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7576-1
CVE-2022-32200
Package Information:
https://launchpad.net/ubuntu/+source/dwarfutils/20210528-1ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/dwarfutils/20210528-1ubuntu0.24.10.1
[USN-7575-1] MuJS vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7575-1
June 18, 2025
mujs vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in MuJS.
Software Description:
- mujs: Lightweight Javascript interpreter
Details:
It was discovered that MuJS did not correctly handle try/finally
statements, which could lead to a buffer overflow. An attacker could
possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2021-45005)
Han Zheng discovered that MuJS did not correctly handle recursion, which
could lead to stack exhaustion. An attacker could possibly use this
issue to cause a denial of service. (CVE-2022-30974)
Han Zheng discovered that MuJS did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-30975)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libmujs-dev 1.1.3-3ubuntu0.1~esm1
Available with Ubuntu Pro
libmujs1 1.1.3-3ubuntu0.1~esm1
Available with Ubuntu Pro
mujs 1.1.3-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7575-1
CVE-2021-45005, CVE-2022-30974, CVE-2022-30975
[USN-7577-1] libblockdev vulnerability
==========================================================================
Ubuntu Security Notice USN-7577-1
June 18, 2025
libblockdev vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
libblockdev could be made to run programs as an administrator.
Software Description:
- libblockdev: libblockdev introspection data
Details:
It was discovered that libblockdev incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libblockdev3 3.3.0-2ubuntu0.1
Ubuntu 24.10
libblockdev3 3.1.1-2ubuntu0.1
Ubuntu 24.04 LTS
libblockdev3 3.1.1-1ubuntu0.1
Ubuntu 22.04 LTS
libblockdev2 2.26-1ubuntu0.1
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7577-1
CVE-2025-6019
Package Information:
https://launchpad.net/ubuntu/+source/libblockdev/3.3.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libblockdev/3.1.1-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libblockdev/3.1.1-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libblockdev/2.26-1ubuntu0.1
[USN-7578-1] UDisks vulnerability
==========================================================================
Ubuntu Security Notice USN-7578-1
June 18, 2025
udisks2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
UDisks could be made to run programs as an administrator.
Software Description:
- udisks2: service to access and manipulate storage devices
Details:
It was discovered that UDisks incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libudisks2-0 2.10.1-11ubuntu2.2
udisks2 2.10.1-11ubuntu2.2
Ubuntu 24.10
libudisks2-0 2.10.1-9ubuntu3.2
udisks2 2.10.1-9ubuntu3.2
Ubuntu 24.04 LTS
libudisks2-0 2.10.1-6ubuntu1.2
udisks2 2.10.1-6ubuntu1.2
Ubuntu 22.04 LTS
libudisks2-0 2.9.4-1ubuntu2.2
udisks2 2.9.4-1ubuntu2.2
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7578-1
CVE-2025-6019
Package Information:
https://launchpad.net/ubuntu/+source/udisks2/2.10.1-11ubuntu2.2
https://launchpad.net/ubuntu/+source/udisks2/2.10.1-9ubuntu3.2
https://launchpad.net/ubuntu/+source/udisks2/2.10.1-6ubuntu1.2
https://launchpad.net/ubuntu/+source/udisks2/2.9.4-1ubuntu2.2
[USN-7573-2] X.Org X Server vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7573-2
June 18, 2025
xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in X.Org X Server.
Software Description:
- xorg-server: X.Org X11 server
- xorg-server-hwe-18.04: X.Org X11 server
- xorg-server-hwe-16.04: X.Org X11 server
Details:
USN-7573-1 fixed several vulnerabilities in X.Org. This update provides
the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu
20.04 LTS.
Original advisory details:
Nils Emmerich discovered that the X.Org X Server incorrectly handled
certain memory operations. An attacker could use these issues to cause the
X Server to crash, leading to a denial of service, obtain sensitive
information, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
xserver-xorg-core 2:1.20.13-1ubuntu1~20.04.20+esm1
Available with Ubuntu Pro
xwayland 2:1.20.13-1ubuntu1~20.04.20+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm13
Available with Ubuntu Pro
xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm5
Available with Ubuntu Pro
xwayland 2:1.19.6-1ubuntu4.15+esm13
Available with Ubuntu Pro
xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm18
Available with Ubuntu Pro
xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm10
Available with Ubuntu Pro
xwayland 2:1.18.4-0ubuntu0.12+esm18
Available with Ubuntu Pro
xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm10
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7573-2
https://ubuntu.com/security/notices/USN-7573-1
CVE-2025-49175, CVE-2025-49176, CVE-2025-49178, CVE-2025-49179,
CVE-2025-49180
[USN-7574-1] Go vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7574-1
June 18, 2025
golang-1.22 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Go.
