Kernel, H2O, Valkey, and more updates for Ubuntu Linux

Ubuntu 6931 Published by

Ubuntu Linux has released several security updates to address vulnerabilities in various components. These updates include fixes for the Linux kernel (Real-time and FIPS) as well as other affected packages such as H2O, Valkey, Python, rust-openssl, and EDK II. Additionally, vulnerabilities in the Linux kernel have also been addressed. Users are advised to install these security updates to ensure their system's security.

[USN-7889-3] Linux kernel (Real-time) vulnerabilities
[USN-7889-2] Linux kernel (FIPS) vulnerabilities
[USN-7879-3] Linux kernel vulnerabilities
[USN-7892-1] H2O vulnerability
[USN-7893-1] Valkey vulnerabilities
[USN-7886-2] Python vulnerabilities
[USN-7891-1] rust-openssl vulnerabilities
[USN-7894-1] EDK II vulnerabilities




[USN-7889-3] Linux kernel (Real-time) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7889-3
November 26, 2025

linux-realtime, linux-realtime-6.8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-realtime: Linux kernel for Real-time systems
- linux-realtime-6.8: Linux kernel for Real-time systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- Network drivers;
- Netfilter;
- TLS protocol;
(CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.1-1038-realtime 6.8.1-1038.39
Available with Ubuntu Pro
linux-image-realtime 6.8.1-1038.39
Available with Ubuntu Pro

Ubuntu 22.04 LTS
linux-image-realtime-6.8.1 6.8.1-1038.39
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7889-3
https://ubuntu.com/security/notices/USN-7889-2
https://ubuntu.com/security/notices/USN-7889-1
CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678

Package Information:
https://launchpad.net/ubuntu/+source/linux-realtime/6.8.1-1038.39
https://launchpad.net/ubuntu/+source/linux-realtime-6.8/6.8.1-1038.39~22.04.1



[USN-7889-2] Linux kernel (FIPS) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7889-2
November 26, 2025

linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with FIPS

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- Network drivers;
- Netfilter;
- TLS protocol;
(CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1043-aws-fips 6.8.0-1043.45+fips1
Available with Ubuntu Pro
linux-image-6.8.0-1044-gcp-fips 6.8.0-1044.47+fips1
Available with Ubuntu Pro
linux-image-6.8.0-88-fips 6.8.0-88.89+fips1
Available with Ubuntu Pro
linux-image-aws-fips 6.8.0-1043.45+fips1
Available with Ubuntu Pro
linux-image-aws-fips-6.8 6.8.0-1043.45+fips1
Available with Ubuntu Pro
linux-image-fips 6.8.0-88.89+fips1
Available with Ubuntu Pro
linux-image-fips-6.8 6.8.0-88.89+fips1
Available with Ubuntu Pro
linux-image-gcp-fips 6.8.0-1044.47+fips1
Available with Ubuntu Pro
linux-image-gcp-fips-6.8 6.8.0-1044.47+fips1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7889-2
https://ubuntu.com/security/notices/USN-7889-1
CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/6.8.0-1043.45+fips1
https://launchpad.net/ubuntu/+source/linux-fips/6.8.0-88.89+fips1
https://launchpad.net/ubuntu/+source/linux-gcp-fips/6.8.0-1044.47+fips1



[USN-7879-3] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7879-3
November 26, 2025

linux-aws-6.14, linux-oracle-6.14 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws-6.14: Linux kernel for Amazon Web Services (AWS) systems
- linux-oracle-6.14: Linux kernel for Oracle Cloud systems

Details:

