Ubuntu Linux has released several security updates to address various vulnerabilities. These include issues in libvirt, Tornado, GnuPG, Sodium, and GPSd. The updates aim to improve the security of Ubuntu systems by patching these vulnerabilities.

[USN-7047-1] libvirt vulnerabilities
[USN-7950-1] Tornado vulnerabilities
[USN-7946-2] GnuPG vulnerability
[USN-7946-1] GnuPG vulnerability
[USN-7949-1] Sodium vulnerability
[USN-7948-1] GPSd vulnerabilities

[USN-7047-1] libvirt vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7047-1
January 08, 2026

libvirt vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in libvirt.

Software Description:
- libvirt: Libvirt virtualization toolkit

Details:

It was discovered that libvirt parsed user-provided XML files before
performing ACL checks. An attacker could possibly use this issue to cause
libvirt to consume memory, resulting in a denial of service.
(CVE-2025-12748)

It was discovered that libvirt incorrectly handled permissions on external
inactive snapshots. A local attacker could possibly use this issue to
obtain sensitive guest contents. (CVE-2025-13193)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libvirt-daemon 11.6.0-1ubuntu3.2
libvirt-daemon-system 11.6.0-1ubuntu3.2
libvirt0 11.6.0-1ubuntu3.2

Ubuntu 25.04
libvirt-daemon 11.0.0-2ubuntu6.5
libvirt-daemon-system 11.0.0-2ubuntu6.5
libvirt0 11.0.0-2ubuntu6.5

Ubuntu 24.04 LTS
libvirt-daemon 10.0.0-2ubuntu8.11
libvirt-daemon-system 10.0.0-2ubuntu8.11
libvirt0 10.0.0-2ubuntu8.11

Ubuntu 22.04 LTS
libvirt-daemon 8.0.0-1ubuntu7.15
libvirt-daemon-system 8.0.0-1ubuntu7.15
libvirt0 8.0.0-1ubuntu7.15

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7047-1
CVE-2025-12748, CVE-2025-13193

Package Information:
https://launchpad.net/ubuntu/+source/libvirt/11.6.0-1ubuntu3.2
https://launchpad.net/ubuntu/+source/libvirt/11.0.0-2ubuntu6.5
https://launchpad.net/ubuntu/+source/libvirt/10.0.0-2ubuntu8.11
https://launchpad.net/ubuntu/+source/libvirt/8.0.0-1ubuntu7.15

[USN-7950-1] Tornado vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7950-1
January 08, 2026

python-tornado vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Tornado.

Software Description:
- python-tornado: scalable, non-blocking web server and tools

Details:

It was discovered that Tornado incorrectly handled special characters in
HTTP headers. An attacker could possibly use this issue to execute a cross-
site scripting (XSS) attack. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10.
(CVE-2025-67724)

It was discovered that Tornado incorrectly handled repeated HTTP headers.
An attacker could possibly use this issue to cause Tornado to use excessive
resources, causing a denial of service. (CVE-2025-67725)

It was discovered that Tornado incorrectly handled parsing of certain HTTP
header values. An attacker could possibly use this issue to cause Tornado
to use excessive resources, causing a denial of service. (CVE-2025-67726)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
python3-tornado 6.4.2-3ubuntu0.2

Ubuntu 25.04
python3-tornado 6.4.2-1ubuntu0.25.04.3

Ubuntu 24.04 LTS
python3-tornado 6.4.0-1ubuntu0.4

Ubuntu 22.04 LTS
python3-tornado 6.1.0-3ubuntu0.1~esm4
Available with Ubuntu Pro

Ubuntu 20.04 LTS
python3-tornado 6.0.3+really5.1.1-3ubuntu0.1~esm3
Available with Ubuntu Pro

Ubuntu 18.04 LTS
python-tornado 4.5.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
python3-tornado 4.5.3-1ubuntu0.2+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
python-tornado 4.2.1-1ubuntu3.1+esm2
Available with Ubuntu Pro
python3-tornado 4.2.1-1ubuntu3.1+esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7950-1
CVE-2025-67724, CVE-2025-67725, CVE-2025-67726

Package Information:
https://launchpad.net/ubuntu/+source/python-tornado/6.4.2-3ubuntu0.2
https://launchpad.net/ubuntu/+source/python-tornado/6.4.2-1ubuntu0.25.04.3
https://launchpad.net/ubuntu/+source/python-tornado/6.4.0-1ubuntu0.4

[USN-7946-2] GnuPG vulnerability

==========================================================================
Ubuntu Security Notice USN-7946-2
January 08, 2026

gnupg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

GnuPG could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- gnupg: GNU privacy guard - a free PGP replacement

Details:

USN-7946-1 fixed vulnerabilities in GnuPG 2.x.
This update provides the corresponding updates for GnuPG 1.x.

