Ubuntu has released several security notices to address vulnerabilities in various packages. The affected packages include Samba (USN-7826-1), Redis (USN-7824-3, USN-7824-2, and USN-7824-1), Redict (USN-7824-2), Apache Subversion (USN-7818-2), .NET (USN-7822-1), and MuPDF (USN-7825-1). These vulnerabilities affect various Ubuntu releases, including 25.10, 25.04, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, 16.04 LTS, and 14.04 LTS.

[USN-7826-1] Samba vulnerabilities
[USN-7824-3] Redis vulnerability
[USN-7824-1] Redis vulnerability
[USN-7824-2] Redict vulnerability
[USN-7818-2] Apache Subversion vulnerability
[USN-7822-1] .NET vulnerabilities
[USN-7825-1] MuPDF vulnerabilities

[USN-7826-1] Samba vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7826-1
October 16, 2025

samba vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Samba.

Software Description:
- samba: SMB/CIFS file, print, and login server for Unix

Details:

Andrew Walker discovered that Samba incorrectly initialized memory in the
vfs_streams_xattr module. An authenticated attacker could possibly use this
issue to obtain sensitive information. (CVE-2025-9640)

Igor Morgenstern discovered that Samba incorrectly handled names passed to
the WINS hook program. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2025-10230)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
samba 2:4.22.3+dfsg-4ubuntu2.1

Ubuntu 25.04
samba 2:4.21.4+dfsg-1ubuntu3.5

Ubuntu 24.04 LTS
samba 2:4.19.5+dfsg-4ubuntu9.4

Ubuntu 22.04 LTS
samba 2:4.15.13+dfsg-0ubuntu1.10

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7826-1
CVE-2025-10230, CVE-2025-9640

Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.22.3+dfsg-4ubuntu2.1
https://launchpad.net/ubuntu/+source/samba/2:4.21.4+dfsg-1ubuntu3.5
https://launchpad.net/ubuntu/+source/samba/2:4.19.5+dfsg-4ubuntu9.4
https://launchpad.net/ubuntu/+source/samba/2:4.15.13+dfsg-0ubuntu1.10

[USN-7824-3] Redis vulnerability

==========================================================================
Ubuntu Security Notice USN-7824-3
October 16, 2025

redis vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Redis could be made to crash or run programs if it received
specially crafted network traffic from an authenticated user.

Software Description:
- redis: Persistent key-value database with network interface

Details:

USN-7824-1 fixed several vulnerabilities in Redis. This update provides
the corresponding update for Ubuntu 22.04 LTS.

Original advisory details:

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly
handled memory when running Lua scripts. An authenticated attacker could use
this vulnerability to trigger a use-after-free condition, and potentially
achieve remote code execution on the Redis server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
redis 5:6.0.16-1ubuntu1.1
redis-sentinel 5:6.0.16-1ubuntu1.1
redis-server 5:6.0.16-1ubuntu1.1
redis-tools 5:6.0.16-1ubuntu1.1

After a standard system update you need to restart Redis to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7824-3
https://ubuntu.com/security/notices/USN-7824-2
https://ubuntu.com/security/notices/USN-7824-1
CVE-2025-49844

Package Information:
https://launchpad.net/ubuntu/+source/redis/5:6.0.16-1ubuntu1.1

[USN-7824-1] Redis vulnerability

==========================================================================
Ubuntu Security Notice USN-7824-1
October 15, 2025

redis vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Redis could be made to crash or run programs if it received specially
crafted network traffic from an authenticated user.

Software Description:
- redis: Persistent key-value database with network interface

Details:

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly
handled memory when running Lua scripts. An authenticated attacker could
use this vulnerability to trigger a use-after-free condition, and
potentially achieve remote code execution on the Redis server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
redis 5:8.0.2-3ubuntu0.25.10.1
redis-sentinel 5:8.0.2-3ubuntu0.25.10.1
redis-server 5:8.0.2-3ubuntu0.25.10.1
redis-tools 5:8.0.2-3ubuntu0.25.10.1

Ubuntu 25.04
redis 5:7.0.15-3ubuntu0.1
redis-sentinel 5:7.0.15-3ubuntu0.1
redis-server 5:7.0.15-3ubuntu0.1
redis-tools 5:7.0.15-3ubuntu0.1

