Ubuntu Linux has released important security updates addressing vulnerabilities in several key components: Nix, GnuTLS, GNU C Library (glibc), and an Apport regression. These updates are essential for users to ensure the security and stability of their systems.
- Summary: Multiple vulnerabilities fixed, including issues related to binary handling, TLS certificates, Unix sockets, and unpacking Nix archives, potentially allowing arbitrary code execution or information leaks.
- Update Versions:
- Ubuntu 24.04: `nix-bin 2.18.1+dfsg-1ubuntu5+esm2`
- Ubuntu 22.04: `nix-bin 2.6.0+dfsg-3ubuntu0.1~esm1`
- Summary: Several security flaws fixed, including improper handling of Subject Alternative Name entries and Certificate Transparency extensions, which could lead to crashes or arbitrary code execution.
- Update Versions:
- Ubuntu 25.04: `libgnutls30t64 3.8.9-2ubuntu3.1`
- Ubuntu 24.04: `libgnutls30t64 3.8.3-1.1ubuntu3.4`
- Ubuntu 22.04: `libgnutls30 3.7.3-4ubuntu1.7`
- Summary: Issues identified in the `strcmp` and `strncmp` implementations optimized for Power10 processors, potentially causing application crashes or information leakage.
- Update Versions:
- Ubuntu 25.04: `libc6 2.41-6ubuntu1.1`
- Ubuntu 24.04: `libc6 2.39-0ubuntu8.5`
- Summary: A regression introduced in Apport caused errors if a crashing process was killed during analysis. This update resolves the issue.
- Update Versions:
- Ubuntu 25.04: `apport 2.32.0-0ubuntu5.3`, `python3-apport 2.32.0-0ubuntu5.3`
- Ubuntu 24.04: `apport 2.28.1-0ubuntu3.8`, `python3-apport 2.28.1-0ubuntu3.8`
- Additional versions for earlier releases are also available.
For further details and to access the updates, users can visit the official Ubuntu security notices linked in each section. The commitment to security through regular updates is crucial for maintaining the integrity and safety of the Ubuntu environment
Nix Vulnerabilities (USN-7633-1)
- Affected Releases: Ubuntu 24.04 LTS, 22.04 LTS- Summary: Multiple vulnerabilities fixed, including issues related to binary handling, TLS certificates, Unix sockets, and unpacking Nix archives, potentially allowing arbitrary code execution or information leaks.
- Update Versions:
- Ubuntu 24.04: `nix-bin 2.18.1+dfsg-1ubuntu5+esm2`
- Ubuntu 22.04: `nix-bin 2.6.0+dfsg-3ubuntu0.1~esm1`
GnuTLS Vulnerabilities (USN-7635-1)
- Affected Releases: Ubuntu 25.04, 24.04 LTS, 22.04 LTS- Summary: Several security flaws fixed, including improper handling of Subject Alternative Name entries and Certificate Transparency extensions, which could lead to crashes or arbitrary code execution.
- Update Versions:
- Ubuntu 25.04: `libgnutls30t64 3.8.9-2ubuntu3.1`
- Ubuntu 24.04: `libgnutls30t64 3.8.3-1.1ubuntu3.4`
- Ubuntu 22.04: `libgnutls30 3.7.3-4ubuntu1.7`
GNU C Library Vulnerabilities (USN-7634-1)
- Affected Releases: Ubuntu 25.04, 24.04 LTS- Summary: Issues identified in the `strcmp` and `strncmp` implementations optimized for Power10 processors, potentially causing application crashes or information leakage.
- Update Versions:
- Ubuntu 25.04: `libc6 2.41-6ubuntu1.1`
- Ubuntu 24.04: `libc6 2.39-0ubuntu8.5`
Apport Regression (USN-7545-3)
- Affected Releases: Ubuntu 25.04, 24.04 LTS, 22.04 LTS, 20.04 LTS, 18.04 LTS, 16.04 LTS- Summary: A regression introduced in Apport caused errors if a crashing process was killed during analysis. This update resolves the issue.
- Update Versions:
- Ubuntu 25.04: `apport 2.32.0-0ubuntu5.3`, `python3-apport 2.32.0-0ubuntu5.3`
- Ubuntu 24.04: `apport 2.28.1-0ubuntu3.8`, `python3-apport 2.28.1-0ubuntu3.8`
- Additional versions for earlier releases are also available.
Update Instructions
Users are encouraged to perform a standard system update to apply these fixes and enhance their system security. For those on Ubuntu Pro, specific versions of the packages are available to ensure compliance and support.For further details and to access the updates, users can visit the official Ubuntu security notices linked in each section. The commitment to security through regular updates is crucial for maintaining the integrity and safety of the Ubuntu environment
Nix, GnuTLS, GNU C, Apport updates for Ubuntu
Ubuntu Linux has received updates focused on security enhancements, addressing vulnerabilities in Nix, GnuTLS, GNU C Library, and an Apport regression:
[USN-7633-1] Nix vulnerabilities
[USN-7635-1] GnuTLS vulnerabilities
[USN-7634-1] GNU C Library vulnerabilities
[USN-7545-3] Apport regressionNix, GnuTLS, GNU C, Apport updates for Ubuntu @ Linux Compatible
