[USN-7359-1] Valkey vulnerabilities
[USN-7363-1] PAM-PKCS#11 vulnerabilities
[USN-7361-1] Libxslt vulnerability
[USN-7359-1] Valkey vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7359-1
March 19, 2025
valkey vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in Valkey.
Software Description:
- valkey: Conversion script and compatibility symlinks for Redis
Details:
It was discovered that Valkey did not properly handle memory
cleanup. An attacker could possibly use this issue to execute
arbitrary code. (CVE-2024-46981)
It was discovered that Valkey did not properly handle resource
access permissions. An authenticated attacker could possibly
use this issue to cause a denial of service. (CVE-2024-51741)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
valkey-redis-compat 7.2.8+dfsg1-0ubuntu0.24.10.2
valkey-sentinel 7.2.8+dfsg1-0ubuntu0.24.10.2
valkey-server 7.2.8+dfsg1-0ubuntu0.24.10.2
valkey-tools 7.2.8+dfsg1-0ubuntu0.24.10.2
Ubuntu 24.04 LTS
valkey-redis-compat 7.2.8+dfsg1-0ubuntu0.24.04.2
valkey-sentinel 7.2.8+dfsg1-0ubuntu0.24.04.2
valkey-server 7.2.8+dfsg1-0ubuntu0.24.04.2
valkey-tools 7.2.8+dfsg1-0ubuntu0.24.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7359-1
( https://ubuntu.com/security/notices/USN-7359-1)
CVE-2024-46981, CVE-2024-51741
Package Information:
https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.10.2
( https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.10.2)
https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.04.2
( https://launchpad.net/ubuntu/+source/valkey/7.2.8+dfsg1-0ubuntu0.24.04.2)
[USN-7363-1] PAM-PKCS#11 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7363-1
March 20, 2025
pam-pkcs11 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
PAM-PKCS#11 could be used to bypass authentication.
Software Description:
- pam-pkcs11: Fully featured PAM module for using PKCS#11 smart cards
Details:
Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not
properly handle certain return codes when authentication was not possible.
An attacker could possibly use this issue to bypass authentication. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-24531)
It was discovered that PAM-PKCS#11 did not require a private key signature
for authentication by default. An attacker could possibly use this issue
to bypass authentication. (CVE-2025-24032)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libpam-pkcs11 0.6.12-2ubuntu0.24.10.1
Ubuntu 24.04 LTS
libpam-pkcs11 0.6.12-2ubuntu0.24.04.1
Ubuntu 22.04 LTS
libpam-pkcs11 0.6.11-4ubuntu0.1
Ubuntu 20.04 LTS
libpam-pkcs11 0.6.11-2ubuntu0.1
Ubuntu 18.04 LTS
libpam-pkcs11 0.6.9-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libpam-pkcs11 0.6.8-4ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7363-1
CVE-2025-24032, CVE-2025-24531
Package Information:
https://launchpad.net/ubuntu/+source/pam-pkcs11/0.6.12-2ubuntu0.24.10.1
https://launchpad.net/ubuntu/+source/pam-pkcs11/0.6.12-2ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/pam-pkcs11/0.6.11-4ubuntu0.1
https://launchpad.net/ubuntu/+source/pam-pkcs11/0.6.11-2ubuntu0.1
[USN-7361-1] Libxslt vulnerability
==========================================================================
Ubuntu Security Notice USN-7361-1
March 20, 2025
libxslt vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Libxslt could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- libxslt: XSLT processing library
Details:
Ivan Fratric discovered that Libxslt incorrectly handled certain memory
operations when handling documents. A remote attacker could use this issue
to cause Libxslt to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.10
libxslt1.1 1.1.39-0exp1ubuntu1.2
Ubuntu 24.04 LTS
libxslt1.1 1.1.39-0exp1ubuntu0.24.04.2
Ubuntu 22.04 LTS
libxslt1.1 1.1.34-4ubuntu0.22.04.3
Ubuntu 20.04 LTS
libxslt1.1 1.1.34-4ubuntu0.20.04.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7361-1
CVE-2025-24855
Package Information:
https://launchpad.net/ubuntu/+source/libxslt/1.1.39-0exp1ubuntu1.2
https://launchpad.net/ubuntu/+source/libxslt/1.1.39-0exp1ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/libxslt/1.1.34-4ubuntu0.22.04.3
https://launchpad.net/ubuntu/+source/libxslt/1.1.34-4ubuntu0.20.04.3