It was discovered that improper initialization of CPU cache memory could
allow a local attacker with hypervisor access to overwrite SEV-SNP guest
memory resulting in loss of data integrity. (CVE-2024-36331)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- S390 architecture;
- x86 architecture;
- Network block device driver;
- Character device driver;
- Clock framework and drivers;
- Data acquisition framework and drivers;
- Hardware crypto device drivers;
- Device frequency scaling framework;
- DMA engine subsystem;
- EDAC drivers;
- GPU drivers;
- HID subsystem;
- Hardware monitoring drivers;
- I2C subsystem;
- IIO subsystem;
- IIO ADC drivers;
- InfiniBand drivers;
- Input Device core drivers;
- Multiple devices driver;
- Media drivers;
- Network drivers;
- Mellanox network drivers;
- PCI subsystem;
- PHY drivers;
- Pin controllers subsystem;
- x86 platform drivers;
- Power supply drivers;
- Powercap sysfs driver;
- Voltage and Current Regulator drivers;
- S/390 drivers;
- ASPEED SoC drivers;
- SPI subsystem;
- small TFT LCD display modules;
- Media staging drivers;
- USB Gadget drivers;
- vDPA drivers;
- VFIO drivers;
- Framebuffer layer;
- Xen hypervisor drivers;
- BTRFS file system;
- Ceph distributed file system;
- EFI Variable file system;
- File systems infrastructure;
- F2FS file system;
- GFS2 file system;
- Network file systems library;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- NTFS3 file system;
- Proc file system;
- SMB network file system;
- DRM display driver;
- io_uring subsystem;
- Internal shared memory driver;
- padata parallel execution mechanism;
- Networking subsytem;
- Bluetooth subsystem;
- Netfilter;
- UDP network protocol;
- Tracing infrastructure;
- BPF subsystem;
- Perf events;
- Padata parallel execution mechanism;
- Codetag library;
- KASAN memory debugging framework;
- Memory management;
- 802.1Q VLAN protocol;
- Appletalk network protocol;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Multipath TCP;
- Netlink;
- RxRPC session sockets;
- Network traffic control;
- SMC sockets;
- Sun RPC protocol;
- TIPC protocol;
- TLS protocol;
- VMware vSockets driver;
- Wireless networking;
- XFRM subsystem;
- ADI SoundPort AD1816A based soundcard drivers;
- MediaTek ASoC drivers;
- SOF drivers;
- USB sound devices;
- KVM subsystem;
(CVE-2025-38335, CVE-2025-38349, CVE-2025-38351, CVE-2025-38437,
CVE-2025-38438, CVE-2025-38439, CVE-2025-38440, CVE-2025-38441,
CVE-2025-38443, CVE-2025-38444, CVE-2025-38445, CVE-2025-38446,
CVE-2025-38448, CVE-2025-38449, CVE-2025-38450, CVE-2025-38451,
CVE-2025-38452, CVE-2025-38453, CVE-2025-38454, CVE-2025-38455,
CVE-2025-38456, CVE-2025-38457, CVE-2025-38458, CVE-2025-38459,
CVE-2025-38460, CVE-2025-38461, CVE-2025-38462, CVE-2025-38463,
CVE-2025-38464, CVE-2025-38465, CVE-2025-38466, CVE-2025-38467,
CVE-2025-38468, CVE-2025-38469, CVE-2025-38470, CVE-2025-38471,
CVE-2025-38472, CVE-2025-38473, CVE-2025-38474, CVE-2025-38475,
CVE-2025-38476, CVE-2025-38478, CVE-2025-38480, CVE-2025-38481,
CVE-2025-38482, CVE-2025-38483, CVE-2025-38484, CVE-2025-38485,
CVE-2025-38487, CVE-2025-38488, CVE-2025-38489, CVE-2025-38490,
