Aggregator

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - SMB network file system; - Bluetooth subsystem; - Network traffic control; (CVE-2023-52975, CVE-2024-38541, CVE-2025-37797, CVE-2024-49950, CVE-2024-50073, CVE-2023-52757, CVE-2025-38083)

Version:next-20250821 (linux-next) Released:2025-08-21

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-A(FFA); - Multiple devices driver; - Media drivers; - Network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - x86 platform drivers; - TCM subsystem; - Virtio drivers; - File systems infrastructure; - SMB network file system; - LZO compression library; - Digital Audio (PCM) driver; - Tracing infrastructure; - Padata parallel execution mechanism; - CAN network layer; - Networking core; - TIPC protocol; - ALSA framework; (CVE-2025-38079, CVE-2025-38048, CVE-2025-38075, CVE-2025-38077, CVE-2025-38035, CVE-2025-38037, CVE-2025-38034, CVE-2025-38058, CVE-2025-38004, CVE-2025-38031, CVE-2025-38078, CVE-2025-38044, CVE-2025-38066, CVE-2025-38052, CVE-2025-38043, CVE-2025-38065, CVE-2025-38003, CVE-2025-38061, CVE-2025-38051, CVE-2025-38072, CVE-2025-38068)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - HID subsystem; - Input Device (Mouse) drivers; - Multiple devices driver; - Media drivers; - Network drivers; - PCI subsystem; - S/390 drivers; - SPI subsystem; - Trusted Execution Environment drivers; - UFS subsystem; - USB Device Class drivers; - USB core drivers; - USB Gadget drivers; - Framebuffer layer; - Network file system (NFS) client; - Network file system (NFS) server daemon; - File systems infrastructure; - SMB network file system; - Networking core; - L3 Master device support module; - TCP network protocol; - io_uring subsystem; - Process Accounting mechanism; - BPF subsystem; - Timer subsystem; - Workqueue subsystem; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Open vSwitch; - Network traffic control; - SOF drivers; (CVE-2025-21776, CVE-2025-21768, CVE-2025-21848, CVE-2025-21855, CVE-2025-21791, CVE-2025-21838, CVE-2025-21762, CVE-2025-21846, CVE-2025-21765, CVE-2025-21869, CVE-2025-21783, CVE-2025-21868, CVE-2025-21857, CVE-2025-21773, CVE-2024-54458, CVE-2025-21871, CVE-2025-21763, CVE-2024-58088, CVE-2025-21835, CVE-2025-21793, CVE-2025-21867, CVE-2025-21784, CVE-2025-21839, CVE-2025-21786, CVE-2025-21764, CVE-2025-21761, CVE-2025-21767, CVE-2024-58020, CVE-2025-21847, CVE-2025-21792, CVE-2025-21785, CVE-2025-21863, CVE-2025-21854, CVE-2025-21704, CVE-2024-52559, CVE-2025-21775, CVE-2025-21758, CVE-2025-21858, CVE-2025-21866, CVE-2025-21870, CVE-2024-57977, CVE-2024-54456, CVE-2025-21759, CVE-2025-21781, CVE-2025-21760, CVE-2025-21706, CVE-2024-57834, CVE-2025-21712, CVE-2025-21864, CVE-2025-21780, CVE-2025-21790, CVE-2025-21856, CVE-2025-21796, CVE-2025-21859, CVE-2025-21782, CVE-2024-58093, CVE-2025-21844, CVE-2025-21795, CVE-2025-21823, CVE-2025-21853, CVE-2025-21772, CVE-2025-21746, CVE-2025-21821, CVE-2024-58086, CVE-2025-21787, CVE-2025-21836, CVE-2025-21861, CVE-2025-21766, CVE-2025-21862, CVE-2025-21779)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - RISC-V architecture; - x86 architecture; - Buffer Sharing and Synchronization framework; - DMA engine subsystem; - GPU drivers; - HID subsystem; - IIO ADC drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - Network drivers; - Mellanox network drivers; - PHY drivers; - Voltage and Current Regulator drivers; - VideoCore services drivers; - USB Type-C Connector System Software Interface driver; - Xen hypervisor drivers; - EROFS file system; - Network file system (NFS) client; - File systems infrastructure; - SMB network file system; - Network traffic control; - io_uring subsystem; - Kernel command line parsing driver; - Scheduler infrastructure; - Memory management; - Networking core; - MAC80211 subsystem; - Management Component Transport Protocol (MCTP); - Netfilter; - Open vSwitch; - TLS protocol; - Wireless networking; - SOF drivers; (CVE-2025-38011, CVE-2025-38095, CVE-2025-37967, CVE-2025-38012, CVE-2025-38019, CVE-2025-37960, CVE-2025-37973, CVE-2025-37958, CVE-2025-38094, CVE-2025-37963, CVE-2025-37955, CVE-2025-38014, CVE-2025-38025, CVE-2025-37970, CVE-2025-37947, CVE-2025-37966, CVE-2025-37948, CVE-2025-38013, CVE-2025-37957, CVE-2025-38028, CVE-2025-37962, CVE-2025-38002, CVE-2025-37996, CVE-2025-37992, CVE-2025-37969, CVE-2025-38009, CVE-2025-38027, CVE-2025-38020, CVE-2025-38023, CVE-2025-38008, CVE-2025-38015, CVE-2025-37954, CVE-2025-38007, CVE-2025-38005, CVE-2025-37956, CVE-2025-37965, CVE-2025-37972, CVE-2025-38006, CVE-2025-37971, CVE-2025-38056, CVE-2025-37968, CVE-2025-38024, CVE-2025-37951, CVE-2025-38016, CVE-2025-38022, CVE-2025-37964, CVE-2025-37994, CVE-2025-37952, CVE-2025-37998, CVE-2025-37993, CVE-2025-38018, CVE-2025-38010, CVE-2025-37995, CVE-2025-38021, CVE-2025-37999, CVE-2025-37961, CVE-2025-37959, CVE-2025-37950, CVE-2025-37949)