Ubuntu 24.04 LTS
redis 5:7.0.15-1ubuntu0.24.04.2
redis-sentinel 5:7.0.15-1ubuntu0.24.04.2
redis-server 5:7.0.15-1ubuntu0.24.04.2
redis-tools 5:7.0.15-1ubuntu0.24.04.2

Ubuntu 20.04 LTS
redis 5:5.0.7-2ubuntu0.1+esm4
Available with Ubuntu Pro
redis-sentinel 5:5.0.7-2ubuntu0.1+esm4
Available with Ubuntu Pro
redis-server 5:5.0.7-2ubuntu0.1+esm4
Available with Ubuntu Pro
redis-tools 5:5.0.7-2ubuntu0.1+esm4
Available with Ubuntu Pro

Ubuntu 18.04 LTS
redis 5:4.0.9-1ubuntu0.2+esm6
Available with Ubuntu Pro
redis-sentinel 5:4.0.9-1ubuntu0.2+esm6
Available with Ubuntu Pro
redis-server 5:4.0.9-1ubuntu0.2+esm6
Available with Ubuntu Pro
redis-tools 5:4.0.9-1ubuntu0.2+esm6
Available with Ubuntu Pro

Ubuntu 16.04 LTS
redis-sentinel 2:3.0.6-1ubuntu0.4+esm4
Available with Ubuntu Pro
redis-server 2:3.0.6-1ubuntu0.4+esm4
Available with Ubuntu Pro
redis-tools 2:3.0.6-1ubuntu0.4+esm4
Available with Ubuntu Pro

Ubuntu 14.04 LTS
redis-server 2:2.8.4-2ubuntu0.2+esm5
Available with Ubuntu Pro
redis-tools 2:2.8.4-2ubuntu0.2+esm5
Available with Ubuntu Pro

After a standard system update you need to restart Redis to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-7824-1
CVE-2025-49844

Package Information:
https://launchpad.net/ubuntu/+source/redis/5:8.0.2-3ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/redis/5:7.0.15-3ubuntu0.1
https://launchpad.net/ubuntu/+source/redis/5:7.0.15-1ubuntu0.24.04.2

[USN-7824-2] Redict vulnerability

==========================================================================
Ubuntu Security Notice USN-7824-2
October 16, 2025

redict vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04

Summary:

Redict could be made to crash or run programs if it received
specially crafted network traffic from an authenticated user.

Software Description:
- redict: Distributed key/value store

Details:

USN-7824-1 fixed several vulnerabilities in Redis. This update provides
the corresponding update for Redict - a fork of Redis.

Original advisory details:

Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered that Redis incorrectly
handled memory when running Lua scripts. An authenticated attacker could use
this vulnerability to trigger a use-after-free condition, and potentially
achieve remote code execution on the Redis server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
redict 7.3.5+ds-1ubuntu0.1
redict-sentinel 7.3.5+ds-1ubuntu0.1
redict-server 7.3.5+ds-1ubuntu0.1
redict-tools 7.3.5+ds-1ubuntu0.1

Ubuntu 25.04
redict 7.3.2+ds-1ubuntu0.1
redict-sentinel 7.3.2+ds-1ubuntu0.1
redict-server 7.3.2+ds-1ubuntu0.1
redict-tools 7.3.2+ds-1ubuntu0.1

After a standard system update you need to restart Redict to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7824-2
https://ubuntu.com/security/notices/USN-7824-1
CVE-2025-49844

Package Information:
https://launchpad.net/ubuntu/+source/redict/7.3.5+ds-1ubuntu0.1
https://launchpad.net/ubuntu/+source/redict/7.3.2+ds-1ubuntu0.1

[USN-7818-2] Apache Subversion vulnerability

==========================================================================
Ubuntu Security Notice USN-7818-2
October 16, 2025

subversion vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Apache Subversion could be made to crash if it opened a specially crafted
file.

Software Description:
- subversion: Advanced version control system

Details:

USN-7818-1 fixed vulnerabilities in Apache Subversion. This update provides
the corresponding update for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu
22.04 LTS, and Ubuntu 24.04 LTS.