CVE-2025-38491, CVE-2025-38492, CVE-2025-38493, CVE-2025-38494,
CVE-2025-38495, CVE-2025-38496, CVE-2025-38497, CVE-2025-38501,
CVE-2025-38503, CVE-2025-38505, CVE-2025-38506, CVE-2025-38507,
CVE-2025-38508, CVE-2025-38509, CVE-2025-38510, CVE-2025-38511,
CVE-2025-38512, CVE-2025-38513, CVE-2025-38514, CVE-2025-38515,
CVE-2025-38516, CVE-2025-38517, CVE-2025-38520, CVE-2025-38521,
CVE-2025-38524, CVE-2025-38525, CVE-2025-38526, CVE-2025-38527,
CVE-2025-38528, CVE-2025-38529, CVE-2025-38530, CVE-2025-38531,
CVE-2025-38532, CVE-2025-38533, CVE-2025-38534, CVE-2025-38535,
CVE-2025-38537, CVE-2025-38538, CVE-2025-38539, CVE-2025-38540,
CVE-2025-38542, CVE-2025-38543, CVE-2025-38544, CVE-2025-38545,
CVE-2025-38546, CVE-2025-38547, CVE-2025-38548, CVE-2025-38549,
CVE-2025-38550, CVE-2025-38551, CVE-2025-38552, CVE-2025-38553,
CVE-2025-38555, CVE-2025-38556, CVE-2025-38557, CVE-2025-38558,
CVE-2025-38559, CVE-2025-38560, CVE-2025-38561, CVE-2025-38562,
CVE-2025-38563, CVE-2025-38565, CVE-2025-38566, CVE-2025-38567,
CVE-2025-38568, CVE-2025-38569, CVE-2025-38570, CVE-2025-38571,
CVE-2025-38572, CVE-2025-38573, CVE-2025-38574, CVE-2025-38576,
CVE-2025-38577, CVE-2025-38578, CVE-2025-38579, CVE-2025-38581,
CVE-2025-38582, CVE-2025-38583, CVE-2025-38584, CVE-2025-38585,
CVE-2025-38586, CVE-2025-38587, CVE-2025-38588, CVE-2025-38589,
CVE-2025-38590, CVE-2025-38593, CVE-2025-38595, CVE-2025-38601,
CVE-2025-38602, CVE-2025-38604, CVE-2025-38605, CVE-2025-38606,
CVE-2025-38608, CVE-2025-38609, CVE-2025-38610, CVE-2025-38612,
CVE-2025-38615, CVE-2025-38616, CVE-2025-38619, CVE-2025-38622,
CVE-2025-38623, CVE-2025-38624, CVE-2025-38625, CVE-2025-38626,
CVE-2025-38628, CVE-2025-38629, CVE-2025-38630, CVE-2025-38631,
CVE-2025-38632, CVE-2025-38634, CVE-2025-38635, CVE-2025-38639,
CVE-2025-38640, CVE-2025-38642, CVE-2025-38643, CVE-2025-38644,
CVE-2025-38645, CVE-2025-38646, CVE-2025-38648, CVE-2025-38649,
CVE-2025-38650, CVE-2025-38652, CVE-2025-38653, CVE-2025-38654,
CVE-2025-38655, CVE-2025-38659, CVE-2025-38660, CVE-2025-38662,
CVE-2025-38663, CVE-2025-38664, CVE-2025-38665, CVE-2025-38666,
CVE-2025-38668, CVE-2025-38670, CVE-2025-38671, CVE-2025-38675,
CVE-2025-38678, CVE-2025-39725, CVE-2025-39726, CVE-2025-39727,
CVE-2025-39730, CVE-2025-39731, CVE-2025-39732, CVE-2025-39734,
CVE-2025-39809, CVE-2025-39818, CVE-2025-40157)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.14.0-1017-aws 6.14.0-1017.17~24.04.1
linux-image-6.14.0-1017-aws-64k 6.14.0-1017.17~24.04.1
linux-image-6.14.0-1017-oracle 6.14.0-1017.17~24.04.1
linux-image-6.14.0-1017-oracle-64k 6.14.0-1017.17~24.04.1
linux-image-aws 6.14.0-1017.17~24.04.1
linux-image-aws-6.14 6.14.0-1017.17~24.04.1
linux-image-aws-64k 6.14.0-1017.17~24.04.1
linux-image-aws-64k-6.14 6.14.0-1017.17~24.04.1
linux-image-oracle 6.14.0-1017.17~24.04.1
linux-image-oracle-6.14 6.14.0-1017.17~24.04.1
linux-image-oracle-64k 6.14.0-1017.17~24.04.1
linux-image-oracle-64k-6.14 6.14.0-1017.17~24.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7879-3
https://ubuntu.com/security/notices/USN-7879-2
https://ubuntu.com/security/notices/USN-7879-1
CVE-2024-36331, CVE-2025-38335, CVE-2025-38349, CVE-2025-38351,
