Ubuntu has released two security notices: USN-7761-1 and USN-7760-1, addressing vulnerabilities in PAM (Pluggable Authentication Modules) and GNU C Library. The PAM vulnerability could allow an attacker to spoof hostnames and bypass access restrictions, while the GNU C Library issue could cause applications to crash or run arbitrary code. To resolve these issues, users are advised to update their systems to the latest package versions: libpam-modules 1.5.3-7ubuntu4.4 for Ubuntu 25.04, libpam-modules 1.5.3-5ubuntu5.5 for Ubuntu 24.04 LTS, and libc6 versions ranging from 2.35 to 2.41 for various Ubuntu releases.

[USN-7761-1] PAM vulnerability
[USN-7760-1] GNU C Library vulnerability

[USN-7761-1] PAM vulnerability

==========================================================================
Ubuntu Security Notice USN-7761-1
September 22, 2025

pam vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS

Summary:

PAM could allow unintended access to network services.

Software Description:
- pam: Pluggable Authentication Modules

Details:

It was discovered that the PAM pam_access module incorrectly parsed
certain rules as hostnames. An attacker could possibly use this issue to
spoof hostnames and bypass access restrictions.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libpam-modules 1.5.3-7ubuntu4.4

Ubuntu 24.04 LTS
libpam-modules 1.5.3-5ubuntu5.5

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7761-1
CVE-2024-10963

Package Information:
https://launchpad.net/ubuntu/+source/pam/1.5.3-7ubuntu4.4
https://launchpad.net/ubuntu/+source/pam/1.5.3-5ubuntu5.5

[USN-7760-1] GNU C Library vulnerability

==========================================================================
Ubuntu Security Notice USN-7760-1
September 22, 2025

glibc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

GNU C Library could be made to crash or run programs if it received
specially crafted input.

Software Description:
- glibc: GNU C Library

Details:

It was discovered that the GNU C Library incorrectly handled the regcomp
function when memory allocation failures occured. An attacker could use
this issue to cause applications to crash, leading to a denial of service,
or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libc6 2.41-6ubuntu1.2

Ubuntu 24.04 LTS
libc6 2.39-0ubuntu8.6

Ubuntu 22.04 LTS
libc6 2.35-0ubuntu3.11

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7760-1
CVE-2025-8058

Package Information:
https://launchpad.net/ubuntu/+source/glibc/2.41-6ubuntu1.2
https://launchpad.net/ubuntu/+source/glibc/2.39-0ubuntu8.6
https://launchpad.net/ubuntu/+source/glibc/2.35-0ubuntu3.11