Ubuntu has announced two critical security updates, USN-7761-1 and USN-7760-1, aimed at addressing vulnerabilities in the Pluggable Authentication Modules (PAM) and the GNU C Library (glibc). The first vulnerability in PAM may enable attackers to spoof hostnames, potentially allowing unauthorized access to network services. Meanwhile, the glibc vulnerability could lead to application crashes or even arbitrary code execution due to improper handling of memory allocation failures in the regcomp function.
To mitigate these vulnerabilities, users are strongly encouraged to update their systems to the latest package versions. For PAM, the recommended updates are:
- Ubuntu 25.04: libpam-modules version 1.5.3-7ubuntu4.4
- Ubuntu 24.04 LTS: libpam-modules version 1.5.3-5ubuntu5.5
For the GNU C Library, users should update to the following:
- Ubuntu 25.04: libc6 version 2.41-6ubuntu1.2
- Ubuntu 24.04 LTS: libc6 version 2.39-0ubuntu8.6
- Ubuntu 22.04 LTS: libc6 version 2.35-0ubuntu3.11
After applying these updates, a system reboot is necessary to ensure that all changes take effect.
These updates highlight the importance of maintaining system security through regular updates, particularly for software components that handle authentication and core library functions. Users should remain vigilant about security notices and ensure that their systems are running the latest versions of essential software packages to protect against potential vulnerabilities.
For further details, users can refer to the official security notices:
- [USN-7761-1: PAM vulnerability](https://ubuntu.com/security/notices/USN-7761-1)
- [USN-7760-1: GNU C Library vulnerability](https://ubuntu.com/security/notices/USN-7760-1)
In summary, this situation serves as a reminder for all Ubuntu users to prioritize system updates and security practices to safeguard against emerging threats
To mitigate these vulnerabilities, users are strongly encouraged to update their systems to the latest package versions. For PAM, the recommended updates are:
- Ubuntu 25.04: libpam-modules version 1.5.3-7ubuntu4.4
- Ubuntu 24.04 LTS: libpam-modules version 1.5.3-5ubuntu5.5
For the GNU C Library, users should update to the following:
- Ubuntu 25.04: libc6 version 2.41-6ubuntu1.2
- Ubuntu 24.04 LTS: libc6 version 2.39-0ubuntu8.6
- Ubuntu 22.04 LTS: libc6 version 2.35-0ubuntu3.11
After applying these updates, a system reboot is necessary to ensure that all changes take effect.
These updates highlight the importance of maintaining system security through regular updates, particularly for software components that handle authentication and core library functions. Users should remain vigilant about security notices and ensure that their systems are running the latest versions of essential software packages to protect against potential vulnerabilities.
For further details, users can refer to the official security notices:
- [USN-7761-1: PAM vulnerability](https://ubuntu.com/security/notices/USN-7761-1)
- [USN-7760-1: GNU C Library vulnerability](https://ubuntu.com/security/notices/USN-7760-1)
In summary, this situation serves as a reminder for all Ubuntu users to prioritize system updates and security practices to safeguard against emerging threats
PAM and GNU C Library updates for Ubuntu
Ubuntu has released two security notices: USN-7761-1 and USN-7760-1, addressing vulnerabilities in PAM (Pluggable Authentication Modules) and GNU C Library. The PAM vulnerability could allow an attacker to spoof hostnames and bypass access restrictions, while the GNU C Library issue could cause applications to crash or run arbitrary code. To resolve these issues, users are advised to update their systems to the latest package versions: libpam-modules 1.5.3-7ubuntu4.4 for Ubuntu 25.04, libpam-modules 1.5.3-5ubuntu5.5 for Ubuntu 24.04 LTS, and libc6 versions ranging from 2.35 to 2.41 for various Ubuntu releases.
[USN-7761-1] PAM vulnerability
[USN-7760-1] GNU C Library vulnerability
