Ubuntu Linux has released security updates addressing vulnerabilities in Tomcat, Samba, and .NET for various versions of the operating system, including 25.04, 24.10, 24.04 LTS, 22.04 LTS, and 20.04 LTS.
- A lack of secure attributes for session cookies, potentially allowing sensitive information leaks (CVE-2023-28708).
- Improper object recycling leading to information leakage across requests (CVE-2023-42795).
- HTTP request smuggling through mismanagement of trailer headers (CVE-2023-45648).
- Inadequate handling of incomplete POST requests (CVE-2024-21733).
- Issues with socket cleanup causing denial of service (CVE-2024-23672).
- Problems with HTTP/2 requests exceeding header limits leading to denial of service (CVE-2024-24549).
- Incorrect handling of excessive HTTP headers in HTTP/2 streams (CVE-2024-34750).
- TLS handshake process vulnerabilities (CVE-2024-38286).
To resolve these issues, users are advised to update their systems to specific package versions provided in the notice.
Tomcat Vulnerabilities (USN-7562-1)
On June 9, 2025, the Ubuntu Security Notice USN-7562-1 was issued due to multiple security issues identified in Tomcat versions 8, 9, and 10. Key vulnerabilities include:- A lack of secure attributes for session cookies, potentially allowing sensitive information leaks (CVE-2023-28708).
- Improper object recycling leading to information leakage across requests (CVE-2023-42795).
- HTTP request smuggling through mismanagement of trailer headers (CVE-2023-45648).
- Inadequate handling of incomplete POST requests (CVE-2024-21733).
- Issues with socket cleanup causing denial of service (CVE-2024-23672).
- Problems with HTTP/2 requests exceeding header limits leading to denial of service (CVE-2024-24549).
- Incorrect handling of excessive HTTP headers in HTTP/2 streams (CVE-2024-34750).
- TLS handshake process vulnerabilities (CVE-2024-38286).
To resolve these issues, users are advised to update their systems to specific package versions provided in the notice.
Samba Vulnerability (USN-7564-1)
On June 10, 2025, Ubuntu Security Notice USN-7564-1 reported a vulnerability in Samba, impacting Ubuntu 25.04. This issue could allow unauthorized access to network services through improper handling of group membership changes in Kerberos authentication (CVE-2025-0620). Users should update their Samba package to the specified version to fix this vulnerability..NET Vulnerability (USN-7563-1)
Also on June 10, 2025, USN-7563-1 was released, detailing a vulnerability in .NET affecting several Ubuntu versions, including 25.04, 24.10, 24.04 LTS, and 22.04 LTS. The vulnerability allows an attacker to execute arbitrary code through improperly validated search paths in Microsoft.NETCore.App.Runtime (CVE-2025-30399). Users are encouraged to update their .NET packages to the recommended versions.Conclusion
These updates highlight the ongoing commitment of Ubuntu to maintaining security across its platforms. Users are encouraged to perform standard system updates to ensure they have the latest security patches and to mitigate potential risks associated with these vulnerabilities. Regular updates are essential for maintaining the security and integrity of systems running UbuntuTomcat, Samba, .NET updates for Ubuntu
Ubuntu Linux has been updated with security updates for Tomcat, Samba, and.NET vulnerabilities:
[USN-7562-1] Tomcat vulnerabilities
[USN-7564-1] Samba vulnerability
[USN-7563-1] .NET vulnerability
