Ubuntu has released several security notices (USN) to address vulnerabilities in various packages. The affected releases include Ubuntu 25.04, Ubuntu 24.04 LTS, and Ubuntu 22.04 LTS. The vulnerabilities include a JSON-XS issue that could cause a denial of service by crashing if it parses specially crafted JSON data, as well as issues with SQLite, cPanel-JSON-XS, Vim, and RubyGems that could potentially lead to code execution or resource consumption.

[USN-7750-1] JSON-XS vulnerability
[USN-7751-1] SQLite vulnerability
[USN-7749-1] Cpanel-JSON-XS vulnerability
[USN-7748-1] Vim vulnerabilities
[USN-7747-1] RubyGems vulnerability

[USN-7750-1] JSON-XS vulnerability

==========================================================================
Ubuntu Security Notice USN-7750-1
September 15, 2025

libjson-xs-perl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

JSON-XS could be made to crash if it parsed specially crafted JSON.

Software Description:
- libjson-xs-perl: module for manipulating JSON-formatted data

Details:

It was discovered that JSON-XS incorrectly handled parsing certain JSON
data. An attacker could possibly use this issue to cause JSON-XS to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libjson-xs-perl 4.040-0ubuntu0.25.04.1

Ubuntu 24.04 LTS
libjson-xs-perl 4.040-0ubuntu0.24.04.1

Ubuntu 22.04 LTS
libjson-xs-perl 4.040-0ubuntu0.22.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7750-1
CVE-2025-40928

Package Information:
https://launchpad.net/ubuntu/+source/libjson-xs-perl/4.040-0ubuntu0.25.04.1
https://launchpad.net/ubuntu/+source/libjson-xs-perl/4.040-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/libjson-xs-perl/4.040-0ubuntu0.22.04.1

[USN-7751-1] SQLite vulnerability

==========================================================================
Ubuntu Security Notice USN-7751-1
September 15, 2025

sqlite3 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS

Summary:

SQLite could be made to crash or run programs if it received specially
crafted input.

Software Description:
- sqlite3: C library that implements an SQL database engine

Details:

It was discovered that the FTS5 SQLite extension incorrectly calculated
certain array lengths. An attacker could use this issue to cause SQLite to
crash, resulting in a denial of service, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libsqlite3-0 3.46.1-3ubuntu0.3

Ubuntu 24.04 LTS
libsqlite3-0 3.45.1-1ubuntu2.5

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7751-1
CVE-2025-7709

Package Information:
https://launchpad.net/ubuntu/+source/sqlite3/3.46.1-3ubuntu0.3
https://launchpad.net/ubuntu/+source/sqlite3/3.45.1-1ubuntu2.5

[USN-7749-1] Cpanel-JSON-XS vulnerability

==========================================================================
Ubuntu Security Notice USN-7749-1
September 15, 2025

libcpanel-json-xs-perl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Cpanel-JSON-XS could be made to crash if it parsed specially crafted JSON.

Software Description:
- libcpanel-json-xs-perl: module for fast and correct serialising to JSON

Details:

It was discovered that Cpanel-JSON-XS incorrectly handled parsing certain
JSON data. An attacker could possibly use this issue to cause
Cpanel-JSON-XS to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
libcpanel-json-xs-perl 4.39-1ubuntu0.1

Ubuntu 24.04 LTS
libcpanel-json-xs-perl 4.37-1ubuntu0.1

Ubuntu 22.04 LTS
libcpanel-json-xs-perl 4.27-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7749-1
CVE-2025-40929

Package Information:
https://launchpad.net/ubuntu/+source/libcpanel-json-xs-perl/4.39-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libcpanel-json-xs-perl/4.37-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libcpanel-json-xs-perl/4.27-1ubuntu0.2

[USN-7748-1] Vim vulnerabilities

==========================================================================
Ubuntu Security Notice USN-7748-1
September 15, 2025

vim vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in Vim.

Software Description:
- vim: Vi IMproved - enhanced vi editor

Details:

It was discovered that Vim incorrectly handled file extraction when opening
maliciously crafted zip or tar archives. An attacker could possibly use
this issue to create or overwrite files on the system and execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
vim 2:9.1.0967-1ubuntu4.1

Ubuntu 24.04 LTS
vim 2:9.1.0016-1ubuntu7.9

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7748-1
CVE-2025-53905, CVE-2025-53906

Package Information:
https://launchpad.net/ubuntu/+source/vim/2:9.1.0967-1ubuntu4.1
https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubuntu7.9

[USN-7747-1] RubyGems vulnerability

==========================================================================
Ubuntu Security Notice USN-7747-1
September 15, 2025

rubygems vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

RubyGems could be made to consume resources if it received specially
crafted input.

Software Description:
- rubygems: package management framework for Ruby libraries/applications

Details:

It was discovered that RubyGems incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause RubyGems to
consume resources, leading to a regular expression denial of service
(ReDoS).

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
ruby-bundler 2.3.5-2ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7747-1
CVE-2023-36617

Package Information:
https://launchpad.net/ubuntu/+source/rubygems/3.3.5-2ubuntu1.2