RunC, CUPS-Filters, Python, Kernel updates for Ubuntu

Ubuntu 6931 Published by

Ubuntu has issued security notices for several vulnerabilities affecting various packages, including runC, cups-filters, and Python. The notices address issues such as incorrect handling of masked paths (CVE-2025-31133), malformed TIFF image files (CVE-2025-57812), and inefficiently handled expanding system environment variables in Python (CVE-2025-6075). Additionally, the Linux kernel (Raspberry Pi Real-time) has been updated to fix vulnerabilities affecting various subsystems. Users are advised to update their systems with the corresponding package versions to address these security issues.

[USN-7851-2] runC regression
[USN-7878-2] cups-filters vulnerabilities
[USN-7887-1] Linux kernel (Raspberry Pi Real-time) vulnerabilities
[USN-7886-1] Python vulnerabilities




[USN-7851-2] runC regression


==========================================================================
Ubuntu Security Notice USN-7851-2
November 24, 2025

runc-app, runc-stable regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

USN-7851-1 introduced a regression in runC

Software Description:
- runc-app: Open Container Project
- runc-stable: Open Container Project

Details:

USN-7851-1 fixed vulnerabilities in runC. The introduction of a new
upstream release has caused regressions in runc-app and runc-stable.
This update fixes the problem.

Original advisory details:

Lei Wang and Li Fubang discovered that runC incorrectly handled masked
paths. An attacker could possibly replace a container's /dev/null
with a symlink to some other procfs file and possibly escape a container.
(CVE-2025-31133)

Lei Wang and Li Fubang discovered that runC incorrectly handled the
/dev/console bind-mounts. An attacker could potentially exploit this issue
to build-mount a symlink and escape a container. (CVE-2025-52565)

Li Fubang and Tõnis Tiigi discovered that the fix for CVE-2019-16884 was
incomplete. An attacker could possibly use this issue to cause a denial of
service or escape the container. (CVE-2025-52881)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
runc 1.3.3-0ubuntu1~25.10.3
runc-stable 1.3.3-0ubuntu1~25.10.3

Ubuntu 25.04
runc 1.3.3-0ubuntu1~25.04.3

Ubuntu 24.04 LTS
runc 1.3.3-0ubuntu1~24.04.3

Ubuntu 22.04 LTS
runc 1.3.3-0ubuntu1~22.04.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7851-2
https://ubuntu.com/security/notices/USN-7851-1
https://launchpad.net/bugs/2130744

Package Information:
https://launchpad.net/ubuntu/+source/runc-app/1.3.3-0ubuntu1~25.10.3
https://launchpad.net/ubuntu/+source/runc-stable/1.3.3-0ubuntu1~25.10.3
https://launchpad.net/ubuntu/+source/runc-app/1.3.3-0ubuntu1~25.04.3
https://launchpad.net/ubuntu/+source/runc-app/1.3.3-0ubuntu1~24.04.3
https://launchpad.net/ubuntu/+source/runc-app/1.3.3-0ubuntu1~22.04.3



[USN-7878-2] cups-filters vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7878-2
November 24, 2025

cups-filters vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04

Summary:

Several security issues were fixed in cups-filters.

Software Description:
- cups-filters: OpenPrinting CUPS Filters

Details:

USN-7878-1 fixed vulnerabilities in cups-filters, This update provides the
corresponding update for CVE-2025-64524 for Ubuntu 25.04.

Original advisory details:

It was discovered that cups-filters incorrectly handled certain malformed
TIFF image files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-57812)

It was discovered that cups-filters incorrectly handled certain malformed
PDF document files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2025-64503)

It was discovered that cups-filters incorrectly handled certain malformed
CUPS Raster files. A remote attacker could use this issue to cause
cups-filters to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2025-64524)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
cups-filters 2.0.1-0ubuntu3.25.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7878-2
https://ubuntu.com/security/notices/USN-7878-1
CVE-2025-64524

Package Information:
https://launchpad.net/ubuntu/+source/cups-filters/2.0.1-0ubuntu3.25.04.1



[USN-7887-1] Linux kernel (Raspberry Pi Real-time) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7887-1
November 24, 2025

