UBUNTU-CVE-2025-0509

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2025-0509
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-0509.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-0509
Upstream
Published
2025-02-04T20:15:00Z
Modified
2025-12-03T11:27:39.557323Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A security issue was found in Sparkle before version 2.6.4. An attacker can replace an existing signed update with another payload, bypassing Sparkle’s (Ed)DSA signing checks.

References

Affected packages

Ubuntu:16.04:LTS / openjdk-9

Package

Name
openjdk-9
Purl
pkg:deb/ubuntu/openjdk-9@9~b114-0ubuntu1?arch=source&distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

9~b88-1
9~b101-2ubuntu2
9~b102-1
9~b113-0ubuntu1
9~b114-0ubuntu1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-demo"
        },
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-jdk"
        },
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-jdk-headless"
        },
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-jre"
        },
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-jre-headless"
        },
        {
            "binary_version": "9~b114-0ubuntu1",
            "binary_name": "openjdk-9-source"
        }
    ]
}

Ubuntu:20.04:LTS / openjdk-13

Package

Name
openjdk-13
Purl
pkg:deb/ubuntu/openjdk-13@13.0.7+5-0ubuntu1~20.04?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

13+33-1

13.*

13.0.1+9-2
13.0.2+8-1
13.0.2+8-2
13.0.3+3-1ubuntu2
13.0.4+8-1~20.04
13.0.7+5-0ubuntu1~20.04

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-demo"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-jdk"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-jdk-headless"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-jre"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-jre-headless"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-jre-zero"
        },
        {
            "binary_version": "13.0.7+5-0ubuntu1~20.04",
            "binary_name": "openjdk-13-source"
        }
    ]
}

Ubuntu:20.04:LTS / openjdk-16

Package

Name
openjdk-16
Purl
pkg:deb/ubuntu/openjdk-16@16.0.1+9-1~20.04?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

16.*

16.0.1+9-1~20.04

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-demo"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-jdk"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-jdk-headless"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-jre"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-jre-headless"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-jre-zero"
        },
        {
            "binary_version": "16.0.1+9-1~20.04",
            "binary_name": "openjdk-16-source"
        }
    ]
}

Ubuntu:22.04:LTS / openjdk-18

Package

Name
openjdk-18
Purl
pkg:deb/ubuntu/openjdk-18@18.0.2+9-2~22.04?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

Other

18~15ea-4
18~20ea-1
18~32ea-1
18~36ea-1

18.*

18.0.2+9-2~22.04

Ecosystem specific 

{
    "binaries": [
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-demo"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-jdk"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-jdk-headless"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-jre"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-jre-headless"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-jre-zero"
        },
        {
            "binary_version": "18.0.2+9-2~22.04",
            "binary_name": "openjdk-18-source"
        }
    ]
}