[USN-7345-1] .NET vulnerability
[USN-7337-1] LibreOffice vulnerability
[USN-7343-1] Jinja2 vulnerabilities
[USN-7346-1] OpenSC vulnerabilities
[USN-7299-3] X.Org X Server regression
[USN-7347-1] Netatalk vulnerabilities
[USN-7348-1] Python vulnerabilities
[USN-7350-1] UnRAR vulnerabilities
[USN-7349-1] RAR vulnerabilities
[USN-7343-2] Jinja2 regression
[USN-7345-1] .NET vulnerability
==========================================================================
Ubuntu Security Notice USN-7345-1
March 11, 2025
dotnet8, dotnet9 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
.NET could be made to elevate privileges.
Software Description:
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime
Details:
Zahid TOKAT discovered that .NET suffered from a weak authentication
vulnerability. An attacker could possibly use this issue to elevate
privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
aspnetcore-runtime-8.0 8.0.14-0ubuntu1~24.10.1
aspnetcore-runtime-9.0 9.0.3-0ubuntu1~24.10.1
dotnet-host-8.0 8.0.14-0ubuntu1~24.10.1
dotnet-host-9.0 9.0.3-0ubuntu1~24.10.1
dotnet-hostfxr-8.0 8.0.14-0ubuntu1~24.10.1
dotnet-hostfxr-9.0 9.0.3-0ubuntu1~24.10.1
dotnet-runtime-8.0 8.0.14-0ubuntu1~24.10.1
dotnet-runtime-9.0 9.0.3-0ubuntu1~24.10.1
dotnet-sdk-8.0 8.0.114-0ubuntu1~24.10.1
dotnet-sdk-9.0 9.0.104-0ubuntu1~24.10.1
dotnet8 8.0.114-8.0.14-0ubuntu1~24.10.1
dotnet9 9.0.104-9.0.3-0ubuntu1~24.10.1
Ubuntu 24.04 LTS
aspnetcore-runtime-8.0 8.0.14-0ubuntu1~24.04.1
dotnet-host-8.0 8.0.14-0ubuntu1~24.04.1
dotnet-hostfxr-8.0 8.0.14-0ubuntu1~24.04.1
dotnet-runtime-8.0 8.0.14-0ubuntu1~24.04.1
dotnet-sdk-8.0 8.0.114-0ubuntu1~24.04.1
dotnet8 8.0.114-8.0.14-0ubuntu1~24.04.1
Ubuntu 22.04 LTS
aspnetcore-runtime-8.0 8.0.14-0ubuntu1~22.04.1
dotnet-host-8.0 8.0.14-0ubuntu1~22.04.1
dotnet-hostfxr-8.0 8.0.14-0ubuntu1~22.04.1
dotnet-runtime-8.0 8.0.14-0ubuntu1~22.04.1
dotnet-sdk-8.0 8.0.114-0ubuntu1~22.04.1
dotnet8 8.0.114-8.0.14-0ubuntu1~22.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7345-1
CVE-2025-24070
Package Information:
https://launchpad.net/ubuntu/+source/dotnet8/8.0.114-8.0.14-0ubuntu1~24.10.1
https://launchpad.net/ubuntu/+source/dotnet9/9.0.104-9.0.3-0ubuntu1~24.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.114-8.0.14-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.114-8.0.14-0ubuntu1~22.04.1
[USN-7337-1] LibreOffice vulnerability
==========================================================================
Ubuntu Security Notice USN-7337-1
March 10, 2025
libreoffice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
LibreOffice could be made to run programs if it opened a specially crafted
file.
Software Description:
- libreoffice: Office productivity suite
Details:
It was discovered that LibreOffice incorrectly handled Office URI Schemes.
