[USN-7550-4] Linux kernel (Azure CVM) vulnerabilities
[USN-7554-3] Linux kernel (FIPS) vulnerabilities
[USN-7554-2] Linux kernel vulnerabilities
[USN-7553-1] Linux kernel vulnerabilities
[USN-7552-1] Wireshark vulnerabilities
[USN-7555-1] Django vulnerability
[USN-7550-4] Linux kernel (Azure CVM) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7550-4
June 04, 2025
linux-azure-fde vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure-fde: Linux kernel for Microsoft Azure CVM cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Sun RPC protocol;
(CVE-2024-53168, CVE-2024-56551, CVE-2024-56608)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1090-azure-fde 5.15.0-1090.99.1
linux-image-azure-fde-lts-22.04 5.15.0.1090.99.67
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7550-4
https://ubuntu.com/security/notices/USN-7550-3
https://ubuntu.com/security/notices/USN-7550-2
https://ubuntu.com/security/notices/USN-7550-1
CVE-2024-53168, CVE-2024-56551, CVE-2024-56608
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-fde/5.15.0-1090.99.1
[USN-7554-3] Linux kernel (FIPS) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7554-3
June 04, 2025
linux-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-fips: Linux kernel with FIPS
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-42301, CVE-2024-26966, CVE-2023-52458, CVE-2024-47701,
CVE-2024-53155, CVE-2021-47211, CVE-2024-57850, CVE-2024-56551,
CVE-2021-47353, CVE-2024-56596, CVE-2024-53168)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
linux-image-4.4.0-1114-fips 4.4.0-1114.121
Available with Ubuntu Pro
linux-image-fips 4.4.0.1114.115
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7554-3
https://ubuntu.com/security/notices/USN-7554-2
https://ubuntu.com/security/notices/USN-7554-1
CVE-2021-47211, CVE-2021-47353, CVE-2023-52458, CVE-2024-26966,
CVE-2024-42301, CVE-2024-47701, CVE-2024-53155, CVE-2024-53168,
CVE-2024-56551, CVE-2024-56596, CVE-2024-57850
Package Information:
https://launchpad.net/ubuntu/+source/linux-fips/4.4.0-1114.121
[USN-7554-2] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7554-2
June 04, 2025
linux-aws, linux-lts-xenial vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-42301, CVE-2024-53168, CVE-2024-57850, CVE-2024-47701,
CVE-2021-47211, CVE-2023-52458, CVE-2024-56551, CVE-2024-26966,
CVE-2024-53155, CVE-2024-56596, CVE-2021-47353)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
linux-image-4.4.0-1144-aws 4.4.0-1144.150
Available with Ubuntu Pro
linux-image-4.4.0-269-generic 4.4.0-269.303~14.04.1
Available with Ubuntu Pro
linux-image-4.4.0-269-lowlatency 4.4.0-269.303~14.04.1
Available with Ubuntu Pro
linux-image-aws 4.4.0.1144.141
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7554-2
https://ubuntu.com/security/notices/USN-7554-1
CVE-2021-47211, CVE-2021-47353, CVE-2023-52458, CVE-2024-26966,
CVE-2024-42301, CVE-2024-47701, CVE-2024-53155, CVE-2024-53168,
CVE-2024-56551, CVE-2024-56596, CVE-2024-57850
[USN-7553-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7553-1
June 04, 2025
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Clock framework and drivers;
- GPU drivers;
- Parport drivers;
- Ext4 file system;
- JFFS2 file system;
- JFS file system;
- File systems infrastructure;
- Sun RPC protocol;
- USB sound devices;
(CVE-2024-42301, CVE-2024-53168, CVE-2024-47701, CVE-2021-47211,
CVE-2024-53155, CVE-2024-56596, CVE-2024-26966, CVE-2024-56551,
CVE-2024-57850)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1143-oracle 4.15.0-1143.154
Available with Ubuntu Pro
linux-image-4.15.0-1164-kvm 4.15.0-1164.169
Available with Ubuntu Pro
linux-image-4.15.0-1174-gcp 4.15.0-1174.191
Available with Ubuntu Pro
linux-image-4.15.0-1181-aws 4.15.0-1181.194
Available with Ubuntu Pro
linux-image-4.15.0-238-generic 4.15.0-238.250
Available with Ubuntu Pro
linux-image-4.15.0-238-lowlatency 4.15.0-238.250
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1181.179
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1174.187
Available with Ubuntu Pro
linux-image-generic 4.15.0.238.222
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1164.155
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.238.222
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1143.148
Available with Ubuntu Pro
linux-image-virtual 4.15.0.238.222
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1143-oracle 4.15.0-1143.154~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1174-gcp 4.15.0-1174.191~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1181-aws 4.15.0-1181.194~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-238-generic 4.15.0-238.250~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-238-lowlatency 4.15.0-238.250~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1181.194~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1174.191~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.238.250~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1174.191~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.238.250~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.238.250~16.04.1
Available with Ubuntu Pro
linux-image-oracle 4.15.0.1143.154~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.238.250~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7553-1
CVE-2021-47211, CVE-2024-26966, CVE-2024-42301, CVE-2024-47701,
CVE-2024-53155, CVE-2024-53168, CVE-2024-56551, CVE-2024-56596,
CVE-2024-57850
[USN-7552-1] Wireshark vulnerabilities
MIME-Version: 1.0
==========================================================================
Ubuntu Security Notice USN-7552-1
June 04, 2025
wireshark vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Wireshark.
