Kernel, libsoup, Horde Css Parser, Django updates for Ubuntu

Ubuntu 6744 Published by

Ubuntu Linux has received a range of security updates for the Linux kernel, libsoup, Horde Css Parser, and Django:

[USN-7498-1] Linux kernel vulnerability
[USN-7496-2] Linux kernel (FIPS) vulnerabilities
[USN-7496-1] Linux kernel vulnerabilities
[USN-7494-5] Linux kernel (Azure FIPS) vulnerabilities
[USN-7494-4] Linux kernel (Azure) vulnerabilities
[USN-7500-1] Linux kernel (Azure) vulnerabilities
[USN-7499-1] Linux kernel (Azure) vulnerabilities
[USN-7489-2] Linux kernel (Real-time) vulnerability
[USN-7500-2] Linux kernel (Azure) vulnerabilities
[USN-7496-4] Linux kernel (Azure) vulnerabilities
[USN-7496-3] Linux kernel (Azure) vulnerabilities
[USN-7495-3] Linux kernel (Azure) vulnerabilities
[USN-7490-3] libsoup vulnerabilities
[USN-7502-1] Horde Css Parser vulnerability
[USN-7501-2] Django vulnerability
[USN-7501-1] Django vulnerability




[USN-7498-1] Linux kernel vulnerability


==========================================================================
Ubuntu Security Notice USN-7498-1
May 07, 2025

linux vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

The system could be made to crash or run programs as an administrator.

Software Description:
- linux: Linux kernel

Details:

A security issue was discovered in the Linux kernel.
An attacker could possibly use this to compromise the system.
This update corrects flaws in the following subsystems:
- JFS file system;
(CVE-2024-56598)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
linux-image-3.13.0-206-generic 3.13.0-206.257
Available with Ubuntu Pro
linux-image-3.13.0-206-lowlatency 3.13.0-206.257
Available with Ubuntu Pro
linux-image-generic 3.13.0.206.216
Available with Ubuntu Pro
linux-image-generic-lts-quantal 3.13.0.206.216
Available with Ubuntu Pro
linux-image-generic-lts-raring 3.13.0.206.216
Available with Ubuntu Pro
linux-image-generic-lts-saucy 3.13.0.206.216
Available with Ubuntu Pro
linux-image-generic-lts-trusty 3.13.0.206.216
Available with Ubuntu Pro
linux-image-lowlatency 3.13.0.206.216
Available with Ubuntu Pro
linux-image-server 3.13.0.206.216
Available with Ubuntu Pro
linux-image-virtual 3.13.0.206.216
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7498-1
CVE-2024-56598



[USN-7496-2] Linux kernel (FIPS) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7496-2
May 07, 2025

linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with FIPS

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Character device driver;
- Hardware crypto device drivers;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- USB Gadget drivers;
- Framebuffer layer;
- Ceph distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- NILFS2 file system;
- SMB network file system;
- Netfilter;
- CAN network layer;
- IPv6 networking;
- MAC80211 subsystem;
- Netlink;
- Network traffic control;
- SCTP protocol;
- TIPC protocol;
(CVE-2023-52664, CVE-2024-26974, CVE-2024-49944, CVE-2024-50256,
CVE-2024-35864, CVE-2025-21971, CVE-2023-52741, CVE-2024-50296,
CVE-2024-50237, CVE-2021-47191, CVE-2024-46771, CVE-2024-56770,
CVE-2021-47163, CVE-2024-53063, CVE-2024-53140, CVE-2024-36015,
CVE-2024-56650, CVE-2024-53173, CVE-2024-53066, CVE-2024-26689,
CVE-2024-56651, CVE-2024-36934, CVE-2024-56598, CVE-2021-47219,
CVE-2024-26915, CVE-2024-46780, CVE-2024-49925, CVE-2023-52458,
CVE-2021-47150, CVE-2024-56631, CVE-2024-26996, CVE-2023-52927,
CVE-2024-56642)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1135-fips 4.15.0-1135.146
Available with Ubuntu Pro
linux-image-4.15.0-2081-gcp-fips 4.15.0-2081.87
Available with Ubuntu Pro
linux-image-4.15.0-2118-aws-fips 4.15.0-2118.124
Available with Ubuntu Pro
linux-image-aws-fips 4.15.0.2118.112
Available with Ubuntu Pro
linux-image-fips 4.15.0.1135.132
Available with Ubuntu Pro
linux-image-gcp-fips 4.15.0.2081.79
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7496-2
https://ubuntu.com/security/notices/USN-7496-1
CVE-2021-47150, CVE-2021-47163, CVE-2021-47191, CVE-2021-47219,
CVE-2023-52458, CVE-2023-52664, CVE-2023-52741, CVE-2023-52927,
CVE-2024-26689, CVE-2024-26915, CVE-2024-26974, CVE-2024-26996,
CVE-2024-35864, CVE-2024-36015, CVE-2024-36934, CVE-2024-46771,
CVE-2024-46780, CVE-2024-49925, CVE-2024-49944, CVE-2024-50237,
CVE-2024-50256, CVE-2024-50296, CVE-2024-53063, CVE-2024-53066,
CVE-2024-53140, CVE-2024-53173, CVE-2024-56598, CVE-2024-56631,
CVE-2024-56642, CVE-2024-56650, CVE-2024-56651, CVE-2024-56770,
CVE-2025-21971

Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/4.15.0-2118.124
https://launchpad.net/ubuntu/+source/linux-fips/4.15.0-1135.146
https://launchpad.net/ubuntu/+source/linux-gcp-fips/4.15.0-2081.87



[USN-7496-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7496-1
May 07, 2025

linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Character device driver;
- Hardware crypto device drivers;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- USB Gadget drivers;
- Framebuffer layer;
- Ceph distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- NILFS2 file system;
- SMB network file system;
- Netfilter;
- CAN network layer;
- IPv6 networking;
- MAC80211 subsystem;
- Netlink;
- Network traffic control;
- SCTP protocol;
- TIPC protocol;
(CVE-2024-53173, CVE-2024-26689, CVE-2024-46771, CVE-2024-36934,
CVE-2023-52458, CVE-2021-47191, CVE-2024-50296, CVE-2024-26974,
CVE-2021-47150, CVE-2024-53140, CVE-2025-21971, CVE-2024-50237,
CVE-2024-46780, CVE-2023-52741, CVE-2024-56642, CVE-2024-56631,
CVE-2024-53063, CVE-2024-36015, CVE-2021-47163, CVE-2024-56651,
CVE-2024-49925, CVE-2023-52664, CVE-2021-47219, CVE-2024-50256,
CVE-2024-53066, CVE-2024-49944, CVE-2024-56598, CVE-2024-56650,
CVE-2024-26996, CVE-2024-35864, CVE-2024-56770, CVE-2024-26915,
CVE-2023-52927)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1142-oracle 4.15.0-1142.153
Available with Ubuntu Pro
linux-image-4.15.0-1163-kvm 4.15.0-1163.168
Available with Ubuntu Pro
linux-image-4.15.0-1173-gcp 4.15.0-1173.190
Available with Ubuntu Pro
linux-image-4.15.0-1180-aws 4.15.0-1180.193
Available with Ubuntu Pro
linux-image-4.15.0-237-generic 4.15.0-237.249
Available with Ubuntu Pro
linux-image-4.15.0-237-lowlatency 4.15.0-237.249
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1180.178
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1173.186
Available with Ubuntu Pro
linux-image-generic 4.15.0.237.221
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1163.154
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.237.221
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1142.147
Available with Ubuntu Pro
linux-image-virtual 4.15.0.237.221
Available with Ubuntu Pro

Ubuntu 16.04 LTS
linux-image-4.15.0-1142-oracle 4.15.0-1142.153~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1173-gcp 4.15.0-1173.190~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1180-aws 4.15.0-1180.193~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-237-generic 4.15.0-237.249~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-237-lowlatency 4.15.0-237.249~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1180.193~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1173.190~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.237.249~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1173.190~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.237.249~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.237.249~16.04.1
Available with Ubuntu Pro
linux-image-oracle 4.15.0.1142.153~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.237.249~16.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7496-1
CVE-2021-47150, CVE-2021-47163, CVE-2021-47191, CVE-2021-47219,
CVE-2023-52458, CVE-2023-52664, CVE-2023-52741, CVE-2023-52927,
CVE-2024-26689, CVE-2024-26915, CVE-2024-26974, CVE-2024-26996,
CVE-2024-35864, CVE-2024-36015, CVE-2024-36934, CVE-2024-46771,
CVE-2024-46780, CVE-2024-49925, CVE-2024-49944, CVE-2024-50237,
CVE-2024-50256, CVE-2024-50296, CVE-2024-53063, CVE-2024-53066,
CVE-2024-53140, CVE-2024-53173, CVE-2024-56598, CVE-2024-56631,
CVE-2024-56642, CVE-2024-56650, CVE-2024-56651, CVE-2024-56770,
CVE-2025-21971