If a user or automated system were tricked into opening a specially crafted
LibreOffice file, a remote attacker could possibly use this issue to call
internal macros.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libreoffice 4:24.8.5-0ubuntu0.24.10.2
Ubuntu 24.04 LTS
libreoffice 4:24.2.7-0ubuntu0.24.04.3
Ubuntu 22.04 LTS
libreoffice 1:7.3.7-0ubuntu0.22.04.9
Ubuntu 20.04 LTS
libreoffice 1:6.4.7-0ubuntu0.20.04.14
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7337-1
CVE-2025-1080
Package Information:
https://launchpad.net/ubuntu/+source/libreoffice/4:24.8.5-0ubuntu0.24.10.2
https://launchpad.net/ubuntu/+source/libreoffice/4:24.2.7-0ubuntu0.24.04.3
https://launchpad.net/ubuntu/+source/libreoffice/1:7.3.7-0ubuntu0.22.04.9
https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.14
[USN-7343-1] Jinja2 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7343-1
March 11, 2025
jinja2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Jinja2.
Software Description:
- jinja2: small but fast and easy to use stand-alone template engine
Details:
Rafal Krupinski discovered that Jinja2 did not properly restrict
the execution of code in situations where templates are used maliciously.
An attacker with control over a template's filename and content could
potentially use this issue to enable the execution of arbitrary code.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2024-56201)
It was discovered that Jinja2 sandboxed environments could be escaped
through a call to a string format method. An attacker could possibly use
this issue to enable the execution of arbitrary code. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56326)
It was discovered that Jinja2 sandboxed environments could be escaped
through the malicious use of certain filters. An attacker could possibly
use this issue to enable the execution of arbitrary code. (CVE-2025-27516)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
python3-jinja2 3.1.3-1ubuntu1.24.10.2
Ubuntu 24.04 LTS
python3-jinja2 3.1.2-1ubuntu1.3
Ubuntu 22.04 LTS
python3-jinja2 3.0.3-1ubuntu0.4
Ubuntu 20.04 LTS
python-jinja2 2.10.1-2ubuntu0.5
python3-jinja2 2.10.1-2ubuntu0.5
Ubuntu 18.04 LTS
python-jinja2 2.10-1ubuntu0.18.04.1+esm4
Available with Ubuntu Pro
python3-jinja2 2.10-1ubuntu0.18.04.1+esm4
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-jinja2 2.8-1ubuntu0.1+esm5
Available with Ubuntu Pro
python3-jinja2 2.8-1ubuntu0.1+esm5
Available with Ubuntu Pro
Ubuntu 14.04 LTS
python-jinja2 2.7.2-2ubuntu0.1~esm6
Available with Ubuntu Pro
python3-jinja2 2.7.2-2ubuntu0.1~esm6
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7343-1
CVE-2024-56201, CVE-2024-56326, CVE-2025-27516
Package Information:
https://launchpad.net/ubuntu/+source/jinja2/3.1.3-1ubuntu1.24.10.2
https://launchpad.net/ubuntu/+source/jinja2/3.1.2-1ubuntu1.3
https://launchpad.net/ubuntu/+source/jinja2/3.0.3-1ubuntu0.4
https://launchpad.net/ubuntu/+source/jinja2/2.10.1-2ubuntu0.5
[USN-7346-1] OpenSC vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7346-1
March 12, 2025
opensc vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in opensc.
Software Description:
- opensc: Smart card utilities with support for PKCS#15 compatible cards
Details:
It was discovered that OpenSC did not correctly handle certain memory
operations, which could lead to a use-after-free vulnerability. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42780)
It was discovered that OpenSC did not correctly handle certain memory
operations, which could lead to a stack buffer overflow. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-42782)
It was discovered that OpenSC did not correctly handle the length of
certain buffers, which could lead to a out-of-bounds access vulnerability.
An attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-2977)
Deepanjan Pal discovered that OpenSC did not correctly authenticate a zero
length PIN. A physically proximate attacker could possibly use this issue
to gain unauthorized access to certain systems. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-40660)
It was discovered that OpenSC did not correctly handle certain memory
operations. A physically proximate attacker could possibly use this issue
to compromise key generation, certificate loading and other card
management operations. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2023-40661)
Hubert Kario, Michal Shagam and Eyal Ronen discovered that OpenSC had a
timing side-channel and incorrectly handled RSA padding. An attacker
could possibly use this issue to recover sensitive information. This issue
only affected Ubuntu 22.04 LTS. (CVE-2023-5992)
Matteo Marini discovered that OpenSC did not properly manage memory due to
certain uninitialized variables. A physically proximate attacker could
possibly use this issue to gain unauthorized access to certain systems.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-45615)
Matteo Marini discovered that OpenSC did not correctly handle certain
memory operations. A physically proximate attacker could possibly use this
issue to gain unauthorized access to certain systems. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2024-45616, CVE-2024-45617)
Matteo Marini discovered that OpenSC did not correctly handle certain
memory operations. A physically proximate attacker could possibly use this
issue to gain unauthorized access to certain systems.
(CVE-2024-45618, CVE-2024-45620)
Matteo Marini discovered that OpenSC did not correctly handle certain
memory operations. A physically proximate attacker could possibly use this
issue to gain unauthorized access to certain systems. This issue only
affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10.
(CVE-2024-45619)
It was discovered that OpenSC did not correctly handle certain memory
operations, which could lead to a buffer overflow. A physically
proximate attacker could possibly use this issue to compromise card
management operations during enrollment and modification. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and
Ubuntu 24.10. (CVE-2024-8443)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
opensc 0.25.1-2ubuntu1.1
opensc-pkcs11 0.25.1-2ubuntu1.1
Ubuntu 24.04 LTS
opensc 0.25.0~rc1-1ubuntu0.1~esm1
Available with Ubuntu Pro
opensc-pkcs11 0.25.0~rc1-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
opensc 0.22.0-1ubuntu2+esm1
Available with Ubuntu Pro
opensc-pkcs11 0.22.0-1ubuntu2+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
opensc 0.20.0-3ubuntu0.1~esm2
Available with Ubuntu Pro
opensc-pkcs11 0.20.0-3ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
opensc 0.17.0-3ubuntu0.1~esm2
Available with Ubuntu Pro
opensc-pkcs11 0.17.0-3ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
opensc 0.15.0-1ubuntu1+esm2
Available with Ubuntu Pro
opensc-pkcs11 0.15.0-1ubuntu1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7346-1
CVE-2021-42780, CVE-2021-42782, CVE-2023-2977, CVE-2023-40660,
CVE-2023-40661, CVE-2023-5992, CVE-2024-45615, CVE-2024-45616,
CVE-2024-45617, CVE-2024-45618, CVE-2024-45619, CVE-2024-45620,
CVE-2024-8443
Package Information:
https://launchpad.net/ubuntu/+source/opensc/0.25.1-2ubuntu1.1
[USN-7299-3] X.Org X Server regression
==========================================================================
Ubuntu Security Notice USN-7299-3
March 12, 2025
xorg-server, xwayland regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-7299-2 caused a regression in X.Org X Server.
Software Description:
- xorg-server: X.Org X11 server
- xorg-server-hwe-18.04: X.Org X11 server
- xorg-server-hwe-16.04: X.Org X11 server
Details:
USN-7299-2 fix vulnerabilities in X.Org X Server. This fix caused
regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update
reverts it pending further investigation.
