[USN-7376-2] MariaDB vulnerability
[USN-7396-1] OVN vulnerability
[USN-7395-1] WebKitGTK vulnerabilities
[USN-7397-1] AOM vulnerability
[USN-7398-1] libtar vulnerabilities
[USN-7399-1] RabbitMQ Server vulnerability
[USN-7400-1] PHP vulnerabilities
[USN-7376-2] MariaDB vulnerability
=========================================================================
Ubuntu Security Notice USN-7376-2
March 31, 2025
mariadb vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
A security issue was fixed in MariaDB.
Software Description:
- mariadb: MariaDB database
- mariadb-10.6: MariaDB database
Details:
USN-7376-1 fixed vulnerabilities in MariaDB. This update provides the
corresponding updates for Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
Original advisory details:
A security issue was discovered in MariaDB and this update includes
a new upstream MariaDB version to fix the issue.
In addition to security fixes, the updated packages contain bug and
regression fixes, new features, and possibly incompatible changes.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
mariadb-server 1:10.11.11-0ubuntu0.24.04.2
Ubuntu 22.04 LTS
mariadb-server 1:10.6.21-0ubuntu0.22.04.2
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart MariaDB to
make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7376-2
https://ubuntu.com/security/notices/USN-7376-1
CVE-2025-21490
Package Information:
https://launchpad.net/ubuntu/+source/mariadb/1:10.11.11-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/mariadb-10.6/1:10.6.21-0ubuntu0.22.04.2
[USN-7396-1] OVN vulnerability
==========================================================================
Ubuntu Security Notice USN-7396-1
March 31, 2025
ovn vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
OVN would allow unintended access to the network.
Software Description:
- ovn: system to support virtual network abstraction
Details:
Marius Berntsberg, Trygve Vea, Tore Anderson, Rodolfo Alonso, Jay Faulkner,
and Brian Haley discovered that OVN incorrectly handled certain crafted UDP
packets. A remote attacker could possibly use this issue to bypass egress
ACL rules.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
ovn-central 24.09.0-1ubuntu0.1
ovn-common 24.09.0-1ubuntu0.1
ovn-docker 24.09.0-1ubuntu0.1
ovn-host 24.09.0-1ubuntu0.1
ovn-ic 24.09.0-1ubuntu0.1
Ubuntu 24.04 LTS
ovn-central 24.03.2-0ubuntu0.24.04.2
ovn-common 24.03.2-0ubuntu0.24.04.2
ovn-docker 24.03.2-0ubuntu0.24.04.2
ovn-host 24.03.2-0ubuntu0.24.04.2
ovn-ic 24.03.2-0ubuntu0.24.04.2
Ubuntu 22.04 LTS
ovn-central 22.03.3-0ubuntu0.22.04.5
ovn-common 22.03.3-0ubuntu0.22.04.5
ovn-docker 22.03.3-0ubuntu0.22.04.5
ovn-host 22.03.3-0ubuntu0.22.04.5
ovn-ic 22.03.3-0ubuntu0.22.04.5
Ubuntu 20.04 LTS
ovn-central 20.03.2-0ubuntu0.20.04.6
ovn-common 20.03.2-0ubuntu0.20.04.6
ovn-docker 20.03.2-0ubuntu0.20.04.6
ovn-host 20.03.2-0ubuntu0.20.04.6
ovn-ic 20.03.2-0ubuntu0.20.04.6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7396-1
CVE-2025-0650
Package Information:
https://launchpad.net/ubuntu/+source/ovn/24.09.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ovn/24.03.2-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/ovn/22.03.3-0ubuntu0.22.04.5
https://launchpad.net/ubuntu/+source/ovn/20.03.2-0ubuntu0.20.04.6
[USN-7395-1] WebKitGTK vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7395-1
March 31, 2025
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libjavascriptcoregtk-4.1-0 2.48.0-0ubuntu0.24.10.1
libjavascriptcoregtk-6.0-1 2.48.0-0ubuntu0.24.10.1
libwebkit2gtk-4.1-0 2.48.0-0ubuntu0.24.10.1
libwebkitgtk-6.0-4 2.48.0-0ubuntu0.24.10.1
Ubuntu 24.04 LTS
libjavascriptcoregtk-4.1-0 2.48.0-0ubuntu0.24.04.1
libjavascriptcoregtk-6.0-1 2.48.0-0ubuntu0.24.04.1
libwebkit2gtk-4.1-0 2.48.0-0ubuntu0.24.04.1
libwebkitgtk-6.0-4 2.48.0-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
libjavascriptcoregtk-4.0-18 2.48.0-0ubuntu0.22.04.1
libjavascriptcoregtk-4.1-0 2.48.0-0ubuntu0.22.04.1
libjavascriptcoregtk-6.0-1 2.48.0-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.48.0-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.48.0-0ubuntu0.22.04.1
libwebkitgtk-6.0-4 2.48.0-0ubuntu0.22.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7395-1
CVE-2024-44192, CVE-2024-54467, CVE-2025-24201
Package Information:
https://launchpad.net/ubuntu/+source/webkit2gtk/2.48.0-0ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.48.0-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/webkit2gtk/2.48.0-0ubuntu0.22.04.1
[USN-7397-1] AOM vulnerability
==========================================================================
Ubuntu Security Notice USN-7397-1
March 31, 2025
aom vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
AOM could be made to crash or run programs if it opened a specially crafted
file.
