[USN-7906-1] Linux kernel vulnerabilities
[USN-7908-1] PostgreSQL vulnerabilities
[USN-7861-5] Linux kernel vulnerabilities
[USN-7907-2] Linux kernel (FIPS) vulnerabilities
[USN-7907-1] Linux kernel vulnerabilities
[USN-7905-1] KDE Connect vulnerability
[USN-7904-1] Ghostscript vulnerabilities
[USN-7906-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7906-1
December 03, 2025
linux, linux-aws, linux-realtime vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-realtime: Linux kernel for Real-time systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- Cryptographic API;
- Android drivers;
- TTY drivers;
- F2FS file system;
- 9P file system network protocol;
(CVE-2025-40025, CVE-2025-40026, CVE-2025-40027, CVE-2025-40028,
CVE-2025-40108, CVE-2025-40109)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
linux-image-6.17.0-1003-realtime 6.17.0-1003.4
linux-image-6.17.0-1004-aws 6.17.0-1004.4
linux-image-6.17.0-1004-aws-64k 6.17.0-1004.4
linux-image-6.17.0-7-generic 6.17.0-7.7
linux-image-6.17.0-7-generic-64k 6.17.0-7.7
linux-image-aws 6.17.0-1004.4
linux-image-aws-6.17 6.17.0-1004.4
linux-image-aws-64k 6.17.0-1004.4
linux-image-aws-64k-6.17 6.17.0-1004.4
linux-image-generic 6.17.0-7.7
linux-image-generic-6.17 6.17.0-7.7
linux-image-generic-64k 6.17.0-7.7
linux-image-generic-64k-6.17 6.17.0-7.7
linux-image-generic-64k-hwe-24.04 6.17.0-7.7
linux-image-generic-hwe-24.04 6.17.0-7.7
linux-image-oem-24.04 6.17.0-7.7
linux-image-oem-24.04c 6.17.0-7.7
linux-image-realtime 6.17.0-1003.4
linux-image-realtime-6.17 6.17.0-1003.4
linux-image-realtime-hwe-24.04 6.17.0-1003.4
linux-image-virtual 6.17.0-7.7
linux-image-virtual-6.17 6.17.0-7.7
linux-image-virtual-hwe-24.04 6.17.0-7.7
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7906-1
CVE-2025-40025, CVE-2025-40026, CVE-2025-40027, CVE-2025-40028,
CVE-2025-40108, CVE-2025-40109
Package Information:
https://launchpad.net/ubuntu/+source/linux/6.17.0-7.7
https://launchpad.net/ubuntu/+source/linux-aws/6.17.0-1004.4
https://launchpad.net/ubuntu/+source/linux-realtime/6.17.0-1003.4
[USN-7908-1] PostgreSQL vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7908-1
December 03, 2025
postgresql-14, postgresql-16, postgresql-17 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in PostgreSQL.
Software Description:
- postgresql-17: Object-relational SQL database
- postgresql-16: Object-relational SQL database
- postgresql-14: Object-relational SQL database
Details:
Jelte Fennema-Nio discovered that the PostgreSQL CREATE STATISTICS command
did not correctly check for schema CREATE privileges. An authenticated
attacker could possibly use this issue to create a denial of service
against other CREATE STATISTICS users. (CVE-2025-12817)
Aleksey Solovev discovered that the PostgreSQL libpq client library
incorrectly handled certain memory operations. A remote attacker could
possibly use this issue to cause libpq to crash, resulting in a denial of
service. (CVE-2025-12818)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
postgresql-17 17.7-0ubuntu0.25.10.1
Ubuntu 25.04
postgresql-17 17.7-0ubuntu0.25.04.1
Ubuntu 24.04 LTS
postgresql-16 16.11-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
postgresql-14 14.20-0ubuntu0.22.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart PostgreSQL to
make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7908-1
CVE-2025-12817, CVE-2025-12818
Package Information:
https://launchpad.net/ubuntu/+source/postgresql-17/17.7-0ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/postgresql-17/17.7-0ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/postgresql-16/16.11-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/postgresql-14/14.20-0ubuntu0.22.04.1
[USN-7861-5] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7861-5
December 03, 2025
linux-raspi, linux-raspi-realtime, linux-xilinx vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems
- linux-raspi-realtime: Linux kernel for Raspberry Pi Real-time systems
- linux-xilinx: Linux kernel for Xilinx systems
Details:
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HSI subsystem;
- Bluetooth subsystem;
- Timer subsystem;
(CVE-2025-37838, CVE-2025-38118, CVE-2025-38352)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-1019-xilinx 6.8.0-1019.20
linux-image-6.8.0-1042-raspi 6.8.0-1042.46
linux-image-6.8.0-2033-raspi-realtime 6.8.0-2033.34
Available with Ubuntu Pro
linux-image-raspi 6.8.0-1042.46
linux-image-raspi-6.8 6.8.0-1042.46
linux-image-raspi-realtime 6.8.0-2033.34
Available with Ubuntu Pro
linux-image-raspi-realtime-6.8 6.8.0-2033.34
Available with Ubuntu Pro
linux-image-xilinx 6.8.0.1019.20
linux-image-xilinx-6.8 6.8.0.1019.20
linux-image-xilinx-zynqmp 6.8.0.1019.20
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7861-5
https://ubuntu.com/security/notices/USN-7861-4
https://ubuntu.com/security/notices/USN-7861-3
https://ubuntu.com/security/notices/USN-7861-2
https://ubuntu.com/security/notices/USN-7861-1
CVE-2025-37838, CVE-2025-38118, CVE-2025-38352, CVE-2025-40300
Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1042.46
https://launchpad.net/ubuntu/+source/linux-raspi-realtime/6.8.0-2033.34
https://launchpad.net/ubuntu/+source/linux-xilinx/6.8.0-1019.20
[USN-7907-2] Linux kernel (FIPS) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7907-2
December 03, 2025
linux-aws-fips, linux-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- Hardware monitoring drivers;
- InfiniBand drivers;
- Mailbox framework;
- Network drivers;
- AFS file system;
- Ceph distributed file system;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- File systems infrastructure;
- KVM subsystem;
