ubuntu jammy v1.954

Metadata:

BOSH Agent Version: 2.775.0
Kernel Version: 5.15.0.161.157

What's Changed

• Disable floppy kernel module by @s4heid in #449

Full Changelog: ubuntu-jammy/v1.943...ubuntu-jammy/v1.954

USNs:

Title: USN-7847-1 -- GNU binutils vulnerabilities
URL: https://ubuntu.com/security/notices/USN-7847-1
Priorities: medium
Description:
It was discovered that GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. The attack is restricted to local execution. (CVE-2025-11082) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2025-11083, CVE-2025-5244, CVE-2025-5245, CVE-2025-7554) It was discovered that GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause crash, execute arbitrary code or expose sensitive information. (CVE-2025-1147) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-1148, CVE-2025-3198, CVE-2025-8225 It was discovered that GNU binutils incorrectly handled certain files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 25.04. (CVE-2025-1182) It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbritrary code. This issue only affected Ubuntu 25.04 and Ubuntu 24.04 LTS. (CVE-2025-7546) Update Instructions: Run sudo pro fix USN-7847-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: binutils - 2.38-4ubuntu2.10 binutils-aarch64-linux-gnu - 2.38-4ubuntu2.10 binutils-alpha-linux-gnu - 2.38-4ubuntu2.10 binutils-arm-linux-gnueabi - 2.38-4ubuntu2.10 binutils-arm-linux-gnueabihf - 2.38-4ubuntu2.10 binutils-common - 2.38-4ubuntu2.10 binutils-dev - 2.38-4ubuntu2.10 binutils-doc - 2.38-4ubuntu2.10 binutils-for-build - 2.38-4ubuntu2.10 binutils-for-host - 2.38-4ubuntu2.10 binutils-hppa-linux-gnu - 2.38-4ubuntu2.10 binutils-hppa64-linux-gnu - 2.38-4ubuntu2.10 binutils-i686-gnu - 2.38-4ubuntu2.10 binutils-i686-kfreebsd-gnu - 2.38-4ubuntu2.10 binutils-i686-linux-gnu - 2.38-4ubuntu2.10 binutils-ia64-linux-gnu - 2.38-4ubuntu2.10 binutils-m68k-linux-gnu - 2.38-4ubuntu2.10 binutils-multiarch - 2.38-4ubuntu2.10 binutils-multiarch-dev - 2.38-4ubuntu2.10 binutils-powerpc-linux-gnu - 2.38-4ubuntu2.10 binutils-powerpc64-linux-gnu - 2.38-4ubuntu2.10 binutils-powerpc64le-linux-gnu - 2.38-4ubuntu2.10 binutils-riscv64-linux-gnu - 2.38-4ubuntu2.10 binutils-s390x-linux-gnu - 2.38-4ubuntu2.10 binutils-sh4-linux-gnu - 2.38-4ubuntu2.10 binutils-source - 2.38-4ubuntu2.10 binutils-sparc64-linux-gnu - 2.38-4ubuntu2.10 binutils-x86-64-kfreebsd-gnu - 2.38-4ubuntu2.10 binutils-x86-64-linux-gnu - 2.38-4ubuntu2.10 binutils-x86-64-linux-gnux32 - 2.38-4ubuntu2.10 libbinutils - 2.38-4ubuntu2.10 libctf-nobfd0 - 2.38-4ubuntu2.10 libctf0 - 2.38-4ubuntu2.10 No subscription required
CVEs:

• https://ubuntu.com/security/CVE-2025-11082
• https://ubuntu.com/security/CVE-2025-11083
• https://ubuntu.com/security/CVE-2025-1147
• https://ubuntu.com/security/CVE-2025-1148
• https://ubuntu.com/security/CVE-2025-1182
• https://ubuntu.com/security/CVE-2025-3198
• https://ubuntu.com/security/CVE-2025-5244
• https://ubuntu.com/security/CVE-2025-5245
• https://ubuntu.com/security/CVE-2025-7545
• https://ubuntu.com/security/CVE-2025-7546
• https://ubuntu.com/security/CVE-2025-8225

Title: USN-7852-1 -- libxml2 vulnerability
URL: https://ubuntu.com/security/notices/USN-7852-1
Priorities: medium
Description:
It was discovered that libxslt, used by libxml2, incorrectly handled certain attributes. An attacker could use this issue to cause a crash, resulting in a denial of service, or possibly execute arbitrary code. This update adds a fix to libxml2 to mitigate the libxslt vulnerability. Update Instructions: Run sudo pro fix USN-7852-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libxml2 - 2.9.13+dfsg-1ubuntu0.10 libxml2-dev - 2.9.13+dfsg-1ubuntu0.10 libxml2-doc - 2.9.13+dfsg-1ubuntu0.10 libxml2-utils - 2.9.13+dfsg-1ubuntu0.10 python3-libxml2 - 2.9.13+dfsg-1ubuntu0.10 No subscription required
CVEs:

• https://ubuntu.com/security/CVE-2025-7425