Ubuntu Security Advisories

Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. (CVE-2020-10688) Mirko Selber discovered that RESTEasy improperly validated user input during HTTP response construction. This issue could possibly allow an attacker to cause a denial of service or execute arbitrary code. (CVE-2020-1695) It was discovered that RESTEasy unintentionally disclosed potentially sensitive server information to users during the handling of certain errors. (CVE-2020-25633) It was discovered that RESTEasy unintentionally disclosed parts of its code to users during the handling of certain errors. (CVE-2021-20289) It was discovered that RESTEasy used improper permissions when creating temporary files. An attacker could possibly use this issue to get access to sensitive data. (CVE-2023-0482) It was discovered that RESTEasy improperly handled certain HTTP requests and could be forced into a state in which it can no longer accept incoming connections. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-9622)

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Open vSwitch; - Network traffic control; - TIPC protocol; - Wireless networking; (CVE-2024-50171, CVE-2023-52880, CVE-2023-52522, CVE-2024-53104, CVE-2024-41064, CVE-2024-43892, CVE-2024-43900, CVE-2022-48772, CVE-2024-50148, CVE-2024-41063, CVE-2024-44938, CVE-2023-52799, CVE-2023-52818, CVE-2024-50134, CVE-2024-40943, CVE-2024-50117, CVE-2024-26685, CVE-2024-36964, CVE-2024-36952, CVE-2024-53164, CVE-2024-43893, CVE-2024-50229, CVE-2024-42070, CVE-2024-38567, CVE-2024-38558, CVE-2024-40910, CVE-2024-44931, CVE-2024-36886, CVE-2024-35896, CVE-2024-43863, CVE-2024-40911, CVE-2023-52488, CVE-2024-42068, CVE-2024-50233, CVE-2024-49902, CVE-2024-53156, CVE-2024-40981)

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; (CVE-2024-56672)

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; (CVE-2024-53104)

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Network sockets; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Netlink; - TIPC protocol; - Wireless networking; - ALSA framework; (CVE-2024-53156, CVE-2024-40943, CVE-2024-49902, CVE-2023-52488, CVE-2024-50233, CVE-2024-40911, CVE-2022-48994, CVE-2024-40981, CVE-2024-53104, CVE-2024-43900, CVE-2024-44938, CVE-2024-36952, CVE-2023-52799, CVE-2021-47103, CVE-2024-43863, CVE-2024-50171, CVE-2024-43892, CVE-2023-52522, CVE-2021-47606, CVE-2024-50148, CVE-2024-50117, CVE-2024-43893, CVE-2024-38567, CVE-2024-36886, CVE-2024-41064, CVE-2023-52818, CVE-2024-26685, CVE-2024-41063, CVE-2024-43854, CVE-2024-44931, CVE-2024-42068, CVE-2024-40910, CVE-2023-52880, CVE-2024-42070, CVE-2024-36964, CVE-2024-35896)

USN-7343-1 fixed vulnerabilities in Jinja2. The update introduced a regression when attempting to import Jinja2 on Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Rafal Krupinski discovered that Jinja2 did not properly restrict the execution of code in situations where templates are used maliciously. An attacker with control over a template's filename and content could potentially use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56201) It was discovered that Jinja2 sandboxed environments could be escaped through a call to a string format method. An attacker could possibly use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56326) It was discovered that Jinja2 sandboxed environments could be escaped through the malicious use of certain filters. An attacker could possibly use this issue to enable the execution of arbitrary code. (CVE-2025-27516)

It was discovered that UnRAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333, CVE-2022-48579) It was discovered that UnRAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-40477) Siddharth Dushantha discovered that UnRAR incorrectly handled ANSI escape sequences when writing screen output. If a user or automated system were tricked into processing a specially crafted RAR archive, a remote attacker could possibly use this issue to spoof screen output or cause a denial of service. (CVE-2024-33899)

