[USN-7692-1] Request Tracker vulnerabilities
[USN-7695-1] Sidekiq vulnerabilities
[USN-7697-1] AIDE vulnerabilities
[USN-7692-1] Request Tracker vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7692-1
August 13, 2025
request-tracker5 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Request Tracker.
Software Description:
- request-tracker5: An open source, enterprise-grade issue and ticket tracking system.
Details:
It was discovered that Request Tracker was susceptible to timing
attacks. An attacker could possibly use this issue to access sensitive
information. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-38562)
It was discovered that Request Tracker was susceptible to cross-site
scripting attacks when malicious attachments were supplied. An attacker
could possibly use this issue to execute arbitrary code. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-25802)
It was discovered that Request Tracker would incorrectly redirect users
in certain instances. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 22.04 LTS.
(CVE-2022-25803)
Tom Wolters discovered that Request Tracker could leak information when
malicious email headers were supplied. An attacker could possibly
use this issue to access sensitive information. This issue only
affected Ubuntu 22.04 LTS. (CVE-2023-41259, CVE-2023-41260)
It was discovered that Request Tracker could leak information through
its transaction search. An attacker with access to the transaction
query builder of Request Tracker could possibly use this issue to
access sensitive information. This issue only affected Ubuntu 22.04
LTS. (CVE-2023-45024)
It was discovered that Request Tracker erroneously stored ticket
information in a web browser's cache. An attacker with direct access to
a system could possibly use this issue to access sensitive information.
This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
(CVE-2024-3262)
It was discovered that Request Tracker made use of an obsolete
cryptographic algorithm for emails sent with S/MIME encryption. An
attacker could possibly use this issue to access sensitive information.
(CVE-2025-2545)
It was discovered that Request Tracker was susceptible to cross-site
scripting attacks when malicious parameters were included in a search
URL. An attacker could possibly use this issue to execute arbitrary
code. (CVE-2025-30087)
It was discovered that Request Tracker was susceptible to cross-site
scripting attacks when malicious permalinks or assets were provided.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2025-31500, CVE-2025-31501)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
request-tracker5 5.0.7+dfsg-2ubuntu0.1
rt5-fcgi 5.0.7+dfsg-2ubuntu0.1
rt5-standalone 5.0.7+dfsg-2ubuntu0.1
Ubuntu 24.04 LTS
request-tracker5 5.0.5+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-fcgi 5.0.5+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
rt5-standalone 5.0.5+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
request-tracker5 5.0.1+dfsg-1ubuntu1+esm1
Available with Ubuntu Pro
rt5-fcgi 5.0.1+dfsg-1ubuntu1+esm1
Available with Ubuntu Pro
rt5-standalone 5.0.1+dfsg-1ubuntu1+esm1
Available with Ubuntu Pro
After a standard system update you need to restart Request Tracker to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7692-1
CVE-2021-38562, CVE-2022-25802, CVE-2022-25803, CVE-2023-41259,
CVE-2023-41260, CVE-2023-45024, CVE-2024-3262, CVE-2025-2545,
CVE-2025-30087, CVE-2025-31500, CVE-2025-31501
Package Information:
https://launchpad.net/ubuntu/+source/request-tracker5/5.0.7+dfsg-2ubuntu0.1
[USN-7695-1] Sidekiq vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7695-1
August 14, 2025
ruby-sidekiq vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Sidekiq.
Software Description:
- ruby-sidekiq: Simple, efficient background processing for Ruby
Details:
Anas Roubi discovered that Sidekiq did not correctly sanitize certain
inputs. An attacker could possibly use this issue to execute a cross-site
scripting (XSS) attack. This issue only affected Ubuntu 18.04 LTS, and
Ubuntu 20.04 LTS. (CVE-2021-30151)
It was discovered that Sidekiq did not correctly bound certain inputs. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2022-23837)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
ruby-sidekiq 6.3.1+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ruby-sidekiq 5.2.7+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
ruby-sidekiq 5.0.4+dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7695-1
CVE-2021-30151, CVE-2022-23837
[USN-7697-1] AIDE vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7697-1
August 14, 2025
aide vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in AIDE.
Software Description:
- aide: Advanced Intrusion Detection Environment
Details:
Rajesh Pangare discovered that AIDE incorrectly handled filenames. A
local attacker could possibly use this issue to bypass the detection of
malicious files. (CVE-2025-54389)
Rajesh Pangare discovered that AIDE incorrectly handled extended file
attributes. A local attacker could possibly use this issue to cause a
denial of service. (CVE-2025-54409)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
aide 0.18.8-2ubuntu0.1
Ubuntu 24.04 LTS
aide 0.18.6-2ubuntu0.1
Ubuntu 22.04 LTS
aide 0.17.4-1ubuntu0.2
Ubuntu 20.04 LTS
aide 0.16.1-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
aide 0.16-3ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
aide 0.16~a2.git20130520-3ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
aide 0.16~a2.git20130520-2ubuntu0.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7697-1
CVE-2025-54389, CVE-2025-54409
Package Information:
https://launchpad.net/ubuntu/+source/aide/0.18.8-2ubuntu0.1
https://launchpad.net/ubuntu/+source/aide/0.18.6-2ubuntu0.1
https://launchpad.net/ubuntu/+source/aide/0.17.4-1ubuntu0.2