Original advisory details:
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations. An attacker could use these issues to cause the
X Server to crash, leading to a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
xserver-xorg-core 2:1.19.6-1ubuntu4.15+esm11
Available with Ubuntu Pro
xserver-xorg-core-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm3
Available with Ubuntu Pro
xwayland 2:1.19.6-1ubuntu4.15+esm11
Available with Ubuntu Pro
xwayland-hwe-18.04 2:1.20.8-2ubuntu2.2~18.04.11+esm3
Available with Ubuntu Pro
Ubuntu 16.04 LTS
xserver-xorg-core 2:1.18.4-0ubuntu0.12+esm16
Available with Ubuntu Pro
xserver-xorg-core-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm8
Available with Ubuntu Pro
xwayland 2:1.18.4-0ubuntu0.12+esm16
Available with Ubuntu Pro
xwayland-hwe-16.04 2:1.19.6-1ubuntu4.1~16.04.6+esm8
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7299-3
https://ubuntu.com/security/notices/USN-7299-2
https://ubuntu.com/security/notices/USN-7299-1
https://launchpad.net/bugs/2101897
[USN-7347-1] Netatalk vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7347-1
March 12, 2025
netatalk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Netatalk.
Software Description:
- netatalk: Apple Filing Protocol service
Details:
It was discovered that Netatalk did not properly manage memory under
certain circumstances. A remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2024-38439, CVE-2024-38440, CVE-2024-38441)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
netatalk 3.1.18~ds-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
netatalk 3.1.12~ds-9ubuntu0.22.04.4
Ubuntu 20.04 LTS
netatalk 3.1.12~ds-4ubuntu0.20.04.4
Ubuntu 18.04 LTS
netatalk 2.2.6-1ubuntu0.18.04.2+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
netatalk 2.2.5-1ubuntu0.2+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
netatalk 2.2.2-1ubuntu2.2+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7347-1
CVE-2024-38439, CVE-2024-38440, CVE-2024-38441
Package Information:
https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-9ubuntu0.22.04.4
https://launchpad.net/ubuntu/+source/netatalk/3.1.12~ds-4ubuntu0.20.04.4
[USN-7348-1] Python vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7348-1
March 12, 2025
python3.5, python3.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Python.
Software Description:
- python3.8: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language
Details:
It was discovered that the Python ipaddress module contained incorrect
information about which IP address ranges were considered “private” or
“globally reachable”. This could possibly result in applications applying
incorrect security policies. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-4032)
It was discovered that Python incorrectly handled quoting path names when
using the venv module. A local attacker able to control virtual
environments could possibly use this issue to execute arbitrary code when
the virtual environment is activated. (CVE-2024-9287)
It was discovered that Python incorrectly handled parsing bracketed hosts.
A remote attacker could possibly use this issue to perform a Server-Side
Request Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS
and Ubuntu 16.04 LTS. (CVE-2024-11168)
It was discovered that Python incorrectly handled parsing domain names that
included square brackets. A remote attacker could possibly use this issue
to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
python3.8 3.8.10-0ubuntu1~20.04.16
python3.8-minimal 3.8.10-0ubuntu1~20.04.16
python3.8-venv 3.8.10-0ubuntu1~20.04.16
Ubuntu 16.04 LTS
python3.5 3.5.2-2ubuntu0~16.04.13+esm16
Available with Ubuntu Pro
python3.5-minimal 3.5.2-2ubuntu0~16.04.13+esm16
Available with Ubuntu Pro
python3.5-venv 3.5.2-2ubuntu0~16.04.13+esm16
Available with Ubuntu Pro
Ubuntu 14.04 LTS
python3.5 3.5.2-2ubuntu0~16.04.4~14.04.1+esm4
Available with Ubuntu Pro
python3.5-minimal 3.5.2-2ubuntu0~16.04.4~14.04.1+esm4
Available with Ubuntu Pro
python3.5-venv 3.5.2-2ubuntu0~16.04.4~14.04.1+esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7348-1
CVE-2024-11168, CVE-2024-4032, CVE-2024-9287, CVE-2025-0938
Package Information:
https://launchpad.net/ubuntu/+source/python3.8/3.8.10-0ubuntu1~20.04.16
[USN-7350-1] UnRAR vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7350-1
March 12, 2025
unrar-nonfree vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in UnRAR.