[USN-7494-5] Linux kernel (Azure FIPS) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7494-5
May 07, 2025

linux-azure-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Netfilter;
(CVE-2023-52664, CVE-2023-52927)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1088-azure-fips 5.15.0-1088.97+fips1
Available with Ubuntu Pro
linux-image-azure-fips 5.15.0.1088.73
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7494-5
https://ubuntu.com/security/notices/USN-7494-4
https://ubuntu.com/security/notices/USN-7494-3
https://ubuntu.com/security/notices/USN-7494-2
https://ubuntu.com/security/notices/USN-7494-1
CVE-2023-52664, CVE-2023-52927

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-fips/5.15.0-1088.97+fips1



[USN-7494-4] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7494-4
May 07, 2025

linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15
vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems
- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems
- linux-azure-fde-5.15: Linux kernel for Microsoft Azure CVM cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Netfilter;
(CVE-2023-52927, CVE-2023-52664)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1088-azure 5.15.0-1088.97
linux-image-5.15.0-1088-azure-fde 5.15.0-1088.97.1
linux-image-azure-fde-lts-22.04 5.15.0.1088.97.65
linux-image-azure-lts-22.04 5.15.0.1088.86

Ubuntu 20.04 LTS
linux-image-5.15.0-1088-azure 5.15.0-1088.97~20.04.1
linux-image-5.15.0-1088-azure-fde 5.15.0-1088.97~20.04.1.1
linux-image-azure 5.15.0.1088.97~20.04.1
linux-image-azure-cvm 5.15.0.1088.97~20.04.1
linux-image-azure-fde 5.15.0.1088.97~20.04.1.63

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7494-4
https://ubuntu.com/security/notices/USN-7494-3
https://ubuntu.com/security/notices/USN-7494-2
https://ubuntu.com/security/notices/USN-7494-1
CVE-2023-52664, CVE-2023-52927

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1088.97
https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1088.97.1
https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1088.97~20.04.1
https://launchpad.net/ubuntu/+source/linux-azure-fde-5.15/5.15.0-1088.97~20.04.1.1



[USN-7500-1] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7500-1
May 07, 2025

linux-azure vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Bluetooth drivers;
- Microsoft Azure Network Adapter (MANA) driver;
(CVE-2025-21953, CVE-2024-56653)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1028-azure 6.8.0-1028.33
linux-image-6.8.0-1028-azure-fde 6.8.0-1028.33
linux-image-azure-fde-lts-24.04 6.8.0-1028.33
linux-image-azure-lts-24.04 6.8.0-1028.33

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7500-1
CVE-2024-56653, CVE-2025-21953

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1028.33



[USN-7499-1] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7499-1
May 07, 2025

linux-azure, linux-azure-6.11 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
- linux-azure-6.11: Linux kernel for Microsoft Azure cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Microsoft Azure Network Adapter (MANA) driver;
- Timer subsystem;
(CVE-2025-21813, CVE-2025-21953)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
linux-image-6.11.0-1014-azure 6.11.0-1014.14
linux-image-6.11.0-1014-azure-fde 6.11.0-1014.14
linux-image-azure 6.11.0-1014.14
linux-image-azure-fde 6.11.0-1014.14

Ubuntu 24.04 LTS
linux-image-6.11.0-1014-azure 6.11.0-1014.14~24.04.1
linux-image-6.11.0-1014-azure-fde 6.11.0-1014.14~24.04.1
linux-image-azure 6.11.0-1014.14~24.04.1
linux-image-azure-fde 6.11.0-1014.14~24.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7499-1
CVE-2025-21813, CVE-2025-21953

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/6.11.0-1014.14
https://launchpad.net/ubuntu/+source/linux-azure-6.11/6.11.0-1014.14~24.04.1



[USN-7489-2] Linux kernel (Real-time) vulnerability


==========================================================================
Ubuntu Security Notice USN-7489-2
May 07, 2025

linux-realtime vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10

Summary:

The system could be made to crash under certain conditions.