CVE-2025-38437, CVE-2025-38438, CVE-2025-38439, CVE-2025-38440,
CVE-2025-38441, CVE-2025-38443, CVE-2025-38444, CVE-2025-38445,
CVE-2025-38446, CVE-2025-38448, CVE-2025-38449, CVE-2025-38450,
CVE-2025-38451, CVE-2025-38452, CVE-2025-38453, CVE-2025-38454,
CVE-2025-38455, CVE-2025-38456, CVE-2025-38457, CVE-2025-38458,
CVE-2025-38459, CVE-2025-38460, CVE-2025-38461, CVE-2025-38462,
CVE-2025-38463, CVE-2025-38464, CVE-2025-38465, CVE-2025-38466,
CVE-2025-38467, CVE-2025-38468, CVE-2025-38469, CVE-2025-38470,
CVE-2025-38471, CVE-2025-38472, CVE-2025-38473, CVE-2025-38474,
CVE-2025-38475, CVE-2025-38476, CVE-2025-38478, CVE-2025-38480,
CVE-2025-38481, CVE-2025-38482, CVE-2025-38483, CVE-2025-38484,
CVE-2025-38485, CVE-2025-38487, CVE-2025-38488, CVE-2025-38489,
CVE-2025-38490, CVE-2025-38491, CVE-2025-38492, CVE-2025-38493,
CVE-2025-38494, CVE-2025-38495, CVE-2025-38496, CVE-2025-38497,
CVE-2025-38501, CVE-2025-38503, CVE-2025-38505, CVE-2025-38506,
CVE-2025-38507, CVE-2025-38508, CVE-2025-38509, CVE-2025-38510,
CVE-2025-38511, CVE-2025-38512, CVE-2025-38513, CVE-2025-38514,
CVE-2025-38515, CVE-2025-38516, CVE-2025-38517, CVE-2025-38520,
CVE-2025-38521, CVE-2025-38524, CVE-2025-38525, CVE-2025-38526,
CVE-2025-38527, CVE-2025-38528, CVE-2025-38529, CVE-2025-38530,
CVE-2025-38531, CVE-2025-38532, CVE-2025-38533, CVE-2025-38534,
CVE-2025-38535, CVE-2025-38537, CVE-2025-38538, CVE-2025-38539,
CVE-2025-38540, CVE-2025-38542, CVE-2025-38543, CVE-2025-38544,
CVE-2025-38545, CVE-2025-38546, CVE-2025-38547, CVE-2025-38548,
CVE-2025-38549, CVE-2025-38550, CVE-2025-38551, CVE-2025-38552,
CVE-2025-38553, CVE-2025-38555, CVE-2025-38556, CVE-2025-38557,
CVE-2025-38558, CVE-2025-38559, CVE-2025-38560, CVE-2025-38561,
CVE-2025-38562, CVE-2025-38563, CVE-2025-38565, CVE-2025-38566,
CVE-2025-38567, CVE-2025-38568, CVE-2025-38569, CVE-2025-38570,
CVE-2025-38571, CVE-2025-38572, CVE-2025-38573, CVE-2025-38574,
CVE-2025-38576, CVE-2025-38577, CVE-2025-38578, CVE-2025-38579,
CVE-2025-38581, CVE-2025-38582, CVE-2025-38583, CVE-2025-38584,
CVE-2025-38585, CVE-2025-38586, CVE-2025-38587, CVE-2025-38588,
CVE-2025-38589, CVE-2025-38590, CVE-2025-38593, CVE-2025-38595,
CVE-2025-38601, CVE-2025-38602, CVE-2025-38604, CVE-2025-38605,
CVE-2025-38606, CVE-2025-38608, CVE-2025-38609, CVE-2025-38610,
CVE-2025-38612, CVE-2025-38615, CVE-2025-38616, CVE-2025-38619,
CVE-2025-38622, CVE-2025-38623, CVE-2025-38624, CVE-2025-38625,
CVE-2025-38626, CVE-2025-38628, CVE-2025-38629, CVE-2025-38630,
CVE-2025-38631, CVE-2025-38632, CVE-2025-38634, CVE-2025-38635,
CVE-2025-38639, CVE-2025-38640, CVE-2025-38642, CVE-2025-38643,
CVE-2025-38644, CVE-2025-38645, CVE-2025-38646, CVE-2025-38648,
CVE-2025-38649, CVE-2025-38650, CVE-2025-38652, CVE-2025-38653,
CVE-2025-38654, CVE-2025-38655, CVE-2025-38659, CVE-2025-38660,
CVE-2025-38662, CVE-2025-38663, CVE-2025-38664, CVE-2025-38665,
CVE-2025-38666, CVE-2025-38668, CVE-2025-38670, CVE-2025-38671,
CVE-2025-38675, CVE-2025-38678, CVE-2025-39725, CVE-2025-39726,
CVE-2025-39727, CVE-2025-39730, CVE-2025-39731, CVE-2025-39732,
CVE-2025-39734, CVE-2025-39809, CVE-2025-39818, CVE-2025-40157