Original advisory details:

It was discovered that Apache Subversion incorrectly parsed control
characters in filenames. An attacker could possibly use this issue to
commit a corrupted revision to a repository, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
subversion 1.14.3-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
subversion 1.14.1-3ubuntu0.22.04.1+esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
subversion 1.13.0-3ubuntu0.2+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
subversion 1.9.7-4ubuntu1.1+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7818-2
https://ubuntu.com/security/notices/USN-7818-1
CVE-2024-46901

[USN-7822-1] .NET vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7822-1
October 16, 2025

dotnet8, dotnet9, dotnet10 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in .NET

Software Description:
- dotnet10: .NET CLI tools and runtime
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime

Details:

It was discovered that .NET did not properly handle the creation of temporary
build time directories. An attacker could possibly use this issue to cause a
denial of service. (CVE-2025-55247)

It was discovered that .NET did not properly establish TLS sessions for
SMTP server connections. An attacker could use this issue to cause .NET
to use unencrypted connections. This issue only affects .NET versions 8.0
and 9.0. (CVE-2025-55248)

It was discovered that .NET inconsistently interpreted certain http
requests. An attacker could possibly use this to bypass a security feature
over a network. (CVE-2025-55315)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
aspnetcore-runtime-10.0 10.0.0~rc2-0ubuntu1~25.10.2
aspnetcore-runtime-8.0 8.0.21-0ubuntu1~25.10.1
aspnetcore-runtime-9.0 9.0.10-0ubuntu1~25.10.1
dotnet-host-10.0 10.0.0~rc2-0ubuntu1~25.10.2
dotnet-host-8.0 8.0.21-0ubuntu1~25.10.1
dotnet-host-9.0 9.0.10-0ubuntu1~25.10.1
dotnet-hostfxr-10.0 10.0.0~rc2-0ubuntu1~25.10.2
dotnet-hostfxr-8.0 8.0.21-0ubuntu1~25.10.1
dotnet-hostfxr-9.0 9.0.10-0ubuntu1~25.10.1
dotnet-runtime-10.0 10.0.0~rc2-0ubuntu1~25.10.2
dotnet-runtime-8.0 8.0.21-0ubuntu1~25.10.1
dotnet-runtime-9.0 9.0.10-0ubuntu1~25.10.1
dotnet-sdk-10.0 10.0.100~rc2-0ubuntu1~25.10.2
dotnet-sdk-8.0 8.0.121-0ubuntu1~25.10.1
dotnet-sdk-9.0 9.0.111-0ubuntu1~25.10.1
dotnet-sdk-aot-10.0 10.0.100~rc2-0ubuntu1~25.10.2
dotnet-sdk-aot-9.0 9.0.111-0ubuntu1~25.10.1
dotnet10 10.0.100-10.0.0~rc2-0ubuntu1~25.10.2
dotnet8 8.0.121-8.0.21-0ubuntu1~25.10.1
dotnet9 9.0.111-9.0.10-0ubuntu1~25.10.1

Ubuntu 25.04
aspnetcore-runtime-8.0 8.0.21-0ubuntu1~25.04.1
aspnetcore-runtime-9.0 9.0.10-0ubuntu1~25.04.1
dotnet-host-8.0 8.0.21-0ubuntu1~25.04.1
dotnet-host-9.0 9.0.10-0ubuntu1~25.04.1
dotnet-hostfxr-8.0 8.0.21-0ubuntu1~25.04.1
dotnet-hostfxr-9.0 9.0.10-0ubuntu1~25.04.1
dotnet-runtime-8.0 8.0.21-0ubuntu1~25.04.1
dotnet-runtime-9.0 9.0.10-0ubuntu1~25.04.1
dotnet-sdk-8.0 8.0.121-0ubuntu1~25.04.1
dotnet-sdk-9.0 9.0.111-0ubuntu1~25.04.1
dotnet-sdk-aot-9.0 9.0.111-0ubuntu1~25.04.1
dotnet8 8.0.121-8.0.21-0ubuntu1~25.04.1
dotnet9 9.0.111-9.0.10-0ubuntu1~25.04.1