Software Description:
- linux-realtime: Linux kernel for Real-time systems

Details:

A security issue was discovered in the Linux kernel.
An attacker could possibly use this to compromise the system.
This update corrects flaws in the following subsystems:
- Timer subsystem;
(CVE-2025-21813)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
linux-image-6.11.0-1009-realtime 6.11.0-1009.9
Available with Ubuntu Pro
linux-image-realtime 6.11.0-1009.9
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7489-2
https://ubuntu.com/security/notices/USN-7489-1
CVE-2025-21813

Package Information:
https://launchpad.net/ubuntu/+source/linux-realtime/6.11.0-1009.9



[USN-7500-2] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7500-2
May 07, 2025

linux-azure-6.8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-6.8: Linux kernel for Microsoft Azure cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Bluetooth drivers;
- Microsoft Azure Network Adapter (MANA) driver;
(CVE-2024-56653, CVE-2025-21953)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-6.8.0-1028-azure 6.8.0-1028.33~22.04.1
linux-image-6.8.0-1028-azure-fde 6.8.0-1028.33~22.04.1
linux-image-azure 6.8.0-1028.33~22.04.1
linux-image-azure-fde 6.8.0-1028.33~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7500-2
https://ubuntu.com/security/notices/USN-7500-1
CVE-2024-56653, CVE-2025-21953

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-6.8/6.8.0-1028.33~22.04.1



[USN-7496-4] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7496-4
May 07, 2025

linux-azure vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Character device driver;
- Hardware crypto device drivers;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- USB Gadget drivers;
- Framebuffer layer;
- Ceph distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- NILFS2 file system;
- SMB network file system;
- Netfilter;
- CAN network layer;
- IPv6 networking;
- MAC80211 subsystem;
- Netlink;
- Network traffic control;
- SCTP protocol;
- TIPC protocol;
(CVE-2025-21971, CVE-2024-50237, CVE-2023-52927, CVE-2023-52458,
CVE-2021-47163, CVE-2024-26689, CVE-2024-53066, CVE-2021-47191,
CVE-2021-47219, CVE-2024-56770, CVE-2024-46780, CVE-2024-56598,
CVE-2023-52741, CVE-2024-53173, CVE-2021-47150, CVE-2024-50296,
CVE-2024-56631, CVE-2024-53063, CVE-2024-56642, CVE-2024-50256,
CVE-2024-26974, CVE-2024-56651, CVE-2024-36934, CVE-2023-52664,
CVE-2024-26996, CVE-2024-26915, CVE-2024-46771, CVE-2024-56650,
CVE-2024-53140, CVE-2024-49925, CVE-2024-36015, CVE-2024-49944,
CVE-2024-35864)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
linux-image-4.15.0-1188-azure 4.15.0-1188.203~14.04.1
Available with Ubuntu Pro
linux-image-azure 4.15.0.1188.203~14.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7496-4
https://ubuntu.com/security/notices/USN-7496-3
https://ubuntu.com/security/notices/USN-7496-2
https://ubuntu.com/security/notices/USN-7496-1
CVE-2021-47150, CVE-2021-47163, CVE-2021-47191, CVE-2021-47219,
CVE-2023-52458, CVE-2023-52664, CVE-2023-52741, CVE-2023-52927,
CVE-2024-26689, CVE-2024-26915, CVE-2024-26974, CVE-2024-26996,
CVE-2024-35864, CVE-2024-36015, CVE-2024-36934, CVE-2024-46771,
CVE-2024-46780, CVE-2024-49925, CVE-2024-49944, CVE-2024-50237,
CVE-2024-50256, CVE-2024-50296, CVE-2024-53063, CVE-2024-53066,
CVE-2024-53140, CVE-2024-53173, CVE-2024-56598, CVE-2024-56631,
CVE-2024-56642, CVE-2024-56650, CVE-2024-56651, CVE-2024-56770,
CVE-2025-21971



[USN-7496-3] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7496-3
May 07, 2025

