[USN-7960-1] Rack vulnerabilities
[USN-7962-1] cpp-httplib vulnerability
[USN-7916-2] python-apt regression
[USN-7964-1] Git vulnerabilities
[USN-7965-1] SimGear vulnerability
[USN-7960-1] Rack vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7960-1
January 14, 2026
ruby-rack vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Rack.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
It was discovered that Rack incorrectly handled certain query parameters.
An attacker could possibly use this issue to cause a limited denial of
service. This issue was only addressed in Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2025-59830)
It was discovered that Rack did not properly handle certain multipart
form data. An attacker could possibly use this issue to cause memory
exhaustion, leading to a denial of service. This issue was only addressed
in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-61770, CVE-2025-61772)
It was discovered that Rack did not properly handle certain form fields.
An attacker could possibly use this issue to cause memory exhaustion,
leading to a denial of service. This issue was only addressed in Ubuntu
22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-61771)
It was discovered that Rack did not properly handle certain headers. An
attacker could possibly use this issue to bypass proxy access
restrictions and obtain sensitive information. (CVE-2025-61780)
Tomoya Yamashita discovered that Rack did not properly manage memory
under certain circumstances. An attacker could possibly use this issue to
cause memory exhaustion, leading to a denial of service. This issue was
only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS
and Ubuntu 25.10. (CVE-2025-61919)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
ruby-rack 3.1.16-0.1ubuntu0.1
Ubuntu 24.04 LTS
ruby-rack 2.2.7-1ubuntu0.5
Ubuntu 22.04 LTS
ruby-rack 2.1.4-5ubuntu1.2
Ubuntu 20.04 LTS
ruby-rack 2.0.7-2ubuntu0.1+esm8
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ruby-rack 1.6.4-4ubuntu0.2+esm9
Available with Ubuntu Pro
Ubuntu 16.04 LTS
ruby-rack 1.6.4-3ubuntu0.2+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7960-1
CVE-2025-59830, CVE-2025-61770, CVE-2025-61771, CVE-2025-61772,
CVE-2025-61780, CVE-2025-61919
Package Information:
https://launchpad.net/ubuntu/+source/ruby-rack/3.1.16-0.1ubuntu0.1
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.5
https://launchpad.net/ubuntu/+source/ruby-rack/2.1.4-5ubuntu1.2
[USN-7962-1] cpp-httplib vulnerability
==========================================================================
Ubuntu Security Notice USN-7962-1
January 14, 2026
cpp-httplib vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
cpp-httplib could allow unintended access to network services if it
received specially crafted network traffic.
Software Description:
- cpp-httplib: A C++11 single-file header-only cross platform HTTP/HTTPS library.
Details:
It was discovered that cpp-httplib did not correctly handle HTTP headers.
A remote attacker could possibly use this issue to bypass authorization
and impersonate users.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libcpp-httplib-dev 0.18.7-1ubuntu0.25.10.1
libcpp-httplib0.18 0.18.7-1ubuntu0.25.10.1
Ubuntu 25.04
libcpp-httplib-dev 0.18.7-1ubuntu0.25.04.1
libcpp-httplib0.18 0.18.7-1ubuntu0.25.04.1
Ubuntu 24.04 LTS
libcpp-httplib-dev 0.14.3+ds-1.1ubuntu0.1~esm1
Available with Ubuntu Pro
libcpp-httplib0.14t64 0.14.3+ds-1.1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libcpp-httplib-dev 0.10.3+ds-1ubuntu0.1~esm1
Available with Ubuntu Pro
libcpp-httplib0 0.10.3+ds-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7962-1
CVE-2025-66570
Package Information:
https://launchpad.net/ubuntu/+source/cpp-httplib/0.18.7-1ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/cpp-httplib/0.18.7-1ubuntu0.25.04.1
[USN-7916-2] python-apt regression
==========================================================================
Ubuntu Security Notice USN-7916-2
January 15, 2026
python-apt regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
USN-7916-1 introduced a regression in python-apt
Software Description:
- python-apt: Python interface to libapt-pkg
Details:
USN-7916-1 fixed a vulnerability in python-apt. The update had a
PEP 440 incompatible version. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Julian Andres Klode discovered that python-apt incorrectly handled
deb822 configuration files. An attacker could use this issue to cause
python-apt to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
python-apt 2.0.1ubuntu0.20.04.2esm2
Available with Ubuntu Pro
python-apt-common 2.0.1ubuntu0.20.04.2esm2
Available with Ubuntu Pro
python-apt-dev 2.0.1ubuntu0.20.04.2esm2
Available with Ubuntu Pro
python-apt-doc 2.0.1ubuntu0.20.04.2esm2
Available with Ubuntu Pro
python3-apt 2.0.1ubuntu0.20.04.2esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7916-2
https://ubuntu.com/security/notices/USN-7916-1
CVE-2025-6966, https://bugs.launchpad.net/bugs/2137070
[USN-7964-1] Git vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7964-1
January 15, 2026
git vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Git.
Software Description:
- git: fast, scalable, distributed revision control system
Details:
It was discovered that Git did not properly sanitize URLs when asking for
credentials via a terminal prompt. An attacker could possibly use this
issue to trick a user into disclosing their password. (CVE-2024-50349)
It was discovered that Git did not properly handle carriage return
characters in its credential protocol. An attacker could use this issue to
send unexpected data to credential helpers, possibly leading to a user
being tricked into disclosing sensitive information. (CVE-2024-52006)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
git 1:2.17.1-1ubuntu0.18+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
git 1:2.7.4-0ubuntu1.10+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7964-1
CVE-2024-50349, CVE-2024-52006
[USN-7965-1] SimGear vulnerability
==========================================================================
Ubuntu Security Notice USN-7965-1
January 15, 2026
simgear vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
SimGear could be made to run programs as an administrator if it opened a
specially crafted file.
Software Description:
- simgear: set of open-source libraries for assembling 3d simulations, games, and visualizations
Details:
It was discovered that SimGear could be made to bypass the sandboxing of
Nasal scripts. An attacker could possibly use this issue to execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libsimgear-dev 1:2020.3.18+dfsg-2.1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libsimgear-dev 1:2020.3.6+dfsg-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libsimgear-dev 1:2019.1.1+dfsg-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libsimgear-dev 1:2018.1.1+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libsimgear-dev 3.4.0-3ubuntu0.1~esm1
Available with Ubuntu Pro
libsimgearcore3.4.0v5 3.4.0-3ubuntu0.1~esm1
Available with Ubuntu Pro
libsimgearscene3.4.0v5 3.4.0-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7965-1
CVE-2025-0781
