OpenJDK, Kernel, MuPDF updates for Ubuntu

Ubuntu 6931 Published by

Several security updates are available for Ubuntu Linux, addressing various vulnerabilities. These include updates for OpenJDK 21, 25, 8, 11, and 17, as well as the MuPDF library. Additionally, there are kernel vulnerability patches available for Linux on Raspberry Pi and general Linux systems.

[USN-7885-1] OpenJDK 21 vulnerabilities
[USN-7884-1] OpenJDK 25 vulnerabilities
[USN-7887-2] Linux kernel (Raspberry Pi) vulnerabilities
[USN-7888-1] MuPDF vulnerabilities
[USN-7881-1] OpenJDK 8 vulnerabilities
[USN-7882-1] OpenJDK 11 vulnerabilities
[USN-7883-1] OpenJDK 17 vulnerabilities
[USN-7889-1] Linux kernel vulnerabilities




[USN-7885-1] OpenJDK 21 vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7885-1
November 24, 2025

openjdk-21 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in OpenJDK 21.

Software Description:
- openjdk-21: Open Source Java implementation

Details:

Jinfeng Guo discovered that the Security component of OpenJDK 21 did not
correctly handle certain representations of encoded strings. An
unauthenticated remote attacker could possibly use this issue to modify
files or leak sensitive information. (CVE-2025-53057)

Darius Bohni discovered that the JAXP component of OpenJDK 21 was
vulnerable to a XML External Entity (XEE) attack. An unauthenticated remote
attacker could possibly use this issue to modify files or leak sensitive
information. (CVE-2025-53066)

Yakov Shafranovich discovered that the Libraries component of OpenJDK 21
contained an issue where certain Strings built with StringBuilder returned
an incorrect result for String.equals() checks. An unauthenticated remote
attacker could possibly use this issue to update, insert, or delete
accessible data. (CVE-2025-61748)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-10-21

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
openjdk-21-jdk 21.0.9+10-1~25.10
openjdk-21-jdk-headless 21.0.9+10-1~25.10
openjdk-21-jre 21.0.9+10-1~25.10
openjdk-21-jre-headless 21.0.9+10-1~25.10
openjdk-21-jre-zero 21.0.9+10-1~25.10

Ubuntu 25.04
openjdk-21-jdk 21.0.9+10-1~25.04
openjdk-21-jdk-headless 21.0.9+10-1~25.04
openjdk-21-jre 21.0.9+10-1~25.04
openjdk-21-jre-headless 21.0.9+10-1~25.04
openjdk-21-jre-zero 21.0.9+10-1~25.04

Ubuntu 24.04 LTS
openjdk-21-jdk 21.0.9+10-1~24.04
openjdk-21-jdk-headless 21.0.9+10-1~24.04
openjdk-21-jre 21.0.9+10-1~24.04
openjdk-21-jre-headless 21.0.9+10-1~24.04
openjdk-21-jre-zero 21.0.9+10-1~24.04

Ubuntu 22.04 LTS
openjdk-21-jdk 21.0.9+10-1~22.04
openjdk-21-jdk-headless 21.0.9+10-1~22.04
openjdk-21-jre 21.0.9+10-1~22.04
openjdk-21-jre-headless 21.0.9+10-1~22.04
openjdk-21-jre-zero 21.0.9+10-1~22.04

Ubuntu 20.04 LTS
openjdk-21-jdk 21.0.9+10-1~20.04
Available with Ubuntu Pro
openjdk-21-jdk-headless 21.0.9+10-1~20.04
Available with Ubuntu Pro
openjdk-21-jre 21.0.9+10-1~20.04
Available with Ubuntu Pro
openjdk-21-jre-headless 21.0.9+10-1~20.04
Available with Ubuntu Pro
openjdk-21-jre-zero 21.0.9+10-1~20.04
Available with Ubuntu Pro

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java applications
to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7885-1
CVE-2025-53057, CVE-2025-53066, CVE-2025-61748

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.9+10-1~25.10
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.9+10-1~25.04
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.9+10-1~24.04
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.9+10-1~22.04



[USN-7884-1] OpenJDK 25 vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7884-1
November 24, 2025

openjdk-25 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in OpenJDK 25.