linux-azure, linux-azure-4.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Character device driver;
- Hardware crypto device drivers;
- GPU drivers;
- Media drivers;
- Network drivers;
- SCSI subsystem;
- USB Gadget drivers;
- Framebuffer layer;
- Ceph distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) client;
- NILFS2 file system;
- SMB network file system;
- Netfilter;
- CAN network layer;
- IPv6 networking;
- MAC80211 subsystem;
- Netlink;
- Network traffic control;
- SCTP protocol;
- TIPC protocol;
(CVE-2023-52741, CVE-2024-56631, CVE-2024-50296, CVE-2024-50256,
CVE-2024-50237, CVE-2021-47219, CVE-2024-49944, CVE-2024-26915,
CVE-2024-56642, CVE-2023-52664, CVE-2024-36934, CVE-2023-52458,
CVE-2024-35864, CVE-2024-56598, CVE-2025-21971, CVE-2024-53063,
CVE-2023-52927, CVE-2024-46771, CVE-2024-49925, CVE-2024-53140,
CVE-2024-36015, CVE-2024-26689, CVE-2024-53173, CVE-2021-47191,
CVE-2024-56770, CVE-2024-56650, CVE-2021-47150, CVE-2021-47163,
CVE-2024-46780, CVE-2024-56651, CVE-2024-26996, CVE-2024-26974,
CVE-2024-53066)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
linux-image-4.15.0-1188-azure 4.15.0-1188.203
Available with Ubuntu Pro
linux-image-azure-lts-18.04 4.15.0.1188.156
Available with Ubuntu Pro

Ubuntu 16.04 LTS
linux-image-4.15.0-1188-azure 4.15.0-1188.203~16.04.1
Available with Ubuntu Pro
linux-image-azure 4.15.0.1188.203~16.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7496-3
https://ubuntu.com/security/notices/USN-7496-2
https://ubuntu.com/security/notices/USN-7496-1
CVE-2021-47150, CVE-2021-47163, CVE-2021-47191, CVE-2021-47219,
CVE-2023-52458, CVE-2023-52664, CVE-2023-52741, CVE-2023-52927,
CVE-2024-26689, CVE-2024-26915, CVE-2024-26974, CVE-2024-26996,
CVE-2024-35864, CVE-2024-36015, CVE-2024-36934, CVE-2024-46771,
CVE-2024-46780, CVE-2024-49925, CVE-2024-49944, CVE-2024-50237,
CVE-2024-50256, CVE-2024-50296, CVE-2024-53063, CVE-2024-53066,
CVE-2024-53140, CVE-2024-53173, CVE-2024-56598, CVE-2024-56631,
CVE-2024-56642, CVE-2024-56650, CVE-2024-56651, CVE-2024-56770,
CVE-2025-21971



[USN-7495-3] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7495-3
May 07, 2025

linux-azure vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Ceph distributed file system;
- Netfilter;
(CVE-2023-52664, CVE-2024-26689, CVE-2023-52927)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.4.0-1150-azure 5.4.0-1150.157
linux-image-azure-lts-20.04 5.4.0.1150.144

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7495-3
https://ubuntu.com/security/notices/USN-7495-2
https://ubuntu.com/security/notices/USN-7495-1
CVE-2023-52664, CVE-2023-52927, CVE-2024-26689

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1150.157



[USN-7490-3] libsoup vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7490-3
May 07, 2025

libsoup3 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in libsoup.

Software Description:
- libsoup3: HTTP client/server library for GNOME

Details:

USN-7490-1 fixed vulnerabilities in libsoup2.4. This update provides the
corresponding updates for libsoup3.

Original advisory details:

 Tan Wei Chong discovered that libsoup incorrectly handled memory when
 parsing HTTP request headers. An attacker could possibly use this issue to
 send a maliciously crafted HTTP request to the server, causing a denial of
 service. (CVE-2025-32906)

 Alon Zahavi discovered that libsoup incorrectly parsed video files. An
 attacker could possibly use this issue to send a maliciously crafted HTTP
 response back to the client, causing a denial of service, or leading to
 undefined behavior. (CVE-2025-32909)

 Jan Różański discovered that libsoup incorrectly handled memory when
 parsing authentication headers. An attacker could possibly use this issue
 to send a maliciously crafted HTTP response back to the client, causing a
 denial of service. (CVE-2025-32910, CVE-2025-32912)

 It was discovered that libsoup incorrectly handled data in the hash table
 data type. An attacker could possibly use this issue to send a maliciously
 crafted HTTP request to the server, causing a denial of service or remote
 code execution. (CVE-2025-32911)

 Jan Różański discovered that libsoup incorrectly handled memory when
 parsing the content disposition HTTP header. An attacker could possibly
 use this issue to send maliciously crafted data to a client or server,
 causing a denial of service. (CVE-2025-32913)

 Alon Zahavi discovered that libsoup incorrectly handled memory when
 parsing HTTP requests. An attacker could possibly use this issue to send a
 maliciously crafted HTTP request to the server, causing a denial of
 service or obtaining sensitive information. (CVE-2025-32914)

