NVD Description

Note: Versions mentioned in the description apply only to the upstream pam package and not the pam package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Remediation

There is no fixed version for Ubuntu:24.04 pam.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-8941
• https://access.redhat.com/security/cve/CVE-2025-8941
• https://bugzilla.redhat.com/show_bug.cgi?id=2388220
• https://access.redhat.com/errata/RHSA-2025:14557
• https://access.redhat.com/errata/RHSA-2025:15100
• https://access.redhat.com/errata/RHSA-2025:15104
• https://access.redhat.com/errata/RHSA-2025:15107
• https://access.redhat.com/errata/RHSA-2025:15099
• https://access.redhat.com/errata/RHSA-2025:15101
• https://access.redhat.com/errata/RHSA-2025:15102
• https://access.redhat.com/errata/RHSA-2025:15103
• https://access.redhat.com/errata/RHSA-2025:15105
• https://access.redhat.com/errata/RHSA-2025:15106
• https://access.redhat.com/errata/RHSA-2025:15709
• https://access.redhat.com/errata/RHSA-2025:15828
• https://access.redhat.com/errata/RHSA-2025:15827
• https://access.redhat.com/errata/RHSA-2025:16524
• https://access.redhat.com/errata/RHSA-2025:18219
• https://access.redhat.com/errata/RHSA-2025:17181
• https://access.redhat.com/errata/RHSA-2025:21885

NVD Description

Note: Versions mentioned in the description apply only to the upstream freeglut package and not the freeglut package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.

Remediation

Upgrade Ubuntu:24.04 freeglut to version 3.4.0-1ubuntu0.1~esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-24259
• https://github.com/freeglut/freeglut/pull/155
• https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/

NVD Description

Note: Versions mentioned in the description apply only to the upstream freeglut package and not the freeglut package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.

Remediation

Upgrade Ubuntu:24.04 freeglut to version 3.4.0-1ubuntu0.1~esm1 or higher.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-24258
• https://github.com/freeglut/freeglut/pull/155
• https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/

Overview

node is a JavaScript runtime built on Chrome's V8 JavaScript engine.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the ReadFileUtf8 internal binding, which fails to clean up pointers in uv_fs_s.file. UTF-16 path buffers leak memory, which can lead to denial of service.

Note:

CVE-2025-23122 is a duplicate of this vulnerability.

Remediation

Upgrade node to version 20.19.2, 22.15.1 or higher.

References

• GitHub Commit
• Node.js Advisory

Overview

node is a JavaScript runtime built on Chrome's V8 JavaScript engine.

Affected versions of this package are vulnerable to HTTP Request Smuggling in the llhttp implementation, when handing HTTP/1 headers terminated with \r\n\rX instead of the required \r\n\r\n. This allows attackers to bypass proxy-based access controls and submit unauthorized requests.

Remediation

Upgrade node to version 20.19.2 or higher.

References

• GitHub Commit
• Node.js Advisory

Overview

node is a JavaScript runtime built on Chrome's V8 JavaScript engine.

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the V8 JavaScript engine due to the string hashing mechanism predictably hashing integer-like strings directly to their numeric values. An attacker can exploit this by sending maliciously crafted payloads containing many colliding strings to endpoints that process user input (most commonly via JSON.parse()). This causes massive hash collisions within V8's internal string table, drastically degrading the performance of the Node.js process and resulting in a Denial of Service (DoS).

Remediation

Upgrade node to version 20.20.2, 22.22.2, 24.14.1, 25.8.2 or higher.

Overview

node is a JavaScript runtime built on Chrome's V8 JavaScript engine.

Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in HTTP/2 servers that triggers when a client sends WINDOW_UPDATE frames on stream 0 that cause the flow control window to exceed $2^{31}-1$. Although the server responds with a GOAWAY frame, it fails to properly clean up the Http2Session object. An unauthenticated remote attacker can exploit this by continuously opening connections and sending these crafted frames. This forces the server to leak memory indefinitely, eventually causing resource exhaustion and a Denial of Service (DoS).

Remediation

Upgrade node to version 20.20.2, 22.22.2, 24.14.1, 25.8.2 or higher.

References

• GitHub Commit
• Node.js Security Releases

NVD Description

Note: Versions mentioned in the description apply only to the upstream pixman package and not the pixman package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.