linux-raspi-realtime vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi-realtime: Linux kernel for Raspberry Pi Real-time systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Ublk userspace block driver;
- Clock framework and drivers;
- EDAC drivers;
- GPU drivers;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- Remote Processor subsystem;
- Thermal drivers;
- Virtio Host (VHOST) subsystem;
- 9P distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Memory management;
- RDMA verbs API;
- Kernel fork() syscall;
- Tracing infrastructure;
- Watch queue notification mechanism;
- Asynchronous Transfer Mode (ATM) subsystem;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- SoC Audio for Freescale CPUs drivers;
(CVE-2023-53034, CVE-2024-58092, CVE-2025-22018, CVE-2025-22019,
CVE-2025-22020, CVE-2025-22021, CVE-2025-22025, CVE-2025-22027,
CVE-2025-22028, CVE-2025-22033, CVE-2025-22035, CVE-2025-22036,
CVE-2025-22038, CVE-2025-22039, CVE-2025-22040, CVE-2025-22041,
CVE-2025-22042, CVE-2025-22044, CVE-2025-22045, CVE-2025-22047,
CVE-2025-22050, CVE-2025-22053, CVE-2025-22054, CVE-2025-22055,
CVE-2025-22056, CVE-2025-22057, CVE-2025-22058, CVE-2025-22060,
CVE-2025-22062, CVE-2025-22063, CVE-2025-22064, CVE-2025-22065,
CVE-2025-22066, CVE-2025-22068, CVE-2025-22070, CVE-2025-22071,
CVE-2025-22072, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079,
CVE-2025-22080, CVE-2025-22081, CVE-2025-22083, CVE-2025-22086,
CVE-2025-22089, CVE-2025-22090, CVE-2025-22095, CVE-2025-22097,
CVE-2025-23136, CVE-2025-23138, CVE-2025-37937, CVE-2025-38152,
CVE-2025-38240, CVE-2025-38575, CVE-2025-38637, CVE-2025-39682,
CVE-2025-39728, CVE-2025-39735, CVE-2025-40114, CVE-2025-40157)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-2032-raspi-realtime 6.8.0-2032.33
Available with Ubuntu Pro
linux-image-raspi-realtime 6.8.0-2032.33
Available with Ubuntu Pro
linux-image-raspi-realtime-6.8 6.8.0-2032.33
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-7887-1
CVE-2023-53034, CVE-2024-58092, CVE-2025-22018, CVE-2025-22019,
CVE-2025-22020, CVE-2025-22021, CVE-2025-22025, CVE-2025-22027,
CVE-2025-22028, CVE-2025-22033, CVE-2025-22035, CVE-2025-22036,
CVE-2025-22038, CVE-2025-22039, CVE-2025-22040, CVE-2025-22041,
CVE-2025-22042, CVE-2025-22044, CVE-2025-22045, CVE-2025-22047,
CVE-2025-22050, CVE-2025-22053, CVE-2025-22054, CVE-2025-22055,
CVE-2025-22056, CVE-2025-22057, CVE-2025-22058, CVE-2025-22060,
CVE-2025-22062, CVE-2025-22063, CVE-2025-22064, CVE-2025-22065,
CVE-2025-22066, CVE-2025-22068, CVE-2025-22070, CVE-2025-22071,
CVE-2025-22072, CVE-2025-22073, CVE-2025-22075, CVE-2025-22079,
CVE-2025-22080, CVE-2025-22081, CVE-2025-22083, CVE-2025-22086,
CVE-2025-22089, CVE-2025-22090, CVE-2025-22095, CVE-2025-22097,
CVE-2025-23136, CVE-2025-23138, CVE-2025-37937, CVE-2025-38152,
CVE-2025-38240, CVE-2025-38575, CVE-2025-38637, CVE-2025-39682,
CVE-2025-39728, CVE-2025-39735, CVE-2025-40114, CVE-2025-40157

Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi-realtime/6.8.0-2032.33



[USN-7886-1] Python vulnerabilities


==========================================================================
Ubuntu Security Notice USN-7886-1
November 24, 2025

python3.12, python3.11, python3.10, python3.9, python3.8, python3.7,
python3.6, python3.5, python3.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Python.

Software Description:
- python3.12: An interactive high-level object-oriented language
- python3.10: An interactive high-level object-oriented language
- python3.11: An interactive high-level object-oriented language
- python3.8: An interactive high-level object-oriented language
- python3.9: An interactive high-level object-oriented language
- python3.6: An interactive high-level object-oriented language
- python3.7: An interactive high-level object-oriented language
- python3.5: An interactive high-level object-oriented language
- python3.4: An interactive high-level object-oriented language

Details:

It was discovered that Python inefficiently handled expanding system
environment variables. An attacker could possibly use this issue to cause
Python to consume excessive resources, leading to a denial of service.
(CVE-2025-6075)

Caleb Brown discovered that Python incorrectly handled the ZIP64 End of
Central Directory (EOCD) Locator record offset value. An attacker could
possibly use this issue to obfuscate malicious content. (CVE-2025-8291)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libpython3.12t64 3.12.3-1ubuntu0.9
python3.12 3.12.3-1ubuntu0.9

Ubuntu 22.04 LTS
idle-python3.11 3.11.0~rc1-1~22.04.1~esm6
Available with Ubuntu Pro
libpython3.10 3.10.12-1~22.04.12
python3.10 3.10.12-1~22.04.12
python3.11 3.11.0~rc1-1~22.04.1~esm6
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libpython3.8 3.8.10-0ubuntu1~20.04.18+esm3
Available with Ubuntu Pro
libpython3.9 3.9.5-3ubuntu0~20.04.1+esm7
Available with Ubuntu Pro
python3.8 3.8.10-0ubuntu1~20.04.18+esm3
Available with Ubuntu Pro
python3.9 3.9.5-3ubuntu0~20.04.1+esm7
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libpython3.6 3.6.9-1~18.04ubuntu1.13+esm7
Available with Ubuntu Pro
libpython3.7 3.7.5-2ubuntu1~18.04.2+esm8
Available with Ubuntu Pro
libpython3.8 3.8.0-3ubuntu1~18.04.2+esm7
Available with Ubuntu Pro
python3.6 3.6.9-1~18.04ubuntu1.13+esm7
Available with Ubuntu Pro
python3.7 3.7.5-2ubuntu1~18.04.2+esm8
Available with Ubuntu Pro
python3.8 3.8.0-3ubuntu1~18.04.2+esm7
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libpython3.5 3.5.2-2ubuntu0~16.04.13+esm20
Available with Ubuntu Pro
python3.5 3.5.2-2ubuntu0~16.04.13+esm20
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libpython3.4 3.4.3-1ubuntu1~14.04.7+esm17
Available with Ubuntu Pro
libpython3.5 3.5.2-2ubuntu0~16.04.4~14.04.1+esm8
Available with Ubuntu Pro
python3.4 3.4.3-1ubuntu1~14.04.7+esm17
Available with Ubuntu Pro
python3.5 3.5.2-2ubuntu0~16.04.4~14.04.1+esm8
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7886-1
CVE-2025-6075, CVE-2025-8291

Package Information:
https://launchpad.net/ubuntu/+source/python3.12/3.12.3-1ubuntu0.9


Kernel, Firefox, Podman, and more updates for SUSE

Erlang, R-Cran-GH, Python-Gevent updates for Debian

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...