Version:6.16.2 (stable) Released:2025-08-20 Source:linux-6.16.2.tar.xz PGP Signature:linux-6.16.2.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.16.2

Version:6.15.11 (EOL) (stable) Released:2025-08-20 Source:linux-6.15.11.tar.xz PGP Signature:linux-6.15.11.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.15.11

Version:6.12.43 (longterm) Released:2025-08-20 Source:linux-6.12.43.tar.xz PGP Signature:linux-6.12.43.tar.sign Patch:full (incremental) ChangeLog:ChangeLog-6.12.43

It was discovered that poppler incorrectly handled certain PDF files. An attacker could possibly use this issue to cause a denial of service.

It was discovered that LibTIFF incorrectly handled certain memory operations when using tiffmedian tool. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to cause a denial of service. (CVE-2025-8176) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using thumbnail tool. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2025-8177) It was discovered that LibTIFF incorrectly handled certain memory operations when using tiff2ps tool. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to cause a denial of service. (CVE-2025-8534) It was discovered that LibTIFF did not properly perform bounds checking in certain operations when using tiffcrop tool. An attacker could trick a user into processing a specially crafted tiff image file and potentially use this issue to cause a denial of service. (CVE-2025-8851)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - SMB network file system; - Bluetooth subsystem; - Network traffic control; (CVE-2023-52757, CVE-2024-49950, CVE-2024-38541, CVE-2023-52975, CVE-2024-50073, CVE-2025-38083, CVE-2025-37797)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network traffic control; (CVE-2025-38083, CVE-2025-37797)

It was discovered that Ceph incorrectly handled read-only permissions. An authenticated attacker could use this issue to obtain dm-crypt encryption keys. This issue only affected Ubuntu 14.04 LTS. (CVE-2018-14662) Sergey Bobrov discovered that Ceph’s RadosGW (Ceph Object Gateway) allowed the injection of HTTP headers in responses to CORS requests. An attacker could possibly use this issue to compromise system integrity. This issue only affected Ubuntu 16.04 LTS. (CVE-2021-3524)

