Key Points
- A high vulnerability (CVE-2025-48384) was discovered in git, allowing arbitrary code execution when cloning repositories, and was added to the US Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog.
- Ubuntu systems that had passed the End of Standard Support were left with a choice: subscribe to Ubuntu Pro for the security patch or continue running git with a known vulnerability.
- Canonical’s backporting strategy helps users stay protected by providing security patches for packages that have lost standard support.
As a tech journalist, I’ve been following the latest news on Ubuntu security and the implications of the End of Standard Support on system security. Recently, a high vulnerability (CVE-2025-48384) was discovered in git, a popular version control system, which allows arbitrary code execution when cloning repositories. This vulnerability was added to the US Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog, confirming that it is being actively exploited in the wild.
For Ubuntu users, this vulnerability posed a significant risk, especially for those whose systems had already passed the End of Standard Support. When a package reaches the end of its standard support lifecycle, it no longer receives security updates or patches, leaving it vulnerable to known exploits. In this case, users were faced with a difficult decision: subscribe to Ubuntu Pro for the security patch or continue running git with a known vulnerability on their developer workstations and CI/CD infrastructure.
This scenario highlights the importance of maintaining system security when packages lose standard support. Canonical, the company behind Ubuntu, provides extended support for LTS releases, but even this has its limits. When a package reaches the end of its support lifecycle, it is no longer maintained, and security vulnerabilities like the one discovered in git can leave systems exposed.
So, what options do users have to stay protected? One solution is to subscribe to Ubuntu Pro, which provides access to security patches and updates for packages that have lost standard support. This ensures that systems remain secure and protected from known vulnerabilities. Another option is to upgrade to a newer version of the package or the entire system, which can be a more complex and time-consuming process.
Canonical’s backporting strategy plays a crucial role in helping users stay protected. By backporting security patches to older versions of packages, Canonical ensures that users can continue to receive security updates even after the package has reached the end of its standard support lifecycle. This approach helps to mitigate the risk of known vulnerabilities and provides users with a secure and stable system.
In light of this, it’s essential for Ubuntu users to be aware of the support lifecycle of their systems and packages. By understanding the implications of the End of Standard Support and the options available to stay protected, users can make informed decisions about how to maintain the security of their systems. As the open-source software landscape continues to evolve, it’s crucial to prioritize security and stability to ensure the integrity of our systems and data. By working together, we can create a more secure and resilient ecosystem for everyone.
Upgrade your life with the Linux Courses on Udemy, Edureka Linux courses & edX Linux courses. All the courses come with certificates.
