Ubuntu has released security notices for three vulnerabilities affecting various versions of its operating system. The first vulnerability, in libcaca, could cause a denial of service if a specially crafted file was opened. The second vulnerability, in Libxslt, could crash or exhibit undefined behavior when performing XML transformations on malicious input. The third vulnerability, in Net-SNMP, allows an attacker to potentially cause a denial of service by tricking a user into opening a specially crafted input file.

[USN-7943-1] libcaca vulnerability
[USN-7945-1] Libxslt vulnerability
[USN-7944-1] Net-SNMP vulnerability

[USN-7943-1] libcaca vulnerability

==========================================================================
Ubuntu Security Notice USN-7943-1
January 07, 2026

libcaca vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

libcaca could be made to crash if it opened a specially crafted file.

Software Description:
- libcaca: text mode graphics utilities

Details:

Han Zheng discovered that libcaca incorrectly handled certain images.
An attacker could possibly use this issue to cause libcaca to crash.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
caca-utils 0.99.beta20-5ubuntu0.25.10.1
libcaca0 0.99.beta20-5ubuntu0.25.10.1

Ubuntu 25.04
caca-utils 0.99.beta20-5ubuntu0.25.04.1
libcaca0 0.99.beta20-5ubuntu0.25.04.1

Ubuntu 24.04 LTS
caca-utils 0.99.beta20-4ubuntu0.1
libcaca0 0.99.beta20-4ubuntu0.1

Ubuntu 22.04 LTS
caca-utils 0.99.beta19-2.2ubuntu4.1
libcaca0 0.99.beta19-2.2ubuntu4.1

Ubuntu 20.04 LTS
caca-utils 0.99.beta19-2.1ubuntu1.20.04.2+esm1
Available with Ubuntu Pro
libcaca0 0.99.beta19-2.1ubuntu1.20.04.2+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
caca-utils 0.99.beta19-2ubuntu0.18.04.3+esm1
Available with Ubuntu Pro
libcaca0 0.99.beta19-2ubuntu0.18.04.3+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
caca-utils 0.99.beta19-2ubuntu0.16.04.2+esm2
Available with Ubuntu Pro
libcaca0 0.99.beta19-2ubuntu0.16.04.2+esm2
Available with Ubuntu Pro

Ubuntu 14.04 LTS
caca-utils 0.99.beta18-1ubuntu5.1+esm3
Available with Ubuntu Pro
libcaca0 0.99.beta18-1ubuntu5.1+esm3
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7943-1
CVE-2022-0856

Package Information:
https://launchpad.net/ubuntu/+source/libcaca/0.99.beta20-5ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/libcaca/0.99.beta20-5ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/libcaca/0.99.beta20-4ubuntu0.1
https://launchpad.net/ubuntu/+source/libcaca/0.99.beta19-2.2ubuntu4.1

[USN-7945-1] Libxslt vulnerability

==========================================================================
Ubuntu Security Notice USN-7945-1
January 07, 2026

libxslt vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Libxslt could be made to crash or exhibit undefined behavior if it opened a
specially crafted file.

Software Description:
- libxslt: XSLT processing library

Details:

Ivan Fratric discovered that Libxslt was vulnerable to type confusion when
performing XML transformations. An attacker could possibly use this issue
to cause Libxslt to crash or corrupt memory, causing a denial of service or
undefined behavior.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libxslt1.1 1.1.39-0exp1ubuntu4.1
xsltproc 1.1.39-0exp1ubuntu4.1

Ubuntu 24.04 LTS
libxslt1.1 1.1.39-0exp1ubuntu0.24.04.3
xsltproc 1.1.39-0exp1ubuntu0.24.04.3

Ubuntu 22.04 LTS
libxslt1.1 1.1.34-4ubuntu0.22.04.5
xsltproc 1.1.34-4ubuntu0.22.04.5