Software Description:
- openjdk-25: Open Source Java implementation

Details:

Jinfeng Guo discovered that the Security component of OpenJDK 25 did not
correctly handle certain representations of encoded strings. An
unauthenticated remote attacker could possibly use this issue to modify
files or leak sensitive information. (CVE-2025-53057)

Darius Bohni discovered that the JAXP component of OpenJDK 25 was
vulnerable to a XML External Entity (XEE) attack. An unauthenticated remote
attacker could possibly use this issue to modify files or leak sensitive
information. (CVE-2025-53066)

Yakov Shafranovich discovered that the Libraries component of OpenJDK 21
contained an issue where certain Strings built with StringBuilder returned
an incorrect result for String.equals() checks. An unauthenticated remote
attacker could possibly use this issue to update, insert, or delete
accessible data. (CVE-2025-61748)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-10-21

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
openjdk-25-jdk 25.0.1+8-1~25.10
openjdk-25-jdk-headless 25.0.1+8-1~25.10
openjdk-25-jre 25.0.1+8-1~25.10
openjdk-25-jre-headless 25.0.1+8-1~25.10
openjdk-25-jre-zero 25.0.1+8-1~25.10

Ubuntu 25.04
openjdk-25-jdk 25.0.1+8-1~25.04
openjdk-25-jdk-headless 25.0.1+8-1~25.04
openjdk-25-jre 25.0.1+8-1~25.04
openjdk-25-jre-headless 25.0.1+8-1~25.04
openjdk-25-jre-zero 25.0.1+8-1~25.04

Ubuntu 24.04 LTS
openjdk-25-jdk 25.0.1+8-1~24.04
openjdk-25-jdk-headless 25.0.1+8-1~24.04
openjdk-25-jre 25.0.1+8-1~24.04
openjdk-25-jre-headless 25.0.1+8-1~24.04
openjdk-25-jre-zero 25.0.1+8-1~24.04

Ubuntu 22.04 LTS
openjdk-25-jdk 25.0.1+8-1~22.04
openjdk-25-jdk-headless 25.0.1+8-1~22.04
openjdk-25-jre 25.0.1+8-1~22.04
openjdk-25-jre-headless 25.0.1+8-1~22.04
openjdk-25-jre-zero 25.0.1+8-1~22.04

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java applications
to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7884-1
CVE-2025-53057, CVE-2025-53066, CVE-2025-61748

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-25/25.0.1+8-1~25.10
https://launchpad.net/ubuntu/+source/openjdk-25/25.0.1+8-1~25.04
https://launchpad.net/ubuntu/+source/openjdk-25/25.0.1+8-1~24.04
https://launchpad.net/ubuntu/+source/openjdk-25/25.0.1+8-1~22.04



[USN-7887-2] Linux kernel (Raspberry Pi) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7887-2
November 25, 2025

linux-raspi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Ublk userspace block driver;
- Clock framework and drivers;
- EDAC drivers;
- GPU drivers;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- Remote Processor subsystem;
- Thermal drivers;
- Virtio Host (VHOST) subsystem;
- 9P distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Memory management;
- RDMA verbs API;
- Kernel fork() syscall;
- Tracing infrastructure;
- Watch queue notification mechanism;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- SoC Audio for Freescale CPUs drivers;
(CVE-2023-53034, CVE-2024-58092, CVE-2025-22018, CVE-2025-22019,
CVE-2025-22020, CVE-2025-22021, CVE-2025-22025, CVE-2025-22027,
CVE-2025-22028, CVE-2025-22033, CVE-2025-22035, CVE-2025-22036,
CVE-2025-22038, CVE-2025-22039, CVE-2025-22040, CVE-2025-22041,
CVE-2025-22042, CVE-2025-22044, CVE-2025-22045, CVE-2025-22047,
CVE-2025-22050, CVE-2025-22053, CVE-2025-22054, CVE-2025-22055,
CVE-2025-22056, CVE-2025-22057, CVE-2025-22058, CVE-2025-22060,
CVE-2025-22062, CVE-2025-22063, CVE-2025-22064, CVE-2025-22065,
CVE-2025-22066, CVE-2025-22068, CVE-2025-22070, CVE-2025-22071,
CVE-2025-22072, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079,
CVE-2025-22080, CVE-2025-22081, CVE-2025-22083, CVE-2025-22086,
CVE-2025-22089, CVE-2025-22090, CVE-2025-22095, CVE-2025-22097,
CVE-2025-23136, CVE-2025-23138, CVE-2025-37937, CVE-2025-38152,
CVE-2025-38240, CVE-2025-38575, CVE-2025-38637, CVE-2025-39682,
CVE-2025-39728, CVE-2025-39735, CVE-2025-40114, CVE-2025-40157)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1041-raspi 6.8.0-1041.45
linux-image-raspi 6.8.0-1041.45
linux-image-raspi-6.8 6.8.0-1041.45