Software Description:
- aom: AV1 Video Codec Library
Details:
Xiantong Hou discovered that AOM did not properly handle certain malformed
media files. If an application using AOM opened a specially crafted file, a
remote attacker could cause a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
aom-tools 3.3.0-1ubuntu0.1
libaom-dev 3.3.0-1ubuntu0.1
libaom3 3.3.0-1ubuntu0.1
Ubuntu 20.04 LTS
aom-tools 1.0.0.errata1-3+deb11u1ubuntu0.1
libaom-dev 1.0.0.errata1-3+deb11u1ubuntu0.1
libaom0 1.0.0.errata1-3+deb11u1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7397-1
( https://ubuntu.com/security/notices/USN-7397-1)
CVE-2024-5171
Package Information:
https://launchpad.net/ubuntu/+source/aom/3.3.0-1ubuntu0.1
( https://launchpad.net/ubuntu/+source/aom/3.3.0-1ubuntu0.1)
https://launchpad.net/ubuntu/+source/aom/1.0.0.errata1-3+deb11u1ubuntu0.1
( https://launchpad.net/ubuntu/+source/aom/1.0.0.errata1-3+deb11u1ubuntu0.1)
[USN-7398-1] libtar vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7398-1
March 31, 2025
libtar vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in libtar.
Software Description:
- libtar: C library for manipulating tar archives (development files)
Details:
It was discovered that libtar may perform out-of-bounds reads when
processing specially crafted tar files. An attacker could possibly use
this issue to cause libtar to crash, resulting in a denial of service,
or execute arbitrary code. (CVE-2021-33643, CVE-2021-33644)
It was discovered that libtar contained a memory leak due to failing
to free a variable, causing performance degradation. An attacker
could possibly use this issue to cause libtar to crash, resulting in a
denial of service. (CVE-2021-33645, CVE-2021-33646)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libtar-dev 1.2.20-8.1ubuntu0.24.10.1
libtar0t64 1.2.20-8.1ubuntu0.24.10.1
Ubuntu 24.04 LTS
libtar-dev 1.2.20-8.1ubuntu0.24.04.1
libtar0t64 1.2.20-8.1ubuntu0.24.04.1
Ubuntu 22.04 LTS
libtar-dev 1.2.20-8ubuntu0.22.04.1
libtar0 1.2.20-8ubuntu0.22.04.1
Ubuntu 20.04 LTS
libtar-dev 1.2.20-8ubuntu0.20.04.1
libtar0 1.2.20-8ubuntu0.20.04.1
Ubuntu 18.04 LTS
libtar-dev 1.2.20-7ubuntu0.1~esm1
Available with Ubuntu Pro
libtar0 1.2.20-7ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libtar-dev 1.2.20-4ubuntu0.1~esm1
Available with Ubuntu Pro
libtar0 1.2.20-4ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7398-1
CVE-2021-33643, CVE-2021-33644, CVE-2021-33645, CVE-2021-33646
Package Information:
https://launchpad.net/ubuntu/+source/libtar/1.2.20-8.1ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/libtar/1.2.20-8.1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/libtar/1.2.20-8ubuntu0.22.04.1
https://launchpad.net/ubuntu/+source/libtar/1.2.20-8ubuntu0.20.04.1
[USN-7399-1] RabbitMQ Server vulnerability
==========================================================================
Ubuntu Security Notice USN-7399-1
March 31, 2025
rabbitmq-server vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
RabbitMQ Server's management UI could be made to run code via
cross-site scripting (XSS).
