https://ubuntu-com-16213.demos.haus/security/notices/rss.xmlRecent content on Ubuntu security notices2026 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.http://www.rssboard.org/rss-specificationFeedgenThu, 09 Apr 2026 23:10:07 +0000https://ubuntu-com-16213.demos.haus/security/notices/USN-7697-1Rajesh Pangare discovered that AIDE incorrectly handled filenames. A local attacker could possibly use this issue to bypass the detection of malicious files. (CVE-2025-54389) Rajesh Pangare discovered that AIDE incorrectly handled extended file attributes. A local attacker could possibly use this issue to cause a denial of service. (CVE-2025-54409)https://ubuntu-com-16213.demos.haus/security/notices/USN-7697-1Thu, 14 Aug 2025 15:17:07 +0000https://ubuntu-com-16213.demos.haus/security/notices/USN-7695-1Anas Roubi discovered that Sidekiq did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute a cross-site scripting (XSS) attack. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-30151) It was discovered that Sidekiq did not correctly bound certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2022-23837)https://ubuntu-com-16213.demos.haus/security/notices/USN-7695-1Thu, 14 Aug 2025 05:45:39 +0000https://ubuntu-com-16213.demos.haus/security/notices/USN-7693-1Nathanael Braun and Johan Brissaud discovered that qs was vulnerable to prototype pollution. A remote attacker could possibly use this issue to cause a denial of service.https://ubuntu-com-16213.demos.haus/security/notices/USN-7693-1Thu, 14 Aug 2025 01:40:12 +0000https://ubuntu-com-16213.demos.haus/security/notices/USN-7692-1It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2021-38562) It was discovered that Request Tracker was susceptible to cross-site scripting attacks when malicious attachments were supplied. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-25802) It was discovered that Request Tracker would incorrectly redirect users in certain instances. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-25803) Tom Wolters discovered that Request Tracker could leak information when malicious email headers were supplied. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-41259, CVE-2023-41260) It was discovered that Request Tracker could leak information through its transaction search. An attacker with access to the transaction query builder of Request Tracker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-45024) It was discovered that Request Tracker erroneously stored ticket information in a web browser's cache. An attacker with direct access to a system could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-3262) It was discovered that Request Tracker made use of an obsolete cryptographic algorithm for emails sent with S/MIME encryption. An attacker could possibly use this issue to access sensitive information. (CVE-2025-2545) It was discovered that Request Tracker was susceptible to cross-site scripting attacks when malicious parameters were included in a search URL. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-30087) It was discovered that Request Tracker was susceptible to cross-site scripting attacks when malicious permalinks or assets were provided. An attacker could possibly use this issue to execute arbitrary code. (CVE-2025-31500, CVE-2025-31501)https://ubuntu-com-16213.demos.haus/security/notices/USN-7692-1Wed, 13 Aug 2025 15:40:22 +0000https://ubuntu-com-16213.demos.haus/security/notices/USN-6885-6USN-6885-1 fixed vulnerabilities in Apache. The patch for CVE-2024-38474 was incomplete and caused a regression. This update provides the fix for this issue. Original advisory details: Orange Tsai discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain substitutions. A remote attacker could possibly use this issue to execute scripts in directories not directly reachable by any URL, or cause a denial of service. Some environments may require using the new UnsafeAllow3F flag to handle unsafe substitutions. (CVE-2024-38474) https://ubuntu-com-16213.demos.haus/security/notices/USN-6885-6Wed, 13 Aug 2025 14:57:23 +0000https://ubuntu-com-16213.demos.haus/security/notices/USN-7691-1Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.43 in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. Ubuntu 25.04 has been updated to MySQL 8.4.6. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-43.html https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-6.html https://www.oracle.com/security-alerts/cpujul2025.htmlhttps://ubuntu-com-16213.demos.haus/security/notices/USN-7691-1Wed, 13 Aug 2025 12:33:53 +0000https://ubuntu-com-16213.demos.haus/security/notices/USN-7685-5Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Device tree and open firmware driver; - SCSI subsystem; - TTY drivers; - Ext4 file system; - SMB network file system; - Bluetooth subsystem; - Network traffic control; - Sun RPC protocol; - USB sound devices; (CVE-2025-37797, CVE-2024-49950, CVE-2024-56748, CVE-2023-52975, CVE-2024-50073, CVE-2023-52885, CVE-2023-52757, CVE-2024-38541, CVE-2024-53239, CVE-2024-49883) https://ubuntu-com-16213.demos.haus/security/notices/USN-7685-5Wed, 13 Aug 2025 07:36:36 +0000https://ubuntu-com-16213.demos.haus/security/notices/USN-7682-5Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network traffic control; (CVE-2025-38083, CVE-2025-37797) https://ubuntu-com-16213.demos.haus/security/notices/USN-7682-5Tue, 12 Aug 2025 08:04:52 +0000https://ubuntu-com-16213.demos.haus/security/notices/USN-7681-3Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network traffic control; (CVE-2025-38083) https://ubuntu-com-16213.demos.haus/security/notices/USN-7681-3Tue, 12 Aug 2025 07:56:10 +0000https://ubuntu-com-16213.demos.haus/security/notices/USN-7690-1It was discovered that the 2D component of OpenJDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-30749, CVE-2025-50106) VMashroor Hasan Bhuiyan discovered that the JSSE component of OpenJDK 17 did not properly manage TLS 1.3 handshakes under certain circumstances. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-30754) Martin van Wingerden and Violeta Georgieva of Broadcom discovered that the Networking component of OpenJDK 17 did not properly manage network connections under certain circumstances. An attacker could possibly use this issue to obtain sensitive information. (CVE-2025-50059) In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://openjdk.org/groups/vulnerability/advisories/2025-07-15https://ubuntu-com-16213.demos.haus/security/notices/USN-7690-1Mon, 11 Aug 2025 23:27:47 +0000