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7887-2
https://ubuntu.com/security/notices/USN-7887-1
CVE-2023-53034, CVE-2024-58092, CVE-2025-22018, CVE-2025-22019,
CVE-2025-22020, CVE-2025-22021, CVE-2025-22025, CVE-2025-22027,
CVE-2025-22028, CVE-2025-22033, CVE-2025-22035, CVE-2025-22036,
CVE-2025-22038, CVE-2025-22039, CVE-2025-22040, CVE-2025-22041,
CVE-2025-22042, CVE-2025-22044, CVE-2025-22045, CVE-2025-22047,
CVE-2025-22050, CVE-2025-22053, CVE-2025-22054, CVE-2025-22055,
CVE-2025-22056, CVE-2025-22057, CVE-2025-22058, CVE-2025-22060,
CVE-2025-22062, CVE-2025-22063, CVE-2025-22064, CVE-2025-22065,
CVE-2025-22066, CVE-2025-22068, CVE-2025-22070, CVE-2025-22071,
CVE-2025-22072, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079,
CVE-2025-22080, CVE-2025-22081, CVE-2025-22083, CVE-2025-22086,
CVE-2025-22089, CVE-2025-22090, CVE-2025-22095, CVE-2025-22097,
CVE-2025-23136, CVE-2025-23138, CVE-2025-37937, CVE-2025-38152,
CVE-2025-38240, CVE-2025-38575, CVE-2025-38637, CVE-2025-39682,
CVE-2025-39728, CVE-2025-39735, CVE-2025-40114, CVE-2025-40157

Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/6.8.0-1041.45



[USN-7888-1] MuPDF vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7888-1
November 25, 2025

mupdf vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in MuPDF.

Software Description:
- mupdf: A lightweight open source software framework for viewing and converting PDF, XPS, and E-book documents

Details:

It was discovered that MuPDF could be made to divide by zero. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106)

It was discovered that MuPDF incorrectly handled memory under certain
circumstances, which could lead to a NULL pointer dereference. An
attacker could potentially use this issue to cause a denial of service.
(CVE-2024-46657)

It was discovered that MuPDF could enter an infinite recursion when
parsing certain PDF files. An attacker could possibly use this issue to
cause a denial of service. (CVE-2025-46206)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
mupdf 1.25.1+ds1-5ubuntu0.1
mupdf-tools 1.25.1+ds1-5ubuntu0.1

Ubuntu 24.04 LTS
mupdf 1.23.10+ds1-1ubuntu0.1~esm1
Available with Ubuntu Pro
mupdf-tools 1.23.10+ds1-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
mupdf 1.19.0+ds1-2ubuntu0.1~esm1
Available with Ubuntu Pro
mupdf-tools 1.19.0+ds1-2ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
mupdf 1.16.1+ds1-1ubuntu1+esm2
Available with Ubuntu Pro
mupdf-tools 1.16.1+ds1-1ubuntu1+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
mupdf 1.12.0+ds1-1ubuntu0.1~esm2
Available with Ubuntu Pro
mupdf-tools 1.12.0+ds1-1ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7888-1
CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106,
CVE-2024-46657, CVE-2025-46206

Package Information:
https://launchpad.net/ubuntu/+source/mupdf/1.25.1+ds1-5ubuntu0.1



[USN-7881-1] OpenJDK 8 vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7881-1
November 24, 2025

openjdk-8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in OpenJDK 8.