- L3 Master device support module;
- Tracing infrastructure;
- Memory management;
- Appletalk network protocol;
- Netfilter;
- Open vSwitch;
(CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935,
CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179,
CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083,
CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791,
CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-40018)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1142-fips 4.15.0-1142.154
Available with Ubuntu Pro
linux-image-4.15.0-2125-aws-fips 4.15.0-2125.131
Available with Ubuntu Pro
linux-image-aws-fips 4.15.0.2125.119
Available with Ubuntu Pro
linux-image-aws-fips-4.15 4.15.0.2125.119
Available with Ubuntu Pro
linux-image-fips 4.15.0.1142.139
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7907-2
https://ubuntu.com/security/notices/USN-7907-1
CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935,
CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179,
CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083,
CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791,
CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-40018
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/4.15.0-2125.131
https://launchpad.net/ubuntu/+source/linux-fips/4.15.0-1142.154
[USN-7907-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7907-1
December 03, 2025
linux, linux-aws, linux-aws-hwe, linux-kvm, linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- ACPI drivers;
- Hardware monitoring drivers;
- InfiniBand drivers;
- Mailbox framework;
- Network drivers;
- AFS file system;
- Ceph distributed file system;
- Network file system (NFS) server daemon;
- NILFS2 file system;
- File systems infrastructure;
- KVM subsystem;
- L3 Master device support module;
- Tracing infrastructure;
- Memory management;
- Appletalk network protocol;
- Netfilter;
- Open vSwitch;
(CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935,
CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179,
CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083,
CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791,
CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-40018)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1149-oracle 4.15.0-1149.160
Available with Ubuntu Pro
linux-image-4.15.0-1169-kvm 4.15.0-1169.174
Available with Ubuntu Pro
linux-image-4.15.0-1187-aws 4.15.0-1187.200
Available with Ubuntu Pro
linux-image-4.15.0-245-generic 4.15.0-245.257
Available with Ubuntu Pro
linux-image-4.15.0-245-lowlatency 4.15.0-245.257
Available with Ubuntu Pro
linux-image-aws-4.15 4.15.0.1187.185
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1187.185
Available with Ubuntu Pro
linux-image-generic 4.15.0.245.229
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.245.229
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1169.160
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.245.229
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.245.229
Available with Ubuntu Pro
linux-image-oracle-4.15 4.15.0.1149.154
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1149.154
Available with Ubuntu Pro
linux-image-virtual 4.15.0.245.229
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.245.229
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1187-aws 4.15.0-1187.200~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1187.200~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-7907-1
CVE-2021-47385, CVE-2022-49026, CVE-2022-49390, CVE-2024-49935,
CVE-2024-49963, CVE-2024-50067, CVE-2024-50095, CVE-2024-50179,
CVE-2024-53090, CVE-2024-53112, CVE-2024-53217, CVE-2024-58083,
CVE-2025-21715, CVE-2025-21722, CVE-2025-21761, CVE-2025-21791,
CVE-2025-21811, CVE-2025-21855, CVE-2025-37958, CVE-2025-38666,
CVE-2025-39964, CVE-2025-40018
[USN-7905-1] KDE Connect vulnerability
==========================================================================
Ubuntu Security Notice USN-7905-1
December 03, 2025
kdeconnect vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
Summary:
KDE Connect could allow authentication of impersonated devices.
Software Description:
- kdeconnect: connect smartphones to your desktop devices
Details:
It was discovered that KDE Connect incorrectly handled device IDs. An
attacker could possibly use this issue to bypass authentication and connect
an unpaired device.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
kdeconnect 25.08.1-0ubuntu2.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7905-1
CVE-2025-66270
Package Information:
https://launchpad.net/ubuntu/+source/kdeconnect/25.08.1-0ubuntu2.1
[USN-7904-1] Ghostscript vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7904-1
December 03, 2025
ghostscript vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Ghostscript could be made to crash if it wrote certain files.
Software Description:
- ghostscript: PostScript and PDF interpreter
Details:
Piotr Kajda discovered that Ghostscript incorrectly handled writing certain
files. An attacker could possibly use this issue to cause Ghostscript to
crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
ghostscript 9.50~dfsg-5ubuntu4.15+esm2
Available with Ubuntu Pro
libgs9 9.50~dfsg-5ubuntu4.15+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ghostscript 9.26~dfsg+0-0ubuntu0.18.04.18+esm5
Available with Ubuntu Pro
libgs9 9.26~dfsg+0-0ubuntu0.18.04.18+esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ghostscript 9.26~dfsg+0-0ubuntu0.16.04.14+esm10
Available with Ubuntu Pro
libgs9 9.26~dfsg+0-0ubuntu0.16.04.14+esm10
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7904-1
CVE-2025-59798, CVE-2025-59799
