[USN-7424-1] Expat vulnerability
[USN-7425-1] Erlang vulnerability
[USN-7427-1] .NET vulnerability
[USN-7426-1] poppler vulnerabilities
[USN-7424-1] Expat vulnerability
==========================================================================
Ubuntu Security Notice USN-7424-1
April 08, 2025
expat vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Expat could be made to crash if it received specially crafted
input.
Software Description:
- expat: XML parsing C library
Details:
It was discovered that Expat could crash due to stack overflow when
processing XML documents with deeply nested entity references. If a user
or automated system were tricked into processing specially crafted XML
input, an attacker could use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
expat 2.6.2-2ubuntu0.2
libexpat1 2.6.2-2ubuntu0.2
Ubuntu 24.04 LTS
expat 2.6.1-2ubuntu0.3
libexpat1 2.6.1-2ubuntu0.3
Ubuntu 22.04 LTS
expat 2.4.7-1ubuntu0.6
libexpat1 2.4.7-1ubuntu0.6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7424-1
CVE-2024-8176
Package Information:
https://launchpad.net/ubuntu/+source/expat/2.6.2-2ubuntu0.2
https://launchpad.net/ubuntu/+source/expat/2.6.1-2ubuntu0.3
https://launchpad.net/ubuntu/+source/expat/2.4.7-1ubuntu0.6
[USN-7425-1] Erlang vulnerability
==========================================================================
Ubuntu Security Notice USN-7425-1
April 08, 2025
erlang vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Erlang could be made to consume large amount of memory.
Software Description:
- erlang: Concurrent, real-time, distributed functional language
Details:
It was discovered that Erlang OTP's SSH module did not limit the size of
certain data in initialization messages. An attacker could possibly use
this issue to consume large amount of memory leading to a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
erlang 1:25.3.2.12+dfsg-1ubuntu2.2
erlang-ssh 1:25.3.2.12+dfsg-1ubuntu2.2
Ubuntu 24.04 LTS
erlang 1:25.3.2.8+dfsg-1ubuntu4.2
erlang-ssh 1:25.3.2.8+dfsg-1ubuntu4.2
Ubuntu 22.04 LTS
erlang 1:24.2.1+dfsg-1ubuntu0.3
erlang-ssh 1:24.2.1+dfsg-1ubuntu0.3
Ubuntu 20.04 LTS
erlang 1:22.2.7+dfsg-1ubuntu0.4
erlang-ssh 1:22.2.7+dfsg-1ubuntu0.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7425-1
CVE-2025-30211
Package Information:
https://launchpad.net/ubuntu/+source/erlang/1:25.3.2.12+dfsg-1ubuntu2.2
https://launchpad.net/ubuntu/+source/erlang/1:25.3.2.8+dfsg-1ubuntu4.2
https://launchpad.net/ubuntu/+source/erlang/1:24.2.1+dfsg-1ubuntu0.3
https://launchpad.net/ubuntu/+source/erlang/1:22.2.7+dfsg-1ubuntu0.4
[USN-7427-1] .NET vulnerability
==========================================================================
Ubuntu Security Notice USN-7427-1
April 08, 2025
dotnet8, dotnet9 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
.NET could be made to crash or run programs if it received specially
crafted network traffic.
Software Description:
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime
Details:
James Newton-King discovered that .NET did not properly limit resource
allocation when handling certain HTTP/3 requests. An attacker could
possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
aspnetcore-runtime-8.0 8.0.15-0ubuntu1~24.10.1
aspnetcore-runtime-9.0 9.0.4-0ubuntu1~24.10.1
dotnet-host-8.0 8.0.15-0ubuntu1~24.10.1
dotnet-host-9.0 9.0.4-0ubuntu1~24.10.1
dotnet-hostfxr-8.0 8.0.15-0ubuntu1~24.10.1
dotnet-hostfxr-9.0 9.0.4-0ubuntu1~24.10.1
dotnet-runtime-8.0 8.0.15-0ubuntu1~24.10.1
dotnet-runtime-9.0 9.0.4-0ubuntu1~24.10.1
dotnet-sdk-8.0 8.0.115-0ubuntu1~24.10.1
dotnet-sdk-9.0 9.0.105-0ubuntu1~24.10.1
dotnet-sdk-aot-9.0 9.0.105-0ubuntu1~24.10.1
dotnet8 8.0.115-8.0.15-0ubuntu1~24.10.1
dotnet9 9.0.105-9.0.4-0ubuntu1~24.10.1
Ubuntu 24.04 LTS
aspnetcore-runtime-8.0 8.0.15-0ubuntu1~24.04.1
dotnet-host-8.0 8.0.15-0ubuntu1~24.04.1
dotnet-hostfxr-8.0 8.0.15-0ubuntu1~24.04.1
dotnet-runtime-8.0 8.0.15-0ubuntu1~24.04.1
dotnet-sdk-8.0 8.0.115-0ubuntu1~24.04.1
dotnet8 8.0.115-8.0.15-0ubuntu1~24.04.1
Ubuntu 22.04 LTS
aspnetcore-runtime-8.0 8.0.15-0ubuntu1~22.04.1
dotnet-host-8.0 8.0.15-0ubuntu1~22.04.1
dotnet-hostfxr-8.0 8.0.15-0ubuntu1~22.04.1
dotnet-runtime-8.0 8.0.15-0ubuntu1~22.04.1
dotnet-sdk-8.0 8.0.115-0ubuntu1~22.04.1
dotnet8 8.0.115-8.0.15-0ubuntu1~22.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7427-1
CVE-2025-26682
Package Information:
https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~24.10.1
https://launchpad.net/ubuntu/+source/dotnet9/9.0.105-9.0.4-0ubuntu1~24.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.115-8.0.15-0ubuntu1~22.04.1
[USN-7426-1] poppler vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7426-1
April 08, 2025
poppler vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
poppler could be made to crash if it opened a specially crafted PDF file.
Software Description:
- poppler: PDF rendering library
Details:
It was discovered that poppler incorrectly handled memory when opening
certain PDF files. An attacker could possibly use this issue to cause
poppler to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libpoppler140 24.08.0-1ubuntu0.2
poppler-utils 24.08.0-1ubuntu0.2
Ubuntu 24.04 LTS
libpoppler134 24.02.0-1ubuntu9.3
poppler-utils 24.02.0-1ubuntu9.3
Ubuntu 22.04 LTS
libpoppler118 22.02.0-2ubuntu0.7
poppler-utils 22.02.0-2ubuntu0.7
Ubuntu 20.04 LTS
libpoppler97 0.86.1-0ubuntu1.6
poppler-utils 0.86.1-0ubuntu1.6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7426-1
CVE-2025-32364, CVE-2025-32365
Package Information:
https://launchpad.net/ubuntu/+source/poppler/24.08.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/poppler/24.02.0-1ubuntu9.3
https://launchpad.net/ubuntu/+source/poppler/22.02.0-2ubuntu0.7
https://launchpad.net/ubuntu/+source/poppler/0.86.1-0ubuntu1.6
