Ubuntu has released updates for the Linux kernel, Ruby, and Erlang, addressing various security vulnerabilities across multiple versions of the operating system.
- Out-of-Bounds Write Vulnerability: An issue in the watch_queue event notification system that could allow local attackers to escalate privileges or cause denial-of-service attacks (CVE-2022-0995).
- Use-After-Free (UAF) Vulnerabilities: Resolved multiple UAF vulnerabilities related to SMB client and blk-cgroup functionalities (CVE-2024-26928, CVE-2024-35864, CVE-2024-56672).
- Memory Leak Prevention: Addressed potential out-of-memory access risks and ensured that certain buffers are zero-initialized to prevent leaking kernel memory (CVE-2024-53063, CVE-2024-50302).
- Array Index Out-of-Bounds: Fixed checks in the JFS filesystem to prevent accessing memory out of bounds (CVE-2024-56595).
- Denial of Service: Vulnerabilities that could allow remote attackers to exploit the CGI gem for resource consumption (CVE-2025-27219, CVE-2025-27220).
- Credential Leakage: An issue in the URI gem that could leak authentication credentials (CVE-2025-27221).
- Arbitrary Command Execution: A flaw that could allow remote attackers to execute commands without authentication, leading to potential system compromise (CVE-2025-32433).
Linux Kernel Vulnerabilities
The updates include fixes for several vulnerabilities in the Linux kernel affecting releases from Ubuntu 14.04 LTS to 22.04 LTS. Key issues resolved include:- Out-of-Bounds Write Vulnerability: An issue in the watch_queue event notification system that could allow local attackers to escalate privileges or cause denial-of-service attacks (CVE-2022-0995).
- Use-After-Free (UAF) Vulnerabilities: Resolved multiple UAF vulnerabilities related to SMB client and blk-cgroup functionalities (CVE-2024-26928, CVE-2024-35864, CVE-2024-56672).
- Memory Leak Prevention: Addressed potential out-of-memory access risks and ensured that certain buffers are zero-initialized to prevent leaking kernel memory (CVE-2024-53063, CVE-2024-50302).
- Array Index Out-of-Bounds: Fixed checks in the JFS filesystem to prevent accessing memory out of bounds (CVE-2024-56595).
Ruby Vulnerabilities
Updates for Ruby address issues in the CGI and URI gems, impacting Ubuntu 16.04 LTS and 18.04 LTS:- Denial of Service: Vulnerabilities that could allow remote attackers to exploit the CGI gem for resource consumption (CVE-2025-27219, CVE-2025-27220).
- Credential Leakage: An issue in the URI gem that could leak authentication credentials (CVE-2025-27221).
Erlang Vulnerability
A significant vulnerability in Erlang's SSH module affects the latest versions of Ubuntu, including 20.04, 22.04, and 24.04 LTS:- Arbitrary Command Execution: A flaw that could allow remote attackers to execute commands without authentication, leading to potential system compromise (CVE-2025-32433).
Update Instructions
For all vulnerabilities, users are advised to perform standard system updates. Specific package updates are provided for each affected Ubuntu version, ensuring that users can easily identify and apply necessary changes.Conclusion
These updates reflect Ubuntu's ongoing commitment to security by swiftly addressing vulnerabilities across its supported releases. Users are encouraged to apply the updates promptly to protect their systems from potential threats. Regular system maintenance and updates are crucial for maintaining security and stability in any operating environmentLinux kernel, Ruby, Erlang updates for Ubuntu
Ubuntu Linux has received updates that address security vulnerabilities in the Linux kernel, Ruby, and Erlang:
[LSN-0111-1] Linux kernel vulnerability
[USN-7442-1] Ruby vulnerabilities
[USN-7443-1] Erlang vulnerabilityLinux kernel, Ruby, Erlang updates for Ubuntu @ Linux Compatible