Software Description:
- openjdk-8: Open Source Java implementation

Details:

Jinfeng Guo discovered that the Security component of OpenJDK 8 did not
correctly handle certain representations of encoded strings. An
unauthenticated remote attacker could possibly use this issue to modify
files or leak sensitive information. (CVE-2025-53057)

Darius Bohni discovered that the JAXP component of OpenJDK 8 was
vulnerable to a XML External Entity (XEE) attack. An unauthenticated
remote attacker could possibly use this issue to modify files or leak
sensitive information. (CVE-2025-53066)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-10-21

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
openjdk-8-jdk 8u472-ga-1~25.10
openjdk-8-jdk-headless 8u472-ga-1~25.10
openjdk-8-jre 8u472-ga-1~25.10
openjdk-8-jre-headless 8u472-ga-1~25.10
openjdk-8-jre-zero 8u472-ga-1~25.10

Ubuntu 25.04
openjdk-8-jdk 8u472-ga-1~25.04
openjdk-8-jdk-headless 8u472-ga-1~25.04
openjdk-8-jre 8u472-ga-1~25.04
openjdk-8-jre-headless 8u472-ga-1~25.04
openjdk-8-jre-zero 8u472-ga-1~25.04

Ubuntu 24.04 LTS
openjdk-8-jdk 8u472-ga-1~24.04
openjdk-8-jdk-headless 8u472-ga-1~24.04
openjdk-8-jre 8u472-ga-1~24.04
openjdk-8-jre-headless 8u472-ga-1~24.04
openjdk-8-jre-zero 8u472-ga-1~24.04

Ubuntu 22.04 LTS
openjdk-8-jdk 8u472-ga-1~22.04
openjdk-8-jdk-headless 8u472-ga-1~22.04
openjdk-8-jre 8u472-ga-1~22.04
openjdk-8-jre-headless 8u472-ga-1~22.04
openjdk-8-jre-zero 8u472-ga-1~22.04

Ubuntu 20.04 LTS
openjdk-8-jdk 8u472-ga-1~20.04
Available with Ubuntu Pro
openjdk-8-jdk-headless 8u472-ga-1~20.04
Available with Ubuntu Pro
openjdk-8-jre 8u472-ga-1~20.04
Available with Ubuntu Pro
openjdk-8-jre-headless 8u472-ga-1~20.04
Available with Ubuntu Pro
openjdk-8-jre-zero 8u472-ga-1~20.04
Available with Ubuntu Pro

Ubuntu 18.04 LTS
openjdk-8-jdk 8u472-ga-1~18.04
Available with Ubuntu Pro
openjdk-8-jdk-headless 8u472-ga-1~18.04
Available with Ubuntu Pro
openjdk-8-jre 8u472-ga-1~18.04
Available with Ubuntu Pro
openjdk-8-jre-headless 8u472-ga-1~18.04
Available with Ubuntu Pro
openjdk-8-jre-zero 8u472-ga-1~18.04
Available with Ubuntu Pro

Ubuntu 16.04 LTS
openjdk-8-jdk 8u472-ga-1~16.04
Available with Ubuntu Pro
openjdk-8-jdk-headless 8u472-ga-1~16.04
Available with Ubuntu Pro
openjdk-8-jre 8u472-ga-1~16.04
Available with Ubuntu Pro
openjdk-8-jre-headless 8u472-ga-1~16.04
Available with Ubuntu Pro
openjdk-8-jre-jamvm 8u472-ga-1~16.04
Available with Ubuntu Pro
openjdk-8-jre-zero 8u472-ga-1~16.04
Available with Ubuntu Pro

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7881-1
CVE-2025-53057, CVE-2025-53066

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-8/8u472-ga-1~25.10
https://launchpad.net/ubuntu/+source/openjdk-8/8u472-ga-1~25.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u472-ga-1~24.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u472-ga-1~22.04



[USN-7882-1] OpenJDK 11 vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7882-1
November 24, 2025

openjdk-lts vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in OpenJDK 11.