Original advisory details:
It was discovered that GnuPG incorrectly handled crafted input.
A remote attacker could possibly use this issue to crash the program,
or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
gnupg 1.4.20-1ubuntu3.3+esm3
Available with Ubuntu Pro
gpgv 1.4.20-1ubuntu3.3+esm3
Available with Ubuntu Pro

Ubuntu 14.04 LTS
gnupg 1.4.16-1ubuntu2.6+esm2
Available with Ubuntu Pro
gpgv 1.4.16-1ubuntu2.6+esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7946-2
https://ubuntu.com/security/notices/USN-7946-1
CVE-2025-68973

[USN-7946-1] GnuPG vulnerability

==========================================================================
Ubuntu Security Notice USN-7946-1
January 08, 2026

gnupg2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

GnuPG could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- gnupg2: GNU privacy guard - a free PGP replacement

Details:

It was discovered that GnuPG incorrectly handled crafted input.
A remote attacker could possibly use this issue to crash the program,
or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
gnupg 2.4.8-2ubuntu2.1
gnupg2 2.4.8-2ubuntu2.1
gpg 2.4.8-2ubuntu2.1

Ubuntu 25.04
gnupg 2.4.4-2ubuntu23.2
gnupg2 2.4.4-2ubuntu23.2
gpg 2.4.4-2ubuntu23.2

Ubuntu 24.04 LTS
gnupg 2.4.4-2ubuntu17.4
gnupg2 2.4.4-2ubuntu17.4
gpg 2.4.4-2ubuntu17.4

Ubuntu 22.04 LTS
gnupg 2.2.27-3ubuntu2.5
gnupg2 2.2.27-3ubuntu2.5
gpg 2.2.27-3ubuntu2.5

Ubuntu 20.04 LTS
gnupg 2.2.19-3ubuntu2.5+esm1
Available with Ubuntu Pro
gnupg2 2.2.19-3ubuntu2.5+esm1
Available with Ubuntu Pro
gpg 2.2.19-3ubuntu2.5+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
gnupg 2.2.4-1ubuntu1.6+esm2
Available with Ubuntu Pro
gnupg2 2.2.4-1ubuntu1.6+esm2
Available with Ubuntu Pro
gpg 2.2.4-1ubuntu1.6+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
gnupg2 2.1.11-6ubuntu2.1+esm3
Available with Ubuntu Pro
gpgv2 2.1.11-6ubuntu2.1+esm3
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7946-1
CVE-2025-68973

Package Information:
https://launchpad.net/ubuntu/+source/gnupg2/2.4.8-2ubuntu2.1
https://launchpad.net/ubuntu/+source/gnupg2/2.4.4-2ubuntu23.2
https://launchpad.net/ubuntu/+source/gnupg2/2.4.4-2ubuntu17.4
https://launchpad.net/ubuntu/+source/gnupg2/2.2.27-3ubuntu2.5

[USN-7949-1] Sodium vulnerability

==========================================================================
Ubuntu Security Notice USN-7949-1
January 08, 2026

libsodium vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Sodium could be made to expose sensitive information.

Software Description:
- libsodium: Network communication, cryptography and signaturing library

Details:

It was discovered that Sodium incorrectly handled the elliptic curve point
validity check in certain atypical use cases. This could result in invalid
points being used, contrary to expectations.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libsodium23 1.0.18-1ubuntu0.25.10.1

Ubuntu 25.04
libsodium23 1.0.18-1ubuntu0.25.04.1

Ubuntu 24.04 LTS
libsodium23 1.0.18-1ubuntu0.24.04.1

Ubuntu 22.04 LTS
libsodium23 1.0.18-1ubuntu0.22.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7949-1
CVE-2025-69277

Package Information:
https://launchpad.net/ubuntu/+source/libsodium/1.0.18-1ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/libsodium/1.0.18-1ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/libsodium/1.0.18-1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/libsodium/1.0.18-1ubuntu0.22.04.1

[USN-7948-1] GPSd vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7948-1
January 08, 2026

gpsd vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in GPSd.

Software Description:
- gpsd: Global Positioning System

Details:

It was discovered that GPSd incorrectly handled processing NMEA2000
packets. An attacker could use this issue to cause GPSd to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2025-67268)

It was discovered that GPSd incorrectly handled processing NAVCOM packets.
An attacker could possibly use this issue to cause GPSd to consume
resources, resulting in a denial of service. (CVE-2025-67269)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
gpsd 3.25-5ubuntu1.25.10.1
libgps30t64 3.25-5ubuntu1.25.10.1

Ubuntu 25.04
gpsd 3.25-5ubuntu1.25.04.1
libgps30t64 3.25-5ubuntu1.25.04.1

Ubuntu 24.04 LTS
gpsd 3.25-3ubuntu3.2
libgps30t64 3.25-3ubuntu3.2

Ubuntu 22.04 LTS
gpsd 3.22-4ubuntu2.1
libgps28 3.22-4ubuntu2.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7948-1
CVE-2025-67268, CVE-2025-67269

Package Information:
https://launchpad.net/ubuntu/+source/gpsd/3.25-5ubuntu1.25.10.1
https://launchpad.net/ubuntu/+source/gpsd/3.25-5ubuntu1.25.04.1
https://launchpad.net/ubuntu/+source/gpsd/3.25-3ubuntu3.2
https://launchpad.net/ubuntu/+source/gpsd/3.22-4ubuntu2.1