Ubuntu 24.04 LTS
aspnetcore-runtime-8.0 8.0.21-0ubuntu1~24.04.1
dotnet-host-8.0 8.0.21-0ubuntu1~24.04.1
dotnet-hostfxr-8.0 8.0.21-0ubuntu1~24.04.1
dotnet-runtime-8.0 8.0.21-0ubuntu1~24.04.1
dotnet-sdk-8.0 8.0.121-0ubuntu1~24.04.1
dotnet8 8.0.121-8.0.21-0ubuntu1~24.04.1

Ubuntu 22.04 LTS
aspnetcore-runtime-8.0 8.0.21-0ubuntu1~22.04.1
dotnet-host-8.0 8.0.21-0ubuntu1~22.04.1
dotnet-hostfxr-8.0 8.0.21-0ubuntu1~22.04.1
dotnet-runtime-8.0 8.0.21-0ubuntu1~22.04.1
dotnet-sdk-8.0 8.0.121-0ubuntu1~22.04.1
dotnet8 8.0.121-8.0.21-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7822-1
CVE-2025-55247, CVE-2025-55248, CVE-2025-55315

Package Information:
https://launchpad.net/ubuntu/+source/dotnet10/10.0.100-10.0.0~rc2-0ubuntu1~25.10.2
https://launchpad.net/ubuntu/+source/dotnet8/8.0.121-8.0.21-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet9/9.0.111-9.0.10-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.121-8.0.21-0ubuntu1~25.04.1
https://launchpad.net/ubuntu/+source/dotnet9/9.0.111-9.0.10-0ubuntu1~25.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.121-8.0.21-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.121-8.0.21-0ubuntu1~22.04.1

[USN-7825-1] MuPDF vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7825-1
October 16, 2025

mupdf vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in MuPDF.

Software Description:
- mupdf: A lightweight open source software framework for viewing and converting PDF, XPS, and E-book documents

Details:

It was discovered that MuPDF incorrectly managed memory, resulting in a
memory leak. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-1000036)

It was discovered that MuPDF could enter an infinite loop when parsing
certain PDF files. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-10289)

It was discovered that MuPDF incorrectly managed memory, possibly leading
to a segmentation fault. An attacker could possibly use this issue to
cause a denial of service. This issue only affected Ubuntu 18.04 LTS.
(CVE-2018-16647, CVE-2018-16648)

It was discovered that MuPDF contained a use-after-free vulnerability.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2020-21896)

It was discovered that MuPDF incorrectly managed memory, resulting in a
memory leak. An attacker could possibly use this issue to cause a denial
of service or obtain sensitive information. This issue only affected
Ubuntu 20.04 LTS. (CVE-2020-26683)

Maxim Mishechkin, Vitalii Akolzin, Shamil Kurmangaleev, Denis Straghkov,
Fedor Nis'kov and Ivan Gulakov discovered that MuPDF incorrectly managed
memory under certain circumstances, leading to a double-free. An attacker
could possibly use this to cause a denial of service. This issue only
affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2021-3407)

Xuwei Liu discovered that MuPDF may perform an out-of-bounds write under
certain circumstances. An attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-37220)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
libmupdf-dev 1.16.1+ds1-1ubuntu1+esm1
Available with Ubuntu Pro
mupdf 1.16.1+ds1-1ubuntu1+esm1
Available with Ubuntu Pro
mupdf-tools 1.16.1+ds1-1ubuntu1+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libmupdf-dev 1.12.0+ds1-1ubuntu0.1~esm1
Available with Ubuntu Pro
mupdf 1.12.0+ds1-1ubuntu0.1~esm1
Available with Ubuntu Pro
mupdf-tools 1.12.0+ds1-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libmupdf-dev 1.7a-1ubuntu0.1~esm1
Available with Ubuntu Pro
mupdf 1.7a-1ubuntu0.1~esm1
Available with Ubuntu Pro
mupdf-tools 1.7a-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7825-1
CVE-2018-1000036, CVE-2018-10289, CVE-2018-16647, CVE-2018-16648,
CVE-2020-21896, CVE-2020-26683, CVE-2021-3407, CVE-2021-37220