Software Description:
- openjdk-lts: Open Source Java implementation

Details:

Jinfeng Guo discovered that the Security component of OpenJDK 11 did not
correctly handle certain representations of encoded strings. An
unauthenticated remote attacker could possibly use this issue to modify
files or leak sensitive information. (CVE-2025-53057)

Darius Bohni discovered that the JAXP component of OpenJDK 11 was
vulnerable to a XML External Entity (XEE) attack. An unauthenticated
remote attacker could possibly use this issue to modify files or leak
sensitive information. (CVE-2025-53066)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-10-21

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
openjdk-11-jdk 11.0.29+7-1ubuntu1~25.10
openjdk-11-jdk-headless 11.0.29+7-1ubuntu1~25.10
openjdk-11-jre 11.0.29+7-1ubuntu1~25.10
openjdk-11-jre-headless 11.0.29+7-1ubuntu1~25.10
openjdk-11-jre-zero 11.0.29+7-1ubuntu1~25.10

Ubuntu 25.04
openjdk-11-jdk 11.0.29+7-1ubuntu1~25.04
openjdk-11-jdk-headless 11.0.29+7-1ubuntu1~25.04
openjdk-11-jre 11.0.29+7-1ubuntu1~25.04
openjdk-11-jre-headless 11.0.29+7-1ubuntu1~25.04
openjdk-11-jre-zero 11.0.29+7-1ubuntu1~25.04

Ubuntu 24.04 LTS
openjdk-11-jdk 11.0.29+7-1ubuntu1~24.04
openjdk-11-jdk-headless 11.0.29+7-1ubuntu1~24.04
openjdk-11-jre 11.0.29+7-1ubuntu1~24.04
openjdk-11-jre-headless 11.0.29+7-1ubuntu1~24.04
openjdk-11-jre-zero 11.0.29+7-1ubuntu1~24.04

Ubuntu 22.04 LTS
openjdk-11-jdk 11.0.29+7-1ubuntu1~22.04
openjdk-11-jdk-headless 11.0.29+7-1ubuntu1~22.04
openjdk-11-jre 11.0.29+7-1ubuntu1~22.04
openjdk-11-jre-headless 11.0.29+7-1ubuntu1~22.04
openjdk-11-jre-zero 11.0.29+7-1ubuntu1~22.04

Ubuntu 20.04 LTS
openjdk-11-jdk 11.0.29+7-1ubuntu1~20.04
Available with Ubuntu Pro
openjdk-11-jdk-headless 11.0.29+7-1ubuntu1~20.04
Available with Ubuntu Pro
openjdk-11-jre 11.0.29+7-1ubuntu1~20.04
Available with Ubuntu Pro
openjdk-11-jre-headless 11.0.29+7-1ubuntu1~20.04
Available with Ubuntu Pro
openjdk-11-jre-zero 11.0.29+7-1ubuntu1~20.04
Available with Ubuntu Pro

Ubuntu 18.04 LTS
openjdk-11-jdk 11.0.29+7-1ubuntu1~18.04
Available with Ubuntu Pro
openjdk-11-jdk-headless 11.0.29+7-1ubuntu1~18.04
Available with Ubuntu Pro
openjdk-11-jre 11.0.29+7-1ubuntu1~18.04
Available with Ubuntu Pro
openjdk-11-jre-headless 11.0.29+7-1ubuntu1~18.04
Available with Ubuntu Pro
openjdk-11-jre-zero 11.0.29+7-1ubuntu1~18.04
Available with Ubuntu Pro

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7882-1
CVE-2025-53057, CVE-2025-53066

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.29+7-1ubuntu1~25.10
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.29+7-1ubuntu1~25.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.29+7-1ubuntu1~24.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.29+7-1ubuntu1~22.04



[USN-7883-1] OpenJDK 17 vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7883-1
November 24, 2025

openjdk-17 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in OpenJDK 17.

Software Description:
- openjdk-17: Open Source Java implementation

Details:

Jinfeng Guo discovered that the Security component of OpenJDK 17 did not
correctly handle certain representations of encoded strings. An
unauthenticated remote attacker could possibly use this issue to modify
files or leak sensitive information. (CVE-2025-53057)

Darius Bohni discovered that the JAXP component of OpenJDK 17 was
vulnerable to a XML External Entity (XEE) attack. An unauthenticated
remote attacker could possibly use this issue to modify files or leak
sensitive information. (CVE-2025-53066)

In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.

Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-10-21

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
openjdk-17-jdk 17.0.17+10-1~25.10
openjdk-17-jdk-headless 17.0.17+10-1~25.10
openjdk-17-jre 17.0.17+10-1~25.10
openjdk-17-jre-headless 17.0.17+10-1~25.10
openjdk-17-jre-zero 17.0.17+10-1~25.10

Ubuntu 25.04
openjdk-17-jdk 17.0.17+10-1~25.04
openjdk-17-jdk-headless 17.0.17+10-1~25.04
openjdk-17-jre 17.0.17+10-1~25.04
openjdk-17-jre-headless 17.0.17+10-1~25.04
openjdk-17-jre-zero 17.0.17+10-1~25.04

Ubuntu 24.04 LTS
openjdk-17-jdk 17.0.17+10-1~24.04
openjdk-17-jdk-headless 17.0.17+10-1~24.04
openjdk-17-jre 17.0.17+10-1~24.04
openjdk-17-jre-headless 17.0.17+10-1~24.04
openjdk-17-jre-zero 17.0.17+10-1~24.04

Ubuntu 22.04 LTS
openjdk-17-jdk 17.0.17+10-1~22.04
openjdk-17-jdk-headless 17.0.17+10-1~22.04
openjdk-17-jre 17.0.17+10-1~22.04
openjdk-17-jre-headless 17.0.17+10-1~22.04
openjdk-17-jre-zero 17.0.17+10-1~22.04

Ubuntu 20.04 LTS
openjdk-17-jdk 17.0.17+10-1~20.04
Available with Ubuntu Pro
openjdk-17-jdk-headless 17.0.17+10-1~20.04
Available with Ubuntu Pro
openjdk-17-jre 17.0.17+10-1~20.04
Available with Ubuntu Pro
openjdk-17-jre-headless 17.0.17+10-1~20.04
Available with Ubuntu Pro
openjdk-17-jre-zero 17.0.17+10-1~20.04
Available with Ubuntu Pro

Ubuntu 18.04 LTS
openjdk-17-jdk 17.0.17+10-1~18.04
Available with Ubuntu Pro
openjdk-17-jdk-headless 17.0.17+10-1~18.04
Available with Ubuntu Pro
openjdk-17-jre 17.0.17+10-1~18.04
Available with Ubuntu Pro
openjdk-17-jre-headless 17.0.17+10-1~18.04
Available with Ubuntu Pro
openjdk-17-jre-zero 17.0.17+10-1~18.04
Available with Ubuntu Pro

This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7883-1
CVE-2025-53057, CVE-2025-53066

Package Information:
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.17+10-1~25.10
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.17+10-1~25.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.17+10-1~24.04
https://launchpad.net/ubuntu/+source/openjdk-17/17.0.17+10-1~22.04



[USN-7889-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7889-1
November 25, 2025

