Ubuntu has released important security updates for its 24.04 LTS version that address vulnerabilities in Roundcube Webmail and the libjxl (JPEG XL) library.
- Summary: A flaw in Roundcube could allow sensitive information to be exposed during email transmission. The vulnerability stems from improper sanitization in the `message_body` function, potentially allowing remote attackers to impersonate users in email communications.
- Affected Package Versions:
- roundcube: 1.6.6+dfsg-2ubuntu0.1+esm1
- roundcube-core: 1.6.6+dfsg-2ubuntu0.1+esm1
- Resolution: Users are advised to perform a standard system update to apply the necessary changes.
- Summary: Several vulnerabilities in libjxl were fixed, which could lead to denial of service or even arbitrary code execution. The issues primarily involve inadequate bounds checking during the parsing of Exif tags, decoding of patches, JPEG recompression, and handling specific image files.
- CVE Identifiers:
- CVE-2023-0645
- CVE-2023-35790
- CVE-2024-11403
- CVE-2024-11498
- Affected Package Versions:
- libjpegxl-java: 0.7.0-10.2ubuntu6.1
- libjxl-tools: 0.7.0-10.2ubuntu6.1
- libjxl0.7: 0.7.0-10.2ubuntu6.1
- Resolution: Similar to Roundcube, users should update their systems to apply these fixes.
Roundcube Webmail Vulnerability ([USN-7636-1])
- Date: July 14, 2025- Summary: A flaw in Roundcube could allow sensitive information to be exposed during email transmission. The vulnerability stems from improper sanitization in the `message_body` function, potentially allowing remote attackers to impersonate users in email communications.
- Affected Package Versions:
- roundcube: 1.6.6+dfsg-2ubuntu0.1+esm1
- roundcube-core: 1.6.6+dfsg-2ubuntu0.1+esm1
- Resolution: Users are advised to perform a standard system update to apply the necessary changes.
libjxl Vulnerabilities ([USN-7637-1])
- Date: July 14, 2025- Summary: Several vulnerabilities in libjxl were fixed, which could lead to denial of service or even arbitrary code execution. The issues primarily involve inadequate bounds checking during the parsing of Exif tags, decoding of patches, JPEG recompression, and handling specific image files.
- CVE Identifiers:
- CVE-2023-0645
- CVE-2023-35790
- CVE-2024-11403
- CVE-2024-11498
- Affected Package Versions:
- libjpegxl-java: 0.7.0-10.2ubuntu6.1
- libjxl-tools: 0.7.0-10.2ubuntu6.1
- libjxl0.7: 0.7.0-10.2ubuntu6.1
- Resolution: Similar to Roundcube, users should update their systems to apply these fixes.
General Update Instructions
For both vulnerabilities, a standard system update procedure will suffice to ensure that all necessary security patches are applied. Users are encouraged to regularly check for updates to maintain system security.Conclusion
These updates underscore the importance of keeping software current to protect against potential security threats. Users of Ubuntu 24.04 LTS should ensure they have updated their systems to the latest versions of these packages to safeguard their data and maintain the integrity of their applicationsRoundcube and LibJXL updates for Ubuntu
Ubuntu Linux has been updated with security updates, including a fix for a Roundcube Webmail vulnerability and libjxl vulnerabilities:
[USN-7636-1] Roundcube Webmail vulnerability
[USN-7637-1] libjxl vulnerabilities