Software Description:
- wireshark: network traffic analyzer
Details:
It was discovered that Wireshark did not correctly handle recursion. If a
user or system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to cause a denial of service. This
issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-39929)
Roman Donchenko discovered that Wireshark did not correctly handle
parsing certain files. If a user or system were tricked into opening a
specially crafted file, an attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2021-4182)
It was discovered that Wireshark did not correctly handle parsing
certain files. If a user or system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-4185, CVE-2022-0581)
It was discovered that Wireshark did not correctly handle parsing
certain files. If a user or system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-4186)
Sharon Brizinov discovered that Wireshark did not correctly handle
parsing certain files. If a user or system were tricked into opening a
specially crafted file, an attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2022-0582, CVE-2022-0583, CVE-2022-0586)
Sharon Brizinov discovered that Wireshark did not correctly handle
parsing certain files. If a user or system were tricked into opening a
specially crafted file, an attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2022-0585)
Jason Cohen discovered that Wireshark did not correctly handle parsing
certain files. If a user or system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 22.04 LTS.
(CVE-2022-3190)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libwireshark15 3.6.2-2ubuntu0.1~esm1
Available with Ubuntu Pro
tshark 3.6.2-2ubuntu0.1~esm1
Available with Ubuntu Pro
wireshark 3.6.2-2ubuntu0.1~esm1
Available with Ubuntu Pro
wireshark-common 3.6.2-2ubuntu0.1~esm1
Available with Ubuntu Pro
wireshark-gtk 3.6.2-2ubuntu0.1~esm1
Available with Ubuntu Pro
wireshark-qt 3.6.2-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libwireshark13 3.2.3-1ubuntu0.1~esm2
Available with Ubuntu Pro
tshark 3.2.3-1ubuntu0.1~esm2
Available with Ubuntu Pro
wireshark 3.2.3-1ubuntu0.1~esm2
Available with Ubuntu Pro
wireshark-common 3.2.3-1ubuntu0.1~esm2
Available with Ubuntu Pro
wireshark-gtk 3.2.3-1ubuntu0.1~esm2
Available with Ubuntu Pro
wireshark-qt 3.2.3-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libwireshark11 2.6.10-1~ubuntu18.04.0+esm2
Available with Ubuntu Pro
tshark 2.6.10-1~ubuntu18.04.0+esm2
Available with Ubuntu Pro
wireshark 2.6.10-1~ubuntu18.04.0+esm2
Available with Ubuntu Pro
wireshark-common 2.6.10-1~ubuntu18.04.0+esm2
Available with Ubuntu Pro
wireshark-gtk 2.6.10-1~ubuntu18.04.0+esm2
Available with Ubuntu Pro
wireshark-qt 2.6.10-1~ubuntu18.04.0+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libwireshark11 2.6.10-1~ubuntu16.04.0+esm2
Available with Ubuntu Pro
tshark 2.6.10-1~ubuntu16.04.0+esm2
Available with Ubuntu Pro
wireshark 2.6.10-1~ubuntu16.04.0+esm2
Available with Ubuntu Pro
wireshark-common 2.6.10-1~ubuntu16.04.0+esm2
Available with Ubuntu Pro
wireshark-gtk 2.6.10-1~ubuntu16.04.0+esm2
Available with Ubuntu Pro
wireshark-qt 2.6.10-1~ubuntu16.04.0+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libwireshark11 2.6.10-1~ubuntu14.04.0~esm3
Available with Ubuntu Pro
tshark 2.6.10-1~ubuntu14.04.0~esm3
Available with Ubuntu Pro
wireshark 2.6.10-1~ubuntu14.04.0~esm3
Available with Ubuntu Pro
wireshark-common 2.6.10-1~ubuntu14.04.0~esm3
Available with Ubuntu Pro
wireshark-gtk 2.6.10-1~ubuntu14.04.0~esm3
Available with Ubuntu Pro
wireshark-qt 2.6.10-1~ubuntu14.04.0~esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7552-1
CVE-2021-39929, CVE-2021-4182, CVE-2021-4185, CVE-2021-4186,
CVE-2022-0581, CVE-2022-0582, CVE-2022-0583, CVE-2022-0585,
CVE-2022-0586, CVE-2022-3190
[USN-7555-1] Django vulnerability
==========================================================================
Ubuntu Security Notice USN-7555-1
June 04, 2025
python-django vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Django could be made to log injection if received specially
crafted input.
Software Description:
- python-django: High-level Python web development framework
Details:
It was discovered that Django incorrectly handled certain
unescaped request paths. An attacker could possibly use this
issue to perform a log injection.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
python3-django 3:4.2.18-1ubuntu1.2
Ubuntu 24.10
python3-django 3:4.2.15-1ubuntu1.5
Ubuntu 24.04 LTS
python3-django 3:4.2.11-1ubuntu1.8
Ubuntu 22.04 LTS
python3-django 2:3.2.12-2ubuntu1.19
Ubuntu 20.04 LTS
python3-django 2:2.2.12-1ubuntu0.29+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7555-1
CVE-2025-48432
Package Information:
https://launchpad.net/ubuntu/+source/python-django/3:4.2.18-1ubuntu1.2
https://launchpad.net/ubuntu/+source/python-django/3:4.2.15-1ubuntu1.5
https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.8
https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.19