 It was discovered that libsoup incorrectly handled memory when parsing
 quality-list headers. An attacker could possibly use this issue to send a
 maliciously crafted HTTP request to the server, causing a denial of
 service. (CVE-2025-46420)

 Jan Różański discovered that libsoup did not strip authorization
 information upon redirects. An attacker could possibly use this issue to
 obtain sensitive information. (CVE-2025-46421)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
  libsoup-3.0-0                   3.6.0-2ubuntu0.3

Ubuntu 24.04 LTS
  libsoup-3.0-0                   3.4.4-5ubuntu0.3

Ubuntu 22.04 LTS
  libsoup-3.0-0                   3.0.7-0ubuntu1+esm3
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7490-3
  https://ubuntu.com/security/notices/USN-7490-2
  https://ubuntu.com/security/notices/USN-7490-1
  CVE-2025-32906, CVE-2025-32909, CVE-2025-32910, CVE-2025-32911,
  CVE-2025-32912, CVE-2025-32913, CVE-2025-32914, CVE-2025-46420,
  CVE-2025-46421

Package Information:
  https://launchpad.net/ubuntu/+source/libsoup3/3.6.0-2ubuntu0.3
  https://launchpad.net/ubuntu/+source/libsoup3/3.4.4-5ubuntu0.3



[USN-7502-1] Horde Css Parser vulnerability


==========================================================================

Ubuntu Security Notice USN-7502-1
May 07, 2025

php-horde-css-parser vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Horde Css Parser could be made to crash or run programs as your login if
it opened a specially crafted file.

Software Description:
- php-horde-css-parser: ${phppear:summary}

Details:

It was discovered that Horde Css Parser did not correctly handle
parsing uncontrolled CSS data. An attacker could possibly use
this issue to perform remote code execution. (CVE-2020-13756)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  php-horde-css-parser            1.0.11-1ubuntu1+esm1
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  php-horde-css-parser            1.0.8-1ubuntu1+esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7502-1
( https://ubuntu.com/security/notices/USN-7502-1)
  CVE-2020-13756



[USN-7501-2] Django vulnerability


==========================================================================
Ubuntu Security Notice USN-7501-2
May 07, 2025

python-django vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS

Summary:

Django could be made to crash if it received specially crafted network
traffic.

Software Description:
- python-django: High-level Python web development framework

Details:

USN-7501-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 18.04 LTS.

Original advisory details:

Elias Myllymäki discovered that Django incorrectly handled stripping large
sequences of incomplete HTML tags. A remote attacker could possibly use
this issue to cause Django to consume resources, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
python-django 1:1.11.11-1ubuntu1.21+esm11
Available with Ubuntu Pro
python3-django 1:1.11.11-1ubuntu1.21+esm11
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7501-2
https://ubuntu.com/security/notices/USN-7501-1
CVE-2025-32873



[USN-7501-1] Django vulnerability


==========================================================================
Ubuntu Security Notice USN-7501-1
May 07, 2025

python-django vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Django could be made to crash if it received specially crafted network
traffic.

Software Description:
- python-django: High-level Python web development framework

Details:

Elias Myllymäki discovered that Django incorrectly handled stripping large
sequences of incomplete HTML tags. A remote attacker could possibly use
this issue to cause Django to consume resources, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
python3-django 3:4.2.18-1ubuntu1.1

Ubuntu 24.10
python3-django 3:4.2.15-1ubuntu1.4

Ubuntu 24.04 LTS
python3-django 3:4.2.11-1ubuntu1.7

Ubuntu 22.04 LTS
python3-django 2:3.2.12-2ubuntu1.18

Ubuntu 20.04 LTS
python3-django 2:2.2.12-1ubuntu0.29

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7501-1
CVE-2025-32873

Package Information:
https://launchpad.net/ubuntu/+source/python-django/3:4.2.18-1ubuntu1.1
https://launchpad.net/ubuntu/+source/python-django/3:4.2.15-1ubuntu1.4
https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.7
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.18
https://launchpad.net/ubuntu/+source/python-django/2:2.2.12-1ubuntu0.29


Java-17-OpenJDK, Sqlite3, RabbitMQ-Server, and more updates for SUSE Linux

MariaDB 10.5 and Chromium updates for Debian

Windows

Linux

macOS

Community

  • Artsyl
    ONTARIO, CANADA – May 13, 2025 — Artsyl Technologies, a ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...