Version:next-20250820 (linux-next) Released:2025-08-20

It was discovered that Tomcat did not correctly handle case sensitivity. An attacker could possibly use this issue to bypass authentication mechanisms. (CVE-2025-46701) Elysee Franchuk discovered that Tomcat did not correctly limit the number of attributes for a session. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-54677) It was discovered that Tomcat did not correctly sanitize certain URLs. An attacker could possibly use this issue to bypass authentication mechanisms. (CVE-2025-31651) It was discovered that Tomcat did not correctly handle certain malformed HTTP headers, which could lead to a memory leak. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2025-31650) It was discovered that Tomcat did not correctly handle concurrent operations under certain circumstances. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-50379) It was discovered that Tomcat did not correctly handle certain authentication errors. An attacker could possibly use this issue to bypass authentication mechanisms. This issue only affected Ubuntu 24.04 LTS. (CVE-2024-52316)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-A(FFA); - Multiple devices driver; - Media drivers; - Network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - x86 platform drivers; - TCM subsystem; - Virtio drivers; - File systems infrastructure; - SMB network file system; - LZO compression library; - Digital Audio (PCM) driver; - Tracing infrastructure; - Padata parallel execution mechanism; - CAN network layer; - Networking core; - TIPC protocol; - ALSA framework; (CVE-2025-38079, CVE-2025-38048, CVE-2025-38075, CVE-2025-38077, CVE-2025-38035, CVE-2025-38037, CVE-2025-38034, CVE-2025-38058, CVE-2025-38004, CVE-2025-38031, CVE-2025-38078, CVE-2025-38044, CVE-2025-38066, CVE-2025-38052, CVE-2025-38043, CVE-2025-38065, CVE-2025-38003, CVE-2025-38061, CVE-2025-38051, CVE-2025-38072, CVE-2025-38068)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Arm Firmware Framework for ARMv8-A(FFA); - Multiple devices driver; - Media drivers; - Network drivers; - NVDIMM (Non-Volatile Memory Device) drivers; - NVME drivers; - x86 platform drivers; - TCM subsystem; - Virtio drivers; - File systems infrastructure; - SMB network file system; - LZO compression library; - Digital Audio (PCM) driver; - Tracing infrastructure; - Padata parallel execution mechanism; - CAN network layer; - Networking core; - TIPC protocol; - ALSA framework; (CVE-2025-38052, CVE-2025-38078, CVE-2025-38079, CVE-2025-38061, CVE-2025-38044, CVE-2025-38065, CVE-2025-38043, CVE-2025-38034, CVE-2025-38037, CVE-2025-38048, CVE-2025-38066, CVE-2025-38003, CVE-2025-38058, CVE-2025-38075, CVE-2025-38077, CVE-2025-38051, CVE-2025-38031, CVE-2025-38035, CVE-2025-38072, CVE-2025-38004, CVE-2025-38068)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - HID subsystem; - Input Device (Mouse) drivers; - Multiple devices driver; - Media drivers; - Network drivers; - PCI subsystem; - S/390 drivers; - SPI subsystem; - Trusted Execution Environment drivers; - UFS subsystem; - USB Device Class drivers; - USB core drivers; - USB Gadget drivers; - Framebuffer layer; - Network file system (NFS) client; - Network file system (NFS) server daemon; - File systems infrastructure; - SMB network file system; - Networking core; - L3 Master device support module; - TCP network protocol; - io_uring subsystem; - Process Accounting mechanism; - BPF subsystem; - Timer subsystem; - Workqueue subsystem; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Open vSwitch; - Network traffic control; - SOF drivers; (CVE-2025-21776, CVE-2025-21768, CVE-2025-21848, CVE-2025-21855, CVE-2025-21791, CVE-2025-21838, CVE-2025-21762, CVE-2025-21846, CVE-2025-21765, CVE-2025-21869, CVE-2025-21783, CVE-2025-21868, CVE-2025-21857, CVE-2025-21773, CVE-2024-54458, CVE-2025-21871, CVE-2025-21763, CVE-2024-58088, CVE-2025-21835, CVE-2025-21793, CVE-2025-21867, CVE-2025-21784, CVE-2025-21839, CVE-2025-21786, CVE-2025-21764, CVE-2025-21761, CVE-2025-21767, CVE-2024-58020, CVE-2025-21847, CVE-2025-21792, CVE-2025-21785, CVE-2025-21863, CVE-2025-21854, CVE-2025-21704, CVE-2024-52559, CVE-2025-21775, CVE-2025-21758, CVE-2025-21858, CVE-2025-21866, CVE-2025-21870, CVE-2024-57977, CVE-2024-54456, CVE-2025-21759, CVE-2025-21781, CVE-2025-21760, CVE-2025-21706, CVE-2024-57834, CVE-2025-21712, CVE-2025-21864, CVE-2025-21780, CVE-2025-21790, CVE-2025-21856, CVE-2025-21796, CVE-2025-21859, CVE-2025-21782, CVE-2024-58093, CVE-2025-21844, CVE-2025-21795, CVE-2025-21823, CVE-2025-21853, CVE-2025-21772, CVE-2025-21746, CVE-2025-21821, CVE-2024-58086, CVE-2025-21787, CVE-2025-21836, CVE-2025-21861, CVE-2025-21766, CVE-2025-21862, CVE-2025-21779)