Remediation

There is no fixed version for Ubuntu:24.04 pixman.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2023-37769
• https://gitlab.freedesktop.org/pixman/pixman/-/issues/76

Overview

node is a JavaScript runtime built on Chrome's V8 JavaScript engine.

Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the crypto_hmac.cc module using memcmp(), a non-constant-time comparison function to validate user-provided HMAC signatures, rather than the timing-safe equivalents used elsewhere in the codebase. An attacker capable of taking high-resolution timing measurements can use the application as a timing oracle. Because the comparison leaks timing information proportional to the number of matching bytes, the attacker can iteratively infer the expected HMAC values, ultimately enabling them to forge valid Message Authentication Codes (MACs).

Remediation

Upgrade node to version 20.20.2, 22.22.2, 24.14.1, 25.8.2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream wget package and not the wget package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Remediation

There is no fixed version for Ubuntu:24.04 wget.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-31879
• https://security.netapp.com/advisory/ntap-20210618-0002/
• https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

Remediation

There is no fixed version for Ubuntu:24.04 binutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-11495
• https://sourceware.org/bugzilla/attachment.cgi?id=16393
• https://sourceware.org/bugzilla/show_bug.cgi?id=33502
• https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0
• https://vuldb.com/?ctiid.327620
• https://vuldb.com/?id.327620
• https://vuldb.com/?submit.668290
• https://www.gnu.org/

NVD Description

Note: Versions mentioned in the description apply only to the upstream expat package and not the expat package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.

Remediation

There is no fixed version for Ubuntu:24.04 expat.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-66382
• https://github.com/libexpat/libexpat/issues/1076
• http://www.openwall.com/lists/oss-security/2025/12/02/1

Overview

node is a JavaScript runtime built on Chrome's V8 JavaScript engine.

Affected versions of this package are vulnerable to Incorrect Authorization in the permission model via the fs.futimes() function due to failing to check for write permissions. A process restricted to "read-only" access can still modify a file's access and modification timestamps. While it doesn't allow changing the file's content, it can be used to obscure malicious activity by tampering with audit logs or metadata.

Note:

This is only exploitable if the attacker already has the ability to execute code on the system (within the restricted Node.js environment).

Remediation

Upgrade node to version 20.20.0, 22.22.0, 24.13.0, 25.3.0 or higher.

References

• GitHub Commit
• Node.js Security Releases

Overview

node is a JavaScript runtime built on Chrome's V8 JavaScript engine.

Affected versions of this package are vulnerable to Missing Authorization via the fs.realpathSync.native() function. An attacker running malicious code within a restricted Node.js environment (where --allow-fs-read is intentionally limited) can exploit this missing check to verify file existence, resolve symlink targets, and enumerate paths outside of the permitted directories, leading to unauthorized information disclosure.

Remediation

Upgrade node to version 20.20.2, 22.22.2, 24.14.1, 25.8.2 or higher.

References

• GitHub Commit
• Node.js Security Releases

NVD Description

Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.

Remediation

There is no fixed version for Ubuntu:24.04 gnupg2.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-68972
• https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i
• https://news.ycombinator.com/item?id=46404339
• https://gpg.fail/formfeed

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A vulnerability classified as problematic has been found in GNU Binutils 2.43. This affects the function _bfd_elf_write_section_eh_frame of the file bfd/elf-eh-frame.c of the component ld. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Remediation

There is no fixed version for Ubuntu:24.04 binutils.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-1180
• https://sourceware.org/bugzilla/attachment.cgi?id=15917
• https://vuldb.com/?ctiid.295083
• https://vuldb.com/?id.295083
• https://www.gnu.org/
• https://sourceware.org/bugzilla/show_bug.cgi?id=32642
• https://vuldb.com/?submit.495381

NVD Description

Note: Versions mentioned in the description apply only to the upstream tar package and not the tar package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.

Remediation

There is no fixed version for Ubuntu:24.04 tar.

References

• http://people.ubuntu.com/~ubuntu-security/cve/CVE-2025-45582
• https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md
• https://www.gnu.org/software/tar/
• https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html
• https://www.gnu.org/software/tar/manual/html_node/Integrity.html
• https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html
• http://www.openwall.com/lists/oss-security/2025/11/01/6