Software Description:
- unrar-nonfree: Unarchiver for .rar files
Details:
It was discovered that UnRAR incorrectly handled certain paths. If a user
or automated system were tricked into extracting a specially crafted RAR
archive, a remote attacker could possibly use this issue to write arbitrary
files outside of the targeted directory. (CVE-2022-30333, CVE-2022-48579)
It was discovered that UnRAR incorrectly handled certain recovery volumes.
If a user or automated system were tricked into extracting a specially
crafted RAR archive, a remote attacker could possibly use this issue to
execute arbitrary code. (CVE-2023-40477)
Siddharth Dushantha discovered that UnRAR incorrectly handled ANSI escape
sequences when writing screen output. If a user or automated system were
tricked into processing a specially crafted RAR archive, a remote attacker
could possibly use this issue to spoof screen output or cause a denial of
service. (CVE-2024-33899)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libunrar5 1:6.1.5-1ubuntu0.1
unrar 1:6.1.5-1ubuntu0.1
Ubuntu 20.04 LTS
libunrar5 1:5.6.6-2ubuntu0.1
unrar 1:5.6.6-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7350-1
CVE-2022-30333, CVE-2022-48579, CVE-2023-40477, CVE-2024-33899
Package Information:
https://launchpad.net/ubuntu/+source/unrar-nonfree/1:6.1.5-1ubuntu0.1
https://launchpad.net/ubuntu/+source/unrar-nonfree/1:5.6.6-2ubuntu0.1
[USN-7349-1] RAR vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7349-1
March 12, 2025
rar vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in RAR.
Software Description:
- rar: Archiver for .rar files
Details:
It was discovered that RAR incorrectly handled certain paths. If a user or
automated system were tricked into extracting a specially crafted RAR
archive, a remote attacker could possibly use this issue to write arbitrary
files outside of the targeted directory. (CVE-2022-30333)
It was discovered that RAR incorrectly handled certain recovery volumes. If
a user or automated system were tricked into extracting a specially crafted
RAR archive, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2023-40477)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
rar 2:6.23-1~22.04.1
Ubuntu 20.04 LTS
rar 2:6.23-1~20.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-7349-1
CVE-2022-30333, CVE-2023-40477
Package Information:
https://launchpad.net/ubuntu/+source/rar/2:6.23-1~22.04.1
https://launchpad.net/ubuntu/+source/rar/2:6.23-1~20.04.1
[USN-7343-2] Jinja2 regression
==========================================================================
Ubuntu Security Notice USN-7343-2
March 12, 2025
jinja2 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-7343-1 introduced a regression in Jinja2.
Software Description:
- jinja2: small but fast and easy to use stand-alone template engine
Details:
USN-7343-1 fixed vulnerabilities in Jinja2. The update introduced a
regression when attempting to import Jinja2 on Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Rafal Krupinski discovered that Jinja2 did not properly restrict
the execution of code in situations where templates are used maliciously.
An attacker with control over a template's filename and content could
potentially use this issue to enable the execution of arbitrary code.
This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS.
(CVE-2024-56201)
It was discovered that Jinja2 sandboxed environments could be escaped
through a call to a string format method. An attacker could possibly use
this issue to enable the execution of arbitrary code. This issue only
affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56326)
It was discovered that Jinja2 sandboxed environments could be escaped
through the malicious use of certain filters. An attacker could possibly
use this issue to enable the execution of arbitrary code. (CVE-2025-27516)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
python-jinja2 2.10.1-2ubuntu0.6
python3-jinja2 2.10.1-2ubuntu0.6
Ubuntu 18.04 LTS
python-jinja2 2.10-1ubuntu0.18.04.1+esm5
Available with Ubuntu Pro
python3-jinja2 2.10-1ubuntu0.18.04.1+esm5
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7343-2
https://ubuntu.com/security/notices/USN-7343-1
https://launchpad.net/bugs/2102129
Package Information:
https://launchpad.net/ubuntu/+source/jinja2/2.10.1-2ubuntu0.6