Software Description:
- rabbitmq-server: AMQP server written in Erlang
Details:
It was discovered that RabbitMQ Server's management UI did not sanitize
certain input. An attacker could possibly use this issue to inject code
by performing a cross-site scripting (XSS) attack.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
rabbitmq-server 3.12.1-1ubuntu2.1
Ubuntu 24.04 LTS
rabbitmq-server 3.12.1-1ubuntu1.2
Ubuntu 22.04 LTS
rabbitmq-server 3.9.27-0ubuntu0.2
Ubuntu 20.04 LTS
rabbitmq-server 3.8.3-0ubuntu0.3
After a standard system update you need to restart RabbitMQ Server to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7399-1
CVE-2025-30219
Package Information:
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.12.1-1ubuntu2.1
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.12.1-1ubuntu1.2
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.9.27-0ubuntu0.2
https://launchpad.net/ubuntu/+source/rabbitmq-server/3.8.3-0ubuntu0.3
[USN-7400-1] PHP vulnerabilities
=========================================================================
Ubuntu Security Notice USN-7400-1
March 31, 2025
php7.4, php8.1, php8.3 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in PHP.
Software Description:
- php8.3: HTML-embedded scripting language interpreter
- php8.1: HTML-embedded scripting language interpreter
- php7.4: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handle certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2024-11235)
It was discovered that PHP incorrectly handle certain folded headers.
An attacker could possibly use this issue to cause a crash or
execute arbritrary code. (CVE-2025-1217)
It was discovered that PHP incorrectly handled certain headers.
An attacker could possibly use this issue to expose sensitive information
or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS
Ubuntu 24.10, and Ubuntu 24.04 LTS. (CVE-2025-1219)
It was discovered that PHP incorrectly handle certain headers with invalid
name and no colon. An attacker could possibly use this issue to confuse
applications into accepting invalid headers causing code injection.
(CVE-2025-1734)
It was discovered that PHP incorrectly handled certain headers.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.10, and Ubuntu 24.04
LTS. (CVE-2025-1736)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive
information. (CVE-2025-1861)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libapache2-mod-php8.3 8.3.11-0ubuntu0.24.10.5
php8.3 8.3.11-0ubuntu0.24.10.5
php8.3-cgi 8.3.11-0ubuntu0.24.10.5
php8.3-cli 8.3.11-0ubuntu0.24.10.5
php8.3-fpm 8.3.11-0ubuntu0.24.10.5
Ubuntu 24.04 LTS
libapache2-mod-php8.3 8.3.6-0ubuntu0.24.04.4
php8.3 8.3.6-0ubuntu0.24.04.4
php8.3-cgi 8.3.6-0ubuntu0.24.04.4
php8.3-cli 8.3.6-0ubuntu0.24.04.4
php8.3-fpm 8.3.6-0ubuntu0.24.04.4
Ubuntu 22.04 LTS
libapache2-mod-php7.4 8.1.2-1ubuntu2.21
libapache2-mod-php8.0 8.1.2-1ubuntu2.21
libapache2-mod-php8.1 8.1.2-1ubuntu2.21
php8.1 8.1.2-1ubuntu2.21
php8.1-cgi 8.1.2-1ubuntu2.21
php8.1-cli 8.1.2-1ubuntu2.21
php8.1-fpm 8.1.2-1ubuntu2.21
Ubuntu 20.04 LTS
libapache2-mod-php7.4 7.4.3-4ubuntu2.29
php7.4 7.4.3-4ubuntu2.29
php7.4-cgi 7.4.3-4ubuntu2.29
php7.4-cli 7.4.3-4ubuntu2.29
php7.4-fpm 7.4.3-4ubuntu2.29
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7400-1
CVE-2024-11235, CVE-2025-1217, CVE-2025-1219, CVE-2025-1734,
CVE-2025-1736, CVE-2025-1861
Package Information:
https://launchpad.net/ubuntu/+source/php8.3/8.3.11-0ubuntu0.24.10.5
https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.4
https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.21
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.29