Ubuntu Linux has released important security updates addressing vulnerabilities in H2O, PostgreSQL, and Poppler. These updates specifically target several versions of Ubuntu, including Ubuntu 18.04 LTS, which is particularly affected by the vulnerabilities.
1. H2O Vulnerability (USN-7469-4):
- Issue: H2O, an optimized HTTP server, can crash when it receives specially crafted network traffic.
- Affected Version: Ubuntu 18.04 LTS.
- Resolution: Users are advised to update to H2O version 2.2.4+dfsg-1ubuntu0.1~esm2 to fix the vulnerability. After updating, it is necessary to restart the H2O server.
- Reference: CVE-2023-44487
2. PostgreSQL Vulnerability (USN-7315-2):
- Issue: PostgreSQL version 10 could execute arbitrary code due to improper handling of quoting syntax, potentially allowing SQL injection attacks.
- Affected Version: Ubuntu 18.04 LTS.
- Resolution: Users should update to PostgreSQL version 10.23-0ubuntu0.18.04.2+esm3. A restart of PostgreSQL is required post-update.
- Reference: CVE-2025-1094
3. Poppler Vulnerabilities (USN-7471-1):
- Issue: Poppler, a PDF rendering library, failed to verify signatures in PDF documents correctly, leading to the possibility of forged signatures being accepted as legitimate.
- Affected Versions: Multiple Ubuntu releases, including 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, 24.10, and 25.04.
- Resolution: Updates vary by version, with Ubuntu 18.04 users needing to upgrade to libpoppler73 version 0.62.0-2ubuntu2.14+esm6.
- Reference: CVE-2025-43903
To ensure system security, it is crucial for users to perform a standard system update to apply these patches and restart the respective services as needed.
1. H2O Vulnerability (USN-7469-4):
- Issue: H2O, an optimized HTTP server, can crash when it receives specially crafted network traffic.
- Affected Version: Ubuntu 18.04 LTS.
- Resolution: Users are advised to update to H2O version 2.2.4+dfsg-1ubuntu0.1~esm2 to fix the vulnerability. After updating, it is necessary to restart the H2O server.
- Reference: CVE-2023-44487
2. PostgreSQL Vulnerability (USN-7315-2):
- Issue: PostgreSQL version 10 could execute arbitrary code due to improper handling of quoting syntax, potentially allowing SQL injection attacks.
- Affected Version: Ubuntu 18.04 LTS.
- Resolution: Users should update to PostgreSQL version 10.23-0ubuntu0.18.04.2+esm3. A restart of PostgreSQL is required post-update.
- Reference: CVE-2025-1094
3. Poppler Vulnerabilities (USN-7471-1):
- Issue: Poppler, a PDF rendering library, failed to verify signatures in PDF documents correctly, leading to the possibility of forged signatures being accepted as legitimate.
- Affected Versions: Multiple Ubuntu releases, including 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS, 24.10, and 25.04.
- Resolution: Updates vary by version, with Ubuntu 18.04 users needing to upgrade to libpoppler73 version 0.62.0-2ubuntu2.14+esm6.
- Reference: CVE-2025-43903
To ensure system security, it is crucial for users to perform a standard system update to apply these patches and restart the respective services as needed.
Extension:
In addition to these updates, users are encouraged to routinely monitor their systems for security notifications and apply updates promptly. Utilizing tools like `unattended-upgrades` can help automate the process of keeping systems secure. Additionally, it is advisable to regularly review security best practices, including firewall configurations and access controls, to further safeguard systems against potential threats. For those running critical applications, considering a transition to longer-term support versions or utilizing Ubuntu Pro may provide added security benefits and timely updatesH2O, PostgreSQL, Poppler updates for Ubuntu
Ubuntu Linux has been updated with security updates, including a fix for a H2O vulnerability, a fix for a PostgreSQL vulnerability, and a fix for a poppler vulnerability:
[USN-7469-4] H2O vulnerability
[USN-7315-2] PostgreSQL vulnerability
[USN-7471-1] poppler vulnerabilitiesH2O, PostgreSQL, Poppler updates for Ubuntu @ Linux Compatible