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-6.14/6.14.0-1017.17~24.04.1
https://launchpad.net/ubuntu/+source/linux-oracle-6.14/6.14.0-1017.17~24.04.1



[USN-7892-1] H2O vulnerability


==========================================================================
Ubuntu Security Notice USN-7892-1
November 26, 2025

h2o vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

H2O could be made to crash if it received specially crafted network traffic.

Software Description:
- h2o: the optimized HTTP/1, HTTP/2 server

Details:

It was discovered that H2O exhibited poor server resource management in its
HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to
crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
h2o 2.2.5+dfsg2-6.1ubuntu2+esm1
Available with Ubuntu Pro
libh2o0.13 2.2.5+dfsg2-6.1ubuntu2+esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
h2o 2.2.5+dfsg2-3ubuntu0.1~esm1
Available with Ubuntu Pro
libh2o0.13 2.2.5+dfsg2-3ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7892-1
CVE-2023-44487



[USN-7893-1] Valkey vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7893-1
November 26, 2025

valkey vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in Valkey.

Software Description:
- valkey: Persistent key-value database with network interface

Details:

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Valkey incorrectly
handled memory when running Lua scripts. An authenticated attacker could
use this vulnerability to trigger a use-after-free condition, and
potentially achieve remote code execution on the Valkey server.
(CVE-2025-49844)

It was discovered that Valkey incorrectly handled memory when running Lua
scripts. An authenticated attacker could use this vulnerability to trigger
a integer overflow condition, and potentially achieve remote code execution
on the Valkey server. (CVE-2025-46817)

It was discovered that Valkey incorrectly handled Lua objects. An
authenticated attacker could possibly use this issue to escalate their
privileges. (CVE-2025-46818)

It was discovered that Valkey incorrectly handled memory when running Lua
scripts. An authenticated attacker could use this vulnerability to read
out-of-bounds memory, causing a denial of service or possibly obtaining
sensitive information. (CVE-2025-46819)

It was discovered that Valkey incorrectly handled memory in some
calculations. An attacker could possibly use this issue to cause a denial
of service. (CVE-2025-49112)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
valkey-server 8.1.4+dfsg1-0ubuntu0.2

Ubuntu 25.04
valkey-server 8.0.6+dfsg1-0ubuntu0.2

Ubuntu 24.04 LTS
valkey-server 7.2.11+dfsg1-0ubuntu0.2

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-7893-1
CVE-2025-46817, CVE-2025-46818, CVE-2025-46819, CVE-2025-49112,
CVE-2025-49844

Package Information:
https://launchpad.net/ubuntu/+source/valkey/8.1.4+dfsg1-0ubuntu0.2
https://launchpad.net/ubuntu/+source/valkey/8.0.6+dfsg1-0ubuntu0.2
https://launchpad.net/ubuntu/+source/valkey/7.2.11+dfsg1-0ubuntu0.2



[USN-7886-2] Python vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7886-2
November 26, 2025

python3.13 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04

Summary:

Several security issues were fixed in Python.

Software Description:
- python3.13: An interactive high-level object-oriented language

Details:

USN-7886-1 fixed vulnerabilities in Python. This update provides the
corresponding updates for python3.13 in Ubuntu 25.04 and Ubuntu 25.10.

Original advisory details:

It was discovered that Python inefficiently handled expanding system
environment variables. An attacker could possibly use this issue to cause
Python to consume excessive resources, leading to a denial of service.
(CVE-2025-6075)

Caleb Brown discovered that Python incorrectly handled the ZIP64 End of
Central Directory (EOCD) Locator record offset value. An attacker could
possibly use this issue to obfuscate malicious content. (CVE-2025-8291)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libpython3.13 3.13.7-1ubuntu0.1
python3.13 3.13.7-1ubuntu0.1

Ubuntu 25.04
libpython3.13 3.13.3-1ubuntu0.4
python3.13 3.13.3-1ubuntu0.4

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7886-2
https://ubuntu.com/security/notices/USN-7886-1
CVE-2025-6075, CVE-2025-8291

Package Information:
https://launchpad.net/ubuntu/+source/python3.13/3.13.7-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python3.13/3.13.3-1ubuntu0.4



[USN-7891-1] rust-openssl vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7891-1
November 26, 2025

rust-openssl vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in rust-openssl.