Software Description:
- golang-1.22: Go programming language compiler
Details:
Kyle Seely discovered that the Go net/http module did not properly handle
sensitive headers during repeated redirects. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2024-45336)
Juho Forsén discovered that the Go crypto/x509 module incorrectly handled
IPv6 addresses during URI parsing. An attacker could possibly use this
issue to bypass certificate URI constraints. (CVE-2024-45341)
It was discovered that the Go crypto module did not properly handle
variable time instructions under certain circumstances on 64-bit Power
(ppc64el) systems. An attacker could possibly use this issue to expose
sensitive information. (CVE-2025-22866)
It was discovered that the Go http/httpproxy module did not properly
handle IPv6 zone IDs during hostname matching. An attacker could possibly
use this issue to cause a denial of service. (CVE-2025-22870)
Takeshi Kaneko discovered that the Go net/http module did not properly
strip sensitive proxy headers during redirect requests. An attacker could
possibly use this issue to obtain sensitive information. (CVE-2025-4673)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
golang-1.22 1.22.8-1ubuntu0.1
golang-1.22-go 1.22.8-1ubuntu0.1
golang-1.22-src 1.22.8-1ubuntu0.1
Ubuntu 24.04 LTS
golang-1.22 1.22.2-2ubuntu0.4
golang-1.22-go 1.22.2-2ubuntu0.4
golang-1.22-src 1.22.2-2ubuntu0.4
Ubuntu 22.04 LTS
golang-1.22 1.22.2-2~22.04.3
golang-1.22-go 1.22.2-2~22.04.3
golang-1.22-src 1.22.2-2~22.04.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7574-1
CVE-2024-45336, CVE-2024-45341, CVE-2025-22866, CVE-2025-22870,
CVE-2025-4673
Package Information:
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.8-1ubuntu0.1
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2ubuntu0.4
https://launchpad.net/ubuntu/+source/golang-1.22/1.22.2-2~22.04.3
[USN-7578-2] UDisks vulnerability
==========================================================================
Ubuntu Security Notice USN-7578-2
June 18, 2025
udisks2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
UDisks could be made to run programs as an administrator.
Software Description:
- udisks2: service to access and manipulate storage devices
Details:
USN-7578-1 fixed a vulnerability in UDisks. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that UDisks incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libudisks2-0 2.8.4-1ubuntu2+esm1
Available with Ubuntu Pro
udisks2 2.8.4-1ubuntu2+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libudisks2-0 2.7.6-3ubuntu0.2+esm1
Available with Ubuntu Pro
udisks2 2.7.6-3ubuntu0.2+esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7578-2
https://ubuntu.com/security/notices/USN-7578-1
CVE-2025-6019
[USN-7577-2] libblockdev vulnerability
==========================================================================
Ubuntu Security Notice USN-7577-2
June 18, 2025
libblockdev vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
libblockdev could be made to run programs as an administrator.
Software Description:
- libblockdev: libblockdev introspection data
Details:
USN-7577-1 fixed a vulnerability in libblockdev. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that libblockdev incorrectly handled mount options when
resizing certain filesystems. A local attacker with an active session on
the console can use this issue to escalate their privileges to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libblockdev2 2.23-2ubuntu3+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libblockdev2 2.16-2ubuntu0.1~esm1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7577-2
https://ubuntu.com/security/notices/USN-7577-1
CVE-2025-6019
[USN-7579-1] Godot Engine vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7579-1
June 18, 2025
godot vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Godot Engine.
Software Description:
- godot: Full 2D and 3D game engine with editor
Details:
It was discovered that the Godot Engine did not properly handle
certain malformed WebM media files. If the Godot Engine opened a
specially crafted WebM file, a remote attacker could cause a denial
of service, or possibly execute arbitrary code. (CVE-2019-2126)
It was discovered that the Godot Engine did not properly handle
certain malformed TGA image files. If the Godot Engine opened a
specially crafted TGA image file, a remote attacker could cause
a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2021-26825, CVE-2021-26826)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
godot3 3.6+ds-2ubuntu0.1
godot3-runner 3.6+ds-2ubuntu0.1
Ubuntu 24.10
godot3 3.5.2-stable-2ubuntu0.24.10.1
godot3-runner 3.5.2-stable-2ubuntu0.24.10.1
Ubuntu 24.04 LTS
godot3 3.5.2-stable-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
godot3-runner 3.5.2-stable-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
godot3 3.2.3-stable-1ubuntu0.1~esm1
Available with Ubuntu Pro
godot3-runner 3.2.3-stable-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
godot3 3.2-stable-2ubuntu0.1~esm1
Available with Ubuntu Pro
godot3-runner 3.2-stable-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7579-1
CVE-2019-2126, CVE-2021-26825, CVE-2021-26826
Package Information:
https://launchpad.net/ubuntu/+source/godot/3.6+ds-2ubuntu0.1
https://launchpad.net/ubuntu/+source/godot/3.5.2-stable-2ubuntu0.24.10.1
[USN-7580-1] PAM vulnerability
==========================================================================
Ubuntu Security Notice USN-7580-1
June 18, 2025
pam vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
PAM could be made to run programs as an administrator.
Software Description:
- pam: Pluggable Authentication Modules
Details:
Olivier BAL-PETRE discovered that the PAM pam_namespace module incorrectly
handled user-controlled paths. In environments where pam_namespace is used,
a local attacker could possibly use this issue to escalate their privileges
to root.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libpam-modules 1.5.3-7ubuntu4.3
Ubuntu 24.10
libpam-modules 1.5.3-7ubuntu2.3
Ubuntu 24.04 LTS
libpam-modules 1.5.3-5ubuntu5.4
Ubuntu 22.04 LTS
libpam-modules 1.4.0-11ubuntu2.6
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7580-1
CVE-2025-6020
Package Information:
https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu4.3
https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu2.3
https://launchpad.net/ubuntu/+source/pam/1.5.3-5ubuntu5.4
https://launchpad.net/ubuntu/+source/pam/1.4.0-11ubuntu2.6
