1. node-cipher-base Vulnerability (USN-7746-1): This affects Ubuntu versions 25.04 to 18.04 LTS. The vulnerability could allow an attacker to manipulate hash functions, potentially leading to incorrect hash values or denial of service. Users are advised to update to the latest package version to mitigate this risk.
2. CUPS Vulnerabilities (USN-7745-1): This impacts Ubuntu versions 25.04 to 16.04 LTS and involves multiple security flaws within the Common UNIX Printing System (CUPS). Issues include improper handling of authentication types and the deserialization of printer attributes, which could lead to authentication bypass or denial of service. Users should update to the patched versions as soon as possible.
3. QEMU Vulnerabilities (USN-7744-1): Affects Ubuntu versions 25.04 to 22.04 LTS, addressing several vulnerabilities in the QEMU virtual machine emulator. The flaws involve the handling of virtio devices, SDHCI device emulation, and USB devices, potentially allowing guest attackers to cause crashes or escalate privileges. Specific updates have been provided for each affected version, and a restart of virtual machines is recommended post-update.
In light of these vulnerabilities, Ubuntu users are strongly encouraged to perform standard system updates to ensure they are protected against these security threats. Keeping software up-to-date is crucial for maintaining system integrity and protecting sensitive data. Users should also monitor Ubuntu security notices for ongoing updates and additional vulnerabilities.
For further details, users can refer to the respective advisory links provided in the notices for more information on the nature of the vulnerabilities and recommended actions
Cipher-Base, CUPS, QEMU security updates for Ubuntu
Three security notices have been issued for Ubuntu, addressing vulnerabilities in various packages. The first notice (USN-7746-1) affects Ubuntu 25.04 to 18.04 LTS and fixes a vulnerability in the node-cipher-base package that could allow an attacker to manipulate the internal state of hash functions or cause a denial of service. The second notice (USN-7745-1) also affects Ubuntu 25.04 to 16.04 LTS and addresses vulnerabilities in the CUPS package, including issues with authentication types and deserialization and validation of printer attributes. The third notice (USN-7744-1) affects Ubuntu 25.04 to 22.04 LTS and fixes multiple vulnerabilities in the QEMU package, including issues with virtio devices, SDHCI device emulation, image files, and USB devices.
[USN-7746-1] cipher-base vulnerability
[USN-7745-1] CUPS vulnerabilities
[USN-7744-1] QEMU vulnerabilitiesCipher-Base, CUPS, QEMU security updates for Ubuntu @ Linux Compatible