linux, linux-aws, linux-aws-6.8, linux-ibm, linux-lowlatency,
linux-lowlatency-hwe-6.8, linux-nvidia, linux-nvidia-6.8,
linux-nvidia-lowlatency, linux-oracle vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-lowlatency: Linux low latency kernel
- linux-nvidia: Linux kernel for NVIDIA systems
- linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems
- linux-lowlatency-hwe-6.8: Linux low latency kernel
- linux-nvidia-6.8: Linux kernel for NVIDIA systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- Network drivers;
- Netfilter;
- TLS protocol;
(CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1040-oracle 6.8.0-1040.41
linux-image-6.8.0-1040-oracle-64k 6.8.0-1040.41
linux-image-6.8.0-1041-ibm 6.8.0-1041.41
linux-image-6.8.0-1043-aws 6.8.0-1043.45
linux-image-6.8.0-1043-aws-64k 6.8.0-1043.45
linux-image-6.8.0-1043-nvidia 6.8.0-1043.46
linux-image-6.8.0-1043-nvidia-64k 6.8.0-1043.46
linux-image-6.8.0-1043-nvidia-lowlatency 6.8.0-1043.46.1
linux-image-6.8.0-1043-nvidia-lowlatency-64k 6.8.0-1043.46.1
linux-image-6.8.0-88-generic 6.8.0-88.89
linux-image-6.8.0-88-generic-64k 6.8.0-88.89
linux-image-6.8.0-88-lowlatency 6.8.0-88.89.1
linux-image-6.8.0-88-lowlatency-64k 6.8.0-88.89.1
linux-image-aws-6.8 6.8.0-1043.45
linux-image-aws-64k-6.8 6.8.0-1043.45
linux-image-aws-64k-lts-24.04 6.8.0-1043.45
linux-image-aws-lts-24.04 6.8.0-1043.45
linux-image-generic 6.8.0-88.89
linux-image-generic-6.8 6.8.0-88.89
linux-image-generic-64k 6.8.0-88.89
linux-image-generic-64k-6.8 6.8.0-88.89
linux-image-generic-lpae 6.8.0-88.89
linux-image-ibm 6.8.0-1041.41
linux-image-ibm-6.8 6.8.0-1041.41
linux-image-ibm-classic 6.8.0-1041.41
linux-image-ibm-lts-24.04 6.8.0-1041.41
linux-image-kvm 6.8.0-88.89
linux-image-lowlatency 6.8.0-88.89.1
linux-image-lowlatency-6.8 6.8.0-88.89.1
linux-image-lowlatency-64k 6.8.0-88.89.1
linux-image-lowlatency-64k-6.8 6.8.0-88.89.1
linux-image-nvidia 6.8.0-1043.46
linux-image-nvidia-6.8 6.8.0-1043.46
linux-image-nvidia-64k 6.8.0-1043.46
linux-image-nvidia-64k-6.8 6.8.0-1043.46
linux-image-nvidia-lowlatency 6.8.0-1043.46.1
linux-image-nvidia-lowlatency-6.8 6.8.0-1043.46.1
linux-image-nvidia-lowlatency-64k 6.8.0-1043.46.1
linux-image-nvidia-lowlatency-64k-6.8 6.8.0-1043.46.1
linux-image-oracle-6.8 6.8.0-1040.41
linux-image-oracle-64k-6.8 6.8.0-1040.41
linux-image-oracle-64k-lts-24.04 6.8.0-1040.41
linux-image-oracle-lts-24.04 6.8.0-1040.41
linux-image-virtual 6.8.0-88.89
linux-image-virtual-6.8 6.8.0-88.89

Ubuntu 22.04 LTS
linux-image-6.8.0-1043-aws 6.8.0-1043.45~22.04.1
linux-image-6.8.0-1043-aws-64k 6.8.0-1043.45~22.04.1
linux-image-6.8.0-1043-nvidia 6.8.0-1043.46~22.04.1
linux-image-6.8.0-1043-nvidia-64k 6.8.0-1043.46~22.04.1
linux-image-6.8.0-88-lowlatency 6.8.0-88.89.1~22.04.1
linux-image-6.8.0-88-lowlatency-64k 6.8.0-88.89.1~22.04.1
linux-image-aws 6.8.0-1043.45~22.04.1
linux-image-aws-6.8 6.8.0-1043.45~22.04.1
linux-image-aws-64k 6.8.0-1043.45~22.04.1
linux-image-aws-64k-6.8 6.8.0-1043.45~22.04.1
linux-image-lowlatency-6.8 6.8.0-88.89.1~22.04.1
linux-image-lowlatency-64k-6.8 6.8.0-88.89.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 6.8.0-88.89.1~22.04.1
linux-image-lowlatency-hwe-22.04 6.8.0-88.89.1~22.04.1
linux-image-nvidia-6.8 6.8.0-1043.46~22.04.1
linux-image-nvidia-64k-6.8 6.8.0-1043.46~22.04.1
linux-image-nvidia-64k-hwe-22.04 6.8.0-1043.46~22.04.1
linux-image-nvidia-hwe-22.04 6.8.0-1043.46~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7889-1
CVE-2025-21729, CVE-2025-38227, CVE-2025-38616, CVE-2025-38678

Package Information:
https://launchpad.net/ubuntu/+source/linux/6.8.0-88.89
https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1043.45
https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1041.41
https://launchpad.net/ubuntu/+source/linux-lowlatency/6.8.0-88.89.1
https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1043.46
https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1043.46.1
https://launchpad.net/ubuntu/+source/linux-oracle/6.8.0-1040.41
https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1043.45~22.04.1
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.8/6.8.0-88.89.1~22.04.1
https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1043.46~22.04.1


Python, Grub, Kernel, and more updates for SUSE Linux

Linux, Erlang, Rails, and more updates for Debian

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...