It was discovered that RAR incorrectly handled certain paths. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to write arbitrary files outside of the targeted directory. (CVE-2022-30333) It was discovered that RAR incorrectly handled certain recovery volumes. If a user or automated system were tricked into extracting a specially crafted RAR archive, a remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-40477)

It was discovered that the Python ipaddress module contained incorrect information about which IP address ranges were considered “private” or “globally reachable”. This could possibly result in applications applying incorrect security policies. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-4032) It was discovered that Python incorrectly handled quoting path names when using the venv module. A local attacker able to control virtual environments could possibly use this issue to execute arbitrary code when the virtual environment is activated. (CVE-2024-9287) It was discovered that Python incorrectly handled parsing bracketed hosts. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-11168) It was discovered that Python incorrectly handled parsing domain names that included square brackets. A remote attacker could possibly use this issue to perform a Server-Side Request Forgery (SSRF) attack. (CVE-2025-0938)

USN-7299-2 fix vulnerabilities in X.Org X Server. This fix caused regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update reverts it pending further investigation. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain memory operations. An attacker could use these issues to cause the X Server to crash, leading to a denial of service, or possibly execute arbitrary code.

It was discovered that Netatalk did not properly manage memory under certain circumstances. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2024-38439, CVE-2024-38440, CVE-2024-38441)

It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-42780) It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a stack buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-42782) It was discovered that OpenSC did not correctly handle the length of certain buffers, which could lead to a out-of-bounds access vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-2977) Deepanjan Pal discovered that OpenSC did not correctly authenticate a zero length PIN. A physically proximate attacker could possibly use this issue to gain unauthorized access to certain systems. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-40660) It was discovered that OpenSC did not correctly handle certain memory operations. A physically proximate attacker could possibly use this issue to compromise key generation, certificate loading and other card management operations. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-40661) Hubert Kario, Michal Shagam and Eyal Ronen discovered that OpenSC had a timing side-channel and incorrectly handled RSA padding. An attacker could possibly use this issue to recover sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-5992) Matteo Marini discovered that OpenSC did not properly manage memory due to certain uninitialized variables. A physically proximate attacker could possibly use this issue to gain unauthorized access to certain systems. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-45615) Matteo Marini discovered that OpenSC did not correctly handle certain memory operations. A physically proximate attacker could possibly use this issue to gain unauthorized access to certain systems. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-45616, CVE-2024-45617) Matteo Marini discovered that OpenSC did not correctly handle certain memory operations. A physically proximate attacker could possibly use this issue to gain unauthorized access to certain systems. (CVE-2024-45618, CVE-2024-45620) Matteo Marini discovered that OpenSC did not correctly handle certain memory operations. A physically proximate attacker could possibly use this issue to gain unauthorized access to certain systems. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-45619) It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a buffer overflow. A physically proximate attacker could possibly use this issue to compromise card management operations during enrollment and modification. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2024-8443)

Zahid TOKAT discovered that .NET suffered from a weak authentication vulnerability. An attacker could possibly use this issue to elevate privileges.

Rafal Krupinski discovered that Jinja2 did not properly restrict the execution of code in situations where templates are used maliciously. An attacker with control over a template's filename and content could potentially use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56201) It was discovered that Jinja2 sandboxed environments could be escaped through a call to a string format method. An attacker could possibly use this issue to enable the execution of arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2024-56326) It was discovered that Jinja2 sandboxed environments could be escaped through the malicious use of certain filters. An attacker could possibly use this issue to enable the execution of arbitrary code. (CVE-2025-27516)

Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - Block layer subsystem; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Network sockets; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Netlink; - TIPC protocol; - Wireless networking; - ALSA framework; (CVE-2024-26685, CVE-2024-50233, CVE-2024-41063, CVE-2024-42070, CVE-2024-40910, CVE-2024-40911, CVE-2024-36886, CVE-2024-35896, CVE-2024-43863, CVE-2023-52522, CVE-2024-53156, CVE-2023-52488, CVE-2024-43854, CVE-2024-44938, CVE-2024-53104, CVE-2024-44931, CVE-2024-50171, CVE-2024-43892, CVE-2024-50148, CVE-2024-38567, CVE-2024-36964, CVE-2024-43893, CVE-2024-36952, CVE-2022-48994, CVE-2021-47606, CVE-2023-52818, CVE-2024-41064, CVE-2024-40981, CVE-2024-40943, CVE-2024-42068, CVE-2023-52880, CVE-2021-47103, CVE-2024-43900, CVE-2024-50117, CVE-2023-52799, CVE-2024-49902)

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2025-0927) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Open vSwitch; - Network traffic control; - TIPC protocol; - Wireless networking; (CVE-2024-50134, CVE-2024-40981, CVE-2022-48772, CVE-2024-43900, CVE-2023-52488, CVE-2024-49902, CVE-2023-52880, CVE-2024-50229, CVE-2024-43892, CVE-2024-42068, CVE-2024-40910, CVE-2024-26685, CVE-2024-43863, CVE-2024-53104, CVE-2024-41064, CVE-2023-52799, CVE-2024-42070, CVE-2024-35896, CVE-2024-44931, CVE-2024-40943, CVE-2024-36952, CVE-2024-38558, CVE-2024-50171, CVE-2023-52522, CVE-2024-36964, CVE-2024-53156, CVE-2024-41063, CVE-2024-50117, CVE-2023-52818, CVE-2024-43893, CVE-2024-50233, CVE-2024-44938, CVE-2024-36886, CVE-2024-38567, CVE-2024-53164, CVE-2024-50148, CVE-2024-40911)

Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2024-23848) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - GPIO subsystem; - GPU drivers; - Media drivers; - Network drivers; - SCSI subsystem; - Direct Digital Synthesis drivers; - TTY drivers; - 9P distributed file system; - JFS file system; - NILFS2 file system; - File systems infrastructure; - BPF subsystem; - Netfilter; - Memory management; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Networking core; - IPv4 networking; - IPv6 networking; - Open vSwitch; - Network traffic control; - TIPC protocol; - Wireless networking; (CVE-2024-36886, CVE-2024-44931, CVE-2024-50117, CVE-2024-35896, CVE-2024-50229, CVE-2024-40981, CVE-2022-48772, CVE-2024-49902, CVE-2024-53164, CVE-2024-41063, CVE-2024-50233, CVE-2024-36952, CVE-2024-43892, CVE-2024-36964, CVE-2024-43900, CVE-2023-52799, CVE-2024-44938, CVE-2024-40910, CVE-2024-26685, CVE-2024-41064, CVE-2024-43863, CVE-2023-52818, CVE-2024-38567, CVE-2024-53156, CVE-2023-52522, CVE-2024-50134, CVE-2024-40911, CVE-2024-40943, CVE-2024-50148, CVE-2024-42068, CVE-2024-53104, CVE-2023-52880, CVE-2024-42070, CVE-2024-38558, CVE-2023-52488, CVE-2024-43893, CVE-2024-50171)

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041) Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2024-32458, CVE-2024-32460) It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2024-32661)

It was discovered that OpenVPN did not perform proper input validation when generating a TLS key under certain configuration, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS. (CVE-2017-12166) Reynir Björnsson discovered that OpenVPN incorrectly handled certain control channel messages with nonprintable characters. A remote attacker could possibly use this issue to cause OpenVPN to consume resources, or fill up log files with garbage, leading to a denial of service. (CVE-2024-5594)

Andy Boothe discovered that the Networking component of CRaC JDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21208) It was discovered that the Hotspot component of CRaC JDK 17 did not properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2024-21210, CVE-2024-21235) It was discovered that the Serialization component of CRaC JDK 17 did not properly handle deserialization under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. (CVE-2024-21217) It was discovered that the Hotspot component of CRaC JDK 17 did not properly handle API access under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information. (CVE-2025-21502) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2024-10-15 https://openjdk.org/groups/vulnerability/advisories/2025-01-21