Ubuntu 20.04 LTS
libxslt1.1 1.1.34-4ubuntu0.20.04.3+esm2
Available with Ubuntu Pro
xsltproc 1.1.34-4ubuntu0.20.04.3+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libxslt1.1 1.1.29-5ubuntu0.3+esm3
Available with Ubuntu Pro
xsltproc 1.1.29-5ubuntu0.3+esm3
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libxslt1.1 1.1.28-2.1ubuntu0.3+esm4
Available with Ubuntu Pro
xsltproc 1.1.28-2.1ubuntu0.3+esm4
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libxslt1.1 1.1.28-2ubuntu0.2+esm5
Available with Ubuntu Pro
xsltproc 1.1.28-2ubuntu0.2+esm5
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7945-1
CVE-2025-7424

Package Information:
https://launchpad.net/ubuntu/+source/libxslt/1.1.39-0exp1ubuntu4.1
https://launchpad.net/ubuntu/+source/libxslt/1.1.39-0exp1ubuntu0.24.04.3
https://launchpad.net/ubuntu/+source/libxslt/1.1.34-4ubuntu0.22.04.5

[USN-7944-1] Net-SNMP vulnerability

==========================================================================
Ubuntu Security Notice USN-7944-1
January 07, 2026

net-snmp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Net-SNMP could be made to crash if it received specially crafted
input.

Software Description:
- net-snmp: SNMP (Simple Network Management Protocol) server and applications

Details:

Bahae Bahrini discovered that Net-SNMP could be made to write out of
bounds. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use
this issue to cause a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libsnmp40t64 5.9.4+dfsg-2ubuntu2.1
snmp 5.9.4+dfsg-2ubuntu2.1
snmpd 5.9.4+dfsg-2ubuntu2.1

Ubuntu 25.04
libsnmp40t64 5.9.4+dfsg-1.1ubuntu7.1
snmp 5.9.4+dfsg-1.1ubuntu7.1
snmpd 5.9.4+dfsg-1.1ubuntu7.1

Ubuntu 24.04 LTS
libsnmp40t64 5.9.4+dfsg-1.1ubuntu3.2
snmp 5.9.4+dfsg-1.1ubuntu3.2
snmpd 5.9.4+dfsg-1.1ubuntu3.2

Ubuntu 22.04 LTS
libsnmp40 5.9.1+dfsg-1ubuntu2.9
snmp 5.9.1+dfsg-1ubuntu2.9
snmpd 5.9.1+dfsg-1ubuntu2.9

Ubuntu 20.04 LTS
libsnmp35 5.8+dfsg-2ubuntu2.9+esm2
Available with Ubuntu Pro
snmp 5.8+dfsg-2ubuntu2.9+esm2
Available with Ubuntu Pro
snmpd 5.8+dfsg-2ubuntu2.9+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libsnmp30 5.7.3+dfsg-1.8ubuntu3.8+esm1
Available with Ubuntu Pro
snmp 5.7.3+dfsg-1.8ubuntu3.8+esm1
Available with Ubuntu Pro
snmpd 5.7.3+dfsg-1.8ubuntu3.8+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libsnmp30 5.7.3+dfsg-1ubuntu4.6+esm2
Available with Ubuntu Pro
snmp 5.7.3+dfsg-1ubuntu4.6+esm2
Available with Ubuntu Pro
snmpd 5.7.3+dfsg-1ubuntu4.6+esm2
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libsnmp30 5.7.2~dfsg-8.1ubuntu3.3+esm4
Available with Ubuntu Pro
snmp 5.7.2~dfsg-8.1ubuntu3.3+esm4
Available with Ubuntu Pro
snmpd 5.7.2~dfsg-8.1ubuntu3.3+esm4
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7944-1
CVE-2025-68615

Package Information:
https://launchpad.net/ubuntu/+source/net-snmp/5.9.4+dfsg-2ubuntu2.1
https://launchpad.net/ubuntu/+source/net-snmp/5.9.4+dfsg-1.1ubuntu7.1
https://launchpad.net/ubuntu/+source/net-snmp/5.9.4+dfsg-1.1ubuntu3.2
https://launchpad.net/ubuntu/+source/net-snmp/5.9.1+dfsg-1ubuntu2.9