Ubuntu Linux has released several security updates addressing vulnerabilities in the Linux kernel (Oracle), MySQL, the qs library, and the Apache HTTP Server. These updates are critical for users running various versions of Ubuntu, including 16.04 LTS, 22.04 LTS, 24.04 LTS, and 25.04.
1. Linux Kernel (Oracle) Vulnerabilities [USN-7685-5]
- Affected Release: Ubuntu 16.04 LTS
- Summary: Multiple security issues were fixed in the Linux kernel affecting various subsystems, including device drivers and file systems. Attackers could potentially exploit these vulnerabilities to compromise systems.
- Update Advice: Users are advised to update their kernel version to `linux-image-4.15.0-1145-oracle` and reboot their systems. Note that this update requires recompiling any third-party kernel modules due to ABI changes.
2. MySQL Vulnerabilities [USN-7691-1]
- Affected Releases: Ubuntu 22.04 LTS, 24.04 LTS, and 25.04
- Summary: Several vulnerabilities were fixed in the MySQL database software, with updates to versions 8.0.43 and 8.4.6. These updates not only fix security issues but also include bug fixes and new features.
- Update Advice: Users should update to the latest MySQL version for their respective Ubuntu release to mitigate these vulnerabilities.
3. qs Vulnerability [USN-7693-1]
- Affected Release: Ubuntu 20.04 LTS
- Summary: A vulnerability was identified in the `qs` library that could lead to a denial of service if exploited through specially crafted network traffic.
- Update Advice: Users are encouraged to update the `node-qs` package to the latest version, which resolves this issue.
4. Apache HTTP Server Regression [USN-6885-6]
- Affected Releases: Ubuntu 22.04 LTS and 24.04 LTS
- Summary: An incomplete patch for a vulnerability in Apache introduced a regression, which could allow remote attackers to execute scripts or cause a denial of service. The new update resolves this regression.
- Update Advice: Users should update to the specified Apache versions to ensure their servers are secure.
Details of the Updates:
1. Linux Kernel (Oracle) Vulnerabilities [USN-7685-5]
- Affected Release: Ubuntu 16.04 LTS
- Summary: Multiple security issues were fixed in the Linux kernel affecting various subsystems, including device drivers and file systems. Attackers could potentially exploit these vulnerabilities to compromise systems.
- Update Advice: Users are advised to update their kernel version to `linux-image-4.15.0-1145-oracle` and reboot their systems. Note that this update requires recompiling any third-party kernel modules due to ABI changes.
2. MySQL Vulnerabilities [USN-7691-1]
- Affected Releases: Ubuntu 22.04 LTS, 24.04 LTS, and 25.04
- Summary: Several vulnerabilities were fixed in the MySQL database software, with updates to versions 8.0.43 and 8.4.6. These updates not only fix security issues but also include bug fixes and new features.
- Update Advice: Users should update to the latest MySQL version for their respective Ubuntu release to mitigate these vulnerabilities.
3. qs Vulnerability [USN-7693-1]
- Affected Release: Ubuntu 20.04 LTS
- Summary: A vulnerability was identified in the `qs` library that could lead to a denial of service if exploited through specially crafted network traffic.
- Update Advice: Users are encouraged to update the `node-qs` package to the latest version, which resolves this issue.
4. Apache HTTP Server Regression [USN-6885-6]
- Affected Releases: Ubuntu 22.04 LTS and 24.04 LTS
- Summary: An incomplete patch for a vulnerability in Apache introduced a regression, which could allow remote attackers to execute scripts or cause a denial of service. The new update resolves this regression.
- Update Advice: Users should update to the specified Apache versions to ensure their servers are secure.
Conclusion:
It is essential for Ubuntu users to regularly update their systems to safeguard against potential security threats. The latest patches address critical vulnerabilities that could be exploited by attackers. Users are encouraged to follow the update instructions provided in the security notices and maintain their systems with the latest security enhancements. For ongoing support and information, users should refer to the Ubuntu security notices and relevant CVE referencesKernel, MySQL, gs, Apache updates for Ubuntu
Ubuntu Linux has been updated with security updates, including vulnerabilities in the Linux kernel (Oracle), MySQL, qs, and Apache HTTP Server:
[USN-7685-5] Linux kernel (Oracle) vulnerabilities
[USN-7691-1] MySQL vulnerabilities
[USN-7693-1] qs vulnerability
[USN-6885-6] Apache HTTP Server regressionKernel, MySQL, gs, Apache updates for Ubuntu @ Linux Compatible
