[USN-7633-1] Nix vulnerabilities
[USN-7635-1] GnuTLS vulnerabilities
[USN-7634-1] GNU C Library vulnerabilities
[USN-7545-3] Apport regression
[USN-7633-1] Nix vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7633-1
July 14, 2025
nix vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Nix.
Software Description:
- nix: Cross-platform package manager
Details:
Linus Heckemann discovered that Nix did not correctly handle certain
binaries. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2024-38531)
Pierre-Etienne Meunier discovered that Nix did not correctly handle TLS
certificates. A remote attacker could possibly use this issue to leak
sensitive information. (CVE-2024-47174)
It was discovered that Nix did not correctly handle Unix sockets. An
attacker could possibly use this issue execute arbitrary code. This issue
only affected Ubuntu 24.04 LTS. (CVE-2024-27297)
It was discovered that Nix did not correctly handle unpacking Nix
archives (NARS). If a user or automated system were tricked into opening
a specially crafted file, an attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2024-45593)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
nix-bin 2.18.1+dfsg-1ubuntu5+esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
nix-bin 2.6.0+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7633-1
CVE-2024-27297, CVE-2024-38531, CVE-2024-45593, CVE-2024-47174
[USN-7635-1] GnuTLS vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7635-1
July 14, 2025
gnutls28 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in GnuTLS.
Software Description:
- gnutls28: GNU TLS library
Details:
It was discovered that GnuTLS incorrectly handled exporting Subject
Alternative Name (SAN) entries containing an otherName. A remote attacker
could use this issue to cause GnuTLS to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-32988)
It was discovered that GnuTLS incorrectly handled parsing the Certificate
Transparency (CT) Signed Certificate Timestamp (SCT) extension. A remote
attacker could use this issue to cause GnuTLS to crash, resulting in a
denial of service, or possibly obtain sensitive information.
(CVE-2025-32989)
It was discovered that the GnuTLS certtool utility incorrectly handled
parsing certain template files. An attacker could use this issue to cause
GnuTLS to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2025-32990)
Stefan Bühler discovered that GnuTLS incorrectly handled parsing certain
template files. An attacker could possibly use this issue to cause GnuTLS
to crash, resulting in a denial of service. (CVE-2025-6395)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libgnutls30t64 3.8.9-2ubuntu3.1
Ubuntu 24.04 LTS
libgnutls30t64 3.8.3-1.1ubuntu3.4
Ubuntu 22.04 LTS
libgnutls30 3.7.3-4ubuntu1.7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7635-1
CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, CVE-2025-6395
Package Information:
https://launchpad.net/ubuntu/+source/gnutls28/3.8.9-2ubuntu3.1
https://launchpad.net/ubuntu/+source/gnutls28/3.8.3-1.1ubuntu3.4
https://launchpad.net/ubuntu/+source/gnutls28/3.7.3-4ubuntu1.7
[USN-7634-1] GNU C Library vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7634-1
July 14, 2025
glibc vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in GNU C Library.
Software Description:
- glibc: GNU C Library
Details:
It was discovered that the GNU C Library incorrectly handled the strcmp
implementation optimized for Power10 processors. This could cause
applications to crash, compute wrong results, or leak confidential
information. (CVE-2025-5702)
It was discovered that the GNU C Library incorrectly handled the strncmp
implementation optimized for Power10 processors. This could cause
applications to crash, compute wrong results, or leak confidential
information. This issue only affected Ubuntu 25.04. (CVE-2025-5745)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
libc6 2.41-6ubuntu1.1
Ubuntu 24.04 LTS
libc6 2.39-0ubuntu8.5
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7634-1
CVE-2025-5702, CVE-2025-5745
Package Information:
https://launchpad.net/ubuntu/+source/glibc/2.41-6ubuntu1.1
https://launchpad.net/ubuntu/+source/glibc/2.39-0ubuntu8.5
[USN-7545-3] Apport regression
==========================================================================
Ubuntu Security Notice USN-7545-3
July 14, 2025
apport regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
USN-7545-1 introduced a regression in Apport
Software Description:
- apport: automatically generate crash reports for debugging
Details:
USN-7545-1 fixed vulnerabilities in Apport. The update introduced a
regression that raised an error if a crashing process was killed while
Apport was analyzing it. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Qualys discovered that Apport incorrectly handled metadata when
processing application crashes. An attacker could possibly use this issue
to leak sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
apport 2.32.0-0ubuntu5.3
python3-apport 2.32.0-0ubuntu5.3
Ubuntu 24.04 LTS
apport 2.28.1-0ubuntu3.8
python3-apport 2.28.1-0ubuntu3.8
Ubuntu 22.04 LTS
apport 2.20.11-0ubuntu82.9
python3-apport 2.20.11-0ubuntu82.9
Ubuntu 20.04 LTS
apport 2.20.11-0ubuntu27.30
python3-apport 2.20.11-0ubuntu27.30
Ubuntu 18.04 LTS
apport 2.20.9-0ubuntu7.29+esm3
Available with Ubuntu Pro
python-apport 2.20.9-0ubuntu7.29+esm3
Available with Ubuntu Pro
python3-apport 2.20.9-0ubuntu7.29+esm3
Available with Ubuntu Pro
Ubuntu 16.04 LTS
apport 2.20.1-0ubuntu2.30+esm7
Available with Ubuntu Pro
python-apport 2.20.1-0ubuntu2.30+esm7
Available with Ubuntu Pro
python3-apport 2.20.1-0ubuntu2.30+esm7
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
Package Information:
https://launchpad.net/ubuntu/+source/apport/2.32.0-0ubuntu5.3
https://launchpad.net/ubuntu/+source/apport/2.28.1-0ubuntu3.8
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu82.9
https://launchpad.net/ubuntu/+source/apport/2.20.11-0ubuntu27.30
