[USN-7553-6] Linux kernel (Azure FIPS) vulnerabilities
[USN-7553-5] Linux kernel (Azure) vulnerabilities
[USN-7545-2] Apport regression
[USN-7559-1] systemd vulnerability
[USN-7560-1] AMD Microcode vulnerability
[USN-7561-1] AMD Microcode vulnerabilities
[USN-7553-6] Linux kernel (Azure FIPS) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7553-6
June 09, 2025
linux-azure-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-56551, CVE-2024-47701, CVE-2024-57850, CVE-2024-26966,
CVE-2021-47211, CVE-2024-56596, CVE-2024-53155, CVE-2024-42301,
CVE-2024-53168)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-2098-azure-fips 4.15.0-2098.104
Available with Ubuntu Pro
linux-image-azure-fips 4.15.0.2098.94
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7553-6
https://ubuntu.com/security/notices/USN-7553-5
https://ubuntu.com/security/notices/USN-7553-4
https://ubuntu.com/security/notices/USN-7553-3
https://ubuntu.com/security/notices/USN-7553-2
https://ubuntu.com/security/notices/USN-7553-1
CVE-2021-47211, CVE-2024-26966, CVE-2024-42301, CVE-2024-47701,
CVE-2024-53155, CVE-2024-53168, CVE-2024-56551, CVE-2024-56596,
CVE-2024-57850
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-fips/4.15.0-2098.104
[USN-7553-5] Linux kernel (Azure) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7553-5
June 09, 2025
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-56596, CVE-2024-47701, CVE-2024-26966, CVE-2021-47211,
CVE-2024-42301, CVE-2024-57850, CVE-2024-53168, CVE-2024-53155,
CVE-2024-56551)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
linux-image-4.15.0-1189-azure 4.15.0-1189.204~14.04.1
Available with Ubuntu Pro
linux-image-azure 4.15.0.1189.204~14.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7553-5
https://ubuntu.com/security/notices/USN-7553-4
https://ubuntu.com/security/notices/USN-7553-3
https://ubuntu.com/security/notices/USN-7553-2
https://ubuntu.com/security/notices/USN-7553-1
CVE-2021-47211, CVE-2024-26966, CVE-2024-42301, CVE-2024-47701,
CVE-2024-53155, CVE-2024-53168, CVE-2024-56551, CVE-2024-56596,
CVE-2024-57850
[USN-7545-2] Apport regression
==========================================================================
Ubuntu Security Notice USN-7545-2
June 09, 2025
apport regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-7545-1 introduced a regression in Apport.
Software Description:
- apport: automatically generate crash reports for debugging
Details:
USN-7545-1 fixed a vulnerability in Apport. The update introduced a
regression that prevented core dumps from being generated inside
containers. This update fixes the problem. We apologize for the
inconvenience. Original advisory details: Qualys discovered that Apport
incorrectly handled metadata when processing application crashes. An
attacker could possibly use this issue to leak sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
apport 2.32.0-0ubuntu5.2
python3-apport 2.32.0-0ubuntu5.2
Ubuntu 24.10
apport 2.30.0-0ubuntu4.4
python3-apport 2.30.0-0ubuntu4.4
Ubuntu 24.04 LTS
apport 2.28.1-0ubuntu3.7
python3-apport 2.28.1-0ubuntu3.7
Ubuntu 22.04 LTS
apport 2.20.11-0ubuntu82.8
python3-apport 2.20.11-0ubuntu82.8
Ubuntu 20.04 LTS
apport 2.20.11-0ubuntu27.29
python3-apport 2.20.11-0ubuntu27.29
Ubuntu 18.04 LTS
apport 2.20.9-0ubuntu7.29+esm2
Available with Ubuntu Pro
python-apport 2.20.9-0ubuntu7.29+esm2
Available with Ubuntu Pro
python3-apport 2.20.9-0ubuntu7.29+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
apport 2.20.1-0ubuntu2.30+esm6
Available with Ubuntu Pro
python-apport 2.20.1-0ubuntu2.30+esm6
Available with Ubuntu Pro
python3-apport 2.20.1-0ubuntu2.30+esm6
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
Package Information:
https://launchpad.net/ubuntu/+source/apport/2.32.0-0ubuntu5.2
https://launchpad.net/ubuntu/+source/apport/2.30.0-0ubuntu4.4
https://launchpad.net/ubuntu/+source/apport/2.28.1-0ubuntu3.7
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu82.8
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu27.29
[USN-7559-1] systemd vulnerability
==========================================================================
Ubuntu Security Notice USN-7559-1
June 09, 2025
systemd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
systemd could be made to leak sensitive information.
Software Description:
- systemd: system and service manager
Details:
Qualys discovered that systemd incorrectly handled metadata when processing
application crashes. An attacker could possibly use this issue to expose
sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
systemd-coredump 257.4-1ubuntu3.1
Ubuntu 24.10
systemd-coredump 256.5-2ubuntu3.3
Ubuntu 24.04 LTS
systemd-coredump 255.4-1ubuntu8.8
Ubuntu 22.04 LTS
systemd-coredump 249.11-0ubuntu3.16
Ubuntu 20.04 LTS
systemd-coredump 245.4-4ubuntu3.24+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7559-1
CVE-2025-4598
Package Information:
https://launchpad.net/ubuntu/+source/systemd/257.4-1ubuntu3.1
https://launchpad.net/ubuntu/+source/systemd/256.5-2ubuntu3.3
https://launchpad.net/ubuntu/+source/systemd/255.4-1ubuntu8.8
https://launchpad.net/ubuntu/+source/systemd/249.11-0ubuntu3.16
[USN-7560-1] AMD Microcode vulnerability
==========================================================================
Ubuntu Security Notice USN-7560-1
June 09, 2025
amd64-microcode vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
Summary:
AMD Microcode could lose the SEV-based protection of a confidential guest.
Software Description:
- amd64-microcode: Platform firmware and microcode for AMD CPUs and SoCs
Details:
Josh Eads, Kristoffer Janke, Eduardo Nava, Tavis Ormandy and Matteo Rizzo
discovered that AMD Microcode incorrectly verified signatures. An attacker
with local administrator privilege could possibly use this issue to cause
loss of confidentiality and integrity of a confidential guest running under
AMD SEV-SNP.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
amd64-microcode 3.20250311.1ubuntu0.25.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7560-1
CVE-2024-56161
Package Information:
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20250311.1ubuntu0.25.04.1
[USN-7561-1] AMD Microcode vulnerabilities
=========================================================================
Ubuntu Security Notice USN-7561-1
June 09, 2025
amd64-microcode vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in AMD Microcode.
Software Description:
- amd64-microcode: Platform firmware and microcode for AMD CPUs and SoCs
Details:
It was discovered that AMD Microcode incorrectly handled memory addresses.
An attacker with local administrator privilege could possibly use this
issue to cause loss of integrity of a confidential guest running under AMD
SEV-SNP. (CVE-2023-20584, CVE-2023-31356)
Josh Eads, Kristoffer Janke, Eduardo Nava, Tavis Ormandy and Matteo Rizzo
discovered that AMD Microcode incorrectly verified signatures. An attacker
with local administrator privilege could possibly use this issue to cause
loss of confidentiality and integrity of a confidential guest running under
AMD SEV-SNP. (CVE-2024-56161)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
amd64-microcode 3.20250311.1ubuntu0.24.10.1
Ubuntu 24.04 LTS
amd64-microcode 3.20250311.1ubuntu0.24.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7561-1
CVE-2023-20584, CVE-2023-31356, CVE-2024-56161
Package Information:
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20250311.1ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20250311.1ubuntu0.24.04.1
