Qt and Inetutils updates for Ubuntu

Ubuntu 6922 Published by

Ubuntu Security Notice USN-7780-1 addresses vulnerabilities in Qt, affecting Ubuntu 22.04 LTS, 20.04 LTS, 18.04 LTS, and 16.04 LTS. The issues include incorrect handling of certain inputs, leading to potential denial of service or information disclosure. Updates are available for the affected systems, which can be applied through a standard system update. Similarly, Ubuntu Security Notice USN-7781-1 addresses vulnerabilities in Inetutils, affecting Ubuntu 20.04 LTS, 18.04 LTS, 16.04 LTS, and 14.04 LTS.

[USN-7780-1] Qt vulnerabilities
[USN-7781-1] Inetutils vulnerabilities




[USN-7780-1] Qt vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7780-1
September 28, 2025

qtbase-opensource-src vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Qt.

Software Description:
- qtbase-opensource-src: Qt 5 libraries

Details:

It was discovered that Qt did not correctly handle certain inputs when
using the SQL ODBC driver plugin. An attacker could possibly use this issue
to cause a denial of service. (CVE-2023-24607)

It was discovered that Qt did not correctly parse certain strict-transport-
security headers. An attacker could possibly use this issue to leak
sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu
22.04 LTS. (CVE-2023-32762)

It was discovered that Qt did not correctly handle certain inputs from DNS
servers. A remote attacker could possibly use this issue to execute
arbitrary code or cause a denial of service. (CVE-2023-33285)

It was discovered that Qt did not correctly validate certain CA
certificates for TLS. An attacker could possibly use this issue to gain
access to unauthorized resources. (CVE-2023-34410)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
libqt5core5a 5.15.3+dfsg-2ubuntu0.2+esm1
Available with Ubuntu Pro
libqt5gui5 5.15.3+dfsg-2ubuntu0.2+esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libqt5core5a 5.12.8+dfsg-0ubuntu2.1+esm1
Available with Ubuntu Pro
libqt5gui5 5.12.8+dfsg-0ubuntu2.1+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libqt5core5a 5.9.5+dfsg-0ubuntu2.6+esm1
Available with Ubuntu Pro
libqt5gui5 5.9.5+dfsg-0ubuntu2.6+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libqt5core5a 5.5.1+dfsg-16ubuntu7.7+esm1
Available with Ubuntu Pro
libqt5gui5 5.5.1+dfsg-16ubuntu7.7+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7780-1
CVE-2023-24607, CVE-2023-32762, CVE-2023-33285, CVE-2023-34410



[USN-7781-1] Inetutils vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7781-1
September 28, 2025

inetutils vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Inetutils.

Software Description:
- inetutils: Collection of common network programs

Details:

Matthew Hickey discovered that Inetutils did not correctly handle certain
escape characters. An attacker could possibly use this issue to cause a
denial of service. (CVE-2019-0053)

It was discovered that Inetutils did not correctly handle certain memory
operations. An attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-10188)

It was discovered that Inetutils did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial of
service. (CVE-2022-39028)

It was discovered that Inetutils did not check the return values of set*id
functions. An attacker could possibly use this issue to escalate their
privileges. (CVE-2023-40303)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
inetutils-ftp 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-inetd 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-ping 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-talk 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-telnet 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-tools 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.4-11ubuntu0.2+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
inetutils-ftp 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-inetd 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-ping 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-talk 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-telnet 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-tools 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.4-3ubuntu0.1+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
inetutils-ftp 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-inetd 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-ping 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-talk 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-telnet 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-tools 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.4-1ubuntu0.1~esm3
Available with Ubuntu Pro

Ubuntu 14.04 LTS
inetutils-ftp 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-ftpd 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-inetd 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-ping 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-syslogd 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-talk 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-telnet 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-tools 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro
inetutils-traceroute 2:1.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7781-1
CVE-2019-0053, CVE-2020-10188, CVE-2022-39028, CVE-2023-40303


Kernel and MySQL updates for RHEL

Node-Tar-FS, Firefox-ESR, GIMP updates for Debian

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...