Canonical has released several Ubuntu Security Notices addressing critical vulnerabilities in key open-source packages such as MuPDF, Redis, Samba, and Apache Subversion. These updates fix issues that could lead to denial-of-service attacks, data leaks, and remote code execution across multiple long-term support releases. The patches reinforce Ubuntu's commitment to system stability and security.
On October 16, 2025, Canonical published a series of Ubuntu Security Notices (USNs) to mitigate risks in widely used software components. The updates target vulnerabilities in MuPDF, a lightweight PDF and e-book rendering framework, affecting Ubuntu 16.04, 18.04, and 20.04 LTS versions. Specific flaws include memory leaks, segmentation faults, infinite loops, and use-after-free conditions, addressed through eight Common Vulnerabilities and Exposures (CVEs) from CVE-2018-1000036 to CVE-2021-37220. These could enable attackers to cause denial-of-service or leak sensitive data (USN-7825-1).
For Redis and its fork Redict, updates under USN-7824-2 and USN-7824-3 resolve memory management issues in Lua script handling, discovered by researchers Benny Isaacs, Nir Brakha, and Sagi Tzadik. Authenticated users could exploit these to crash the database or execute arbitrary code remotely, with fixes applied to Ubuntu 22.04 LTS and earlier versions.
Samba, an open-source SMB/CIFS file and print server, receives patches for two critical vulnerabilities in USN-7826-1. CVE-2025-9640 involves uninitialized memory in the vfs_streams_xattr module, potentially exposing sensitive information. CVE-2025-10230, identified by Igor Morgenstern, allows arbitrary code execution due to improper handling of WINS hook program names.
Additionally, USN-7818-2 fixes a flaw in Apache Subversion that could crash systems or corrupt repositories when processing filenames with control characters, impacting Ubuntu 18.04, 20.04, 22.04, and 24.04 LTS.
Canonical urges all users to apply these updates immediately to maintain system integrity and minimize exploit risks. The advisories cover multiple LTS releases, underscoring Ubuntu's focus on long-term security.