Software Description:
- rust-openssl: OpenSSL bindings for Rust

Details:

Matt Mastracci discovered that rust-openssl was incorrectly handling server
lifetimes in certain functions. An attacker could possibly use this issue
to cause a denial of service or run arbitrary memory content to the client.
(CVE-2025-24898)

It was discovered that rust-openssl was incorrectly handling empty strings
when setting the host in certain functions. An attacker could possibly use
this issue to cause a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-53159)

It was discovered that rust-openssl was incorrectly handling property
arguments in certain functions. An attacker could possibly use this
issue to cause a denial of service. This issue only affected
Ubuntu 24.04 LTS. (CVE-2025-3416)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
librust-openssl-dev 0.10.57-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
librust-openssl-dev 0.10.36-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
librust-openssl-dev 0.10.23-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7891-1
CVE-2023-53159, CVE-2025-24898, CVE-2025-3416



[USN-7894-1] EDK II vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7894-1
November 26, 2025

edk2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in EDK II.

Software Description:
- edk2: UEFI firmware for virtual machines

Details:

It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)

It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)

It was discovered that the EDK II PE/COFF loader incorrectly handled
certain memory operations. An attacker could possibly use this issue to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2024-38796)

It was discovered that the EDK II PE image hashing function incorrectly
handled certain memory operations. An attacker could possibly use this
issue to cause a denial of service, or execute arbitrary code.
(CVE-2024-38797)

It was discovered that the EDK II BIOS incorrectly handled certain memory
operations. An attacker could possibly use this issue to cause a denial of
service. (CVE-2024-38805, CVE-2025-2295)

It was discovered that EDK II incorrectly handled the enabling of MCE. An
attacker could possibly use this issue to cause a denial of service, or
execute arbitrary code. (CVE-2025-3770)

It was discovered that the OpenSSL library embedded in EDK II contained
multiple vulnerabilties. An attacker could possibly use these issues to
cause a denial of service, obtain sensitive information, or execute
arbitrary code. (CVE-2021-3712, CVE-2022-0778, CVE-2022-4304,
CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465,
CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817, CVE-2023-5678,
CVE-2023-6237, CVE-2024-0727, CVE-2024-13176, CVE-2024-2511,
CVE-2024-41996, CVE-2024-4741, CVE-2024-5535, CVE-2024-6119, CVE-2024-9143,
CVE-2025-9232)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
ovmf 2025.02-3ubuntu2.2
ovmf-ia32 2025.02-3ubuntu2.2
qemu-efi-aarch64 2025.02-3ubuntu2.2
qemu-efi-arm 2025.02-3ubuntu2.2
qemu-efi-loongarch64 2025.02-3ubuntu2.2
qemu-efi-riscv64 2025.02-3ubuntu2.2

Ubuntu 24.04 LTS
ovmf 2024.02-2ubuntu0.6
ovmf-ia32 2024.02-2ubuntu0.6
qemu-efi-aarch64 2024.02-2ubuntu0.6
qemu-efi-arm 2024.02-2ubuntu0.6
qemu-efi-riscv64 2024.02-2ubuntu0.6

Ubuntu 22.04 LTS
ovmf 2022.02-3ubuntu0.22.04.4
ovmf-ia32 2022.02-3ubuntu0.22.04.4
qemu-efi 2022.02-3ubuntu0.22.04.4
qemu-efi-aarch64 2022.02-3ubuntu0.22.04.4
qemu-efi-arm 2022.02-3ubuntu0.22.04.4

After a standard system update you need to restart the virtual machines
that use the affected firmware to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7894-1
CVE-2021-3712, CVE-2022-0778, CVE-2022-4304, CVE-2022-4450,
CVE-2023-0215, CVE-2023-0286, CVE-2023-0464, CVE-2023-0465,
CVE-2023-0466, CVE-2023-2650, CVE-2023-3446, CVE-2023-3817,
CVE-2023-45236, CVE-2023-45237, CVE-2023-5678, CVE-2023-6237,
CVE-2024-0727, CVE-2024-1298, CVE-2024-13176, CVE-2024-2511,
CVE-2024-38796, CVE-2024-38797, CVE-2024-38805, CVE-2024-4741,
CVE-2024-5535, CVE-2024-6119, CVE-2024-9143, CVE-2025-2295,
CVE-2025-3770, CVE-2025-9232

Package Information:
https://launchpad.net/ubuntu/+source/edk2/2025.02-3ubuntu2.2
https://launchpad.net/ubuntu/+source/edk2/2024.02-2ubuntu0.6
https://launchpad.net/ubuntu/+source/edk2/2022.02-3ubuntu0.22.04.4


Kernel, Sssd, DPDK, and more updates for SUSE

KDE Connect, Samba, xrdp, ImageMagic updates for Debian

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...