Ubuntu Linux has recently released security updates to address issues in Git and the Linux kernel.
Key vulnerabilities addressed include:
- CVE-2025-27613: Potential file manipulation via Gitk.
- CVE-2025-46835: Risks associated with malicious Git repositories.
- CVE-2025-48384: Arbitrary code execution through configuration file handling.
- CVE-2025-48385: Protocol injection vulnerabilities.
- CVE-2025-48386: Memory handling issues leading to denial of service.
Users are advised to update their systems to the specified package versions for their respective Ubuntu releases to mitigate these vulnerabilities.
- CVE-2024-50047: Use-after-free in async decryption.
- CVE-2024-53171: Use-after-free in ubifs.
- CVE-2024-56551: Slab-use-after-free in the AMD GPU driver.
- CVE-2024-56596: Array-index-out-of-bounds in JFS.
- CVE-2024-56608: Out-of-bounds access in display drivers.
- CVE-2024-57850: Memory corruption during decompression.
To resolve these issues, users should update their kernel livepatch to the specified versions for their respective Ubuntu distributions.
Git Regression: USN-7626-3
On July 10, 2025, Ubuntu issued USN-7626-3 to correct a regression introduced in prior updates that affected Git, specifically Gitk and Git GUI across multiple Ubuntu LTS versions (16.04, 18.04, 20.04, and 22.04). The earlier advisory, USN-7626-1, aimed to fix vulnerabilities CVE-2025-27613 and CVE-2025-46835, but inadvertently caused functionality issues with the Git graphical tools. These have now been rectified.Key vulnerabilities addressed include:
- CVE-2025-27613: Potential file manipulation via Gitk.
- CVE-2025-46835: Risks associated with malicious Git repositories.
- CVE-2025-48384: Arbitrary code execution through configuration file handling.
- CVE-2025-48385: Protocol injection vulnerabilities.
- CVE-2025-48386: Memory handling issues leading to denial of service.
Users are advised to update their systems to the specified package versions for their respective Ubuntu releases to mitigate these vulnerabilities.
Linux Kernel Vulnerability: LSN-0113-1
In a separate update, Ubuntu addressed several vulnerabilities in the Linux kernel. This affects a broader range of Ubuntu releases, including 14.04, 16.04, 18.04, 20.04, 22.04, and 24.04. Some of the notable vulnerabilities fixed include:- CVE-2024-50047: Use-after-free in async decryption.
- CVE-2024-53171: Use-after-free in ubifs.
- CVE-2024-56551: Slab-use-after-free in the AMD GPU driver.
- CVE-2024-56596: Array-index-out-of-bounds in JFS.
- CVE-2024-56608: Out-of-bounds access in display drivers.
- CVE-2024-57850: Memory corruption during decompression.
To resolve these issues, users should update their kernel livepatch to the specified versions for their respective Ubuntu distributions.
Conclusion
Maintaining system security is paramount, and these updates are crucial for mitigating potential risks associated with Git and kernel vulnerabilities. Users are encouraged to regularly check for updates and apply them promptly to ensure ongoing protection. As Ubuntu continues to receive updates, users should remain vigilant and proactive about their system's security postureGit and Kernel updates for Ubuntu
Ubuntu Linux has been updated with security enhancements, addressing a Git regression and a vulnerability in the Linux kernel:
[USN-7626-3] Git regression
[LSN-0113-1] Linux kernel vulnerability
