Aggregator | Linuxlookup

USN-8201-1: Linux kernel (Azure) vulnerabilities

1 week 2 days ago

Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853, CVE-2026-23268, CVE-2026-23269, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23408, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Cryptographic API; - GPIO subsystem; - GPU drivers; - I2C subsystem; - BTRFS file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Network traffic control; - SMC sockets; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49046, CVE-2022-49072, CVE-2024-46816, CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-37849, CVE-2025-40215, CVE-2026-23060, CVE-2026-23074)

USN-8200-2: Linux kernel (FIPS) vulnerabilities

Ubuntu Security Advisories

1 week 2 days ago

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; (CVE-2022-49046, CVE-2024-46816, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074)

USN-8200-1: Linux kernel vulnerabilities

Ubuntu Security Advisories

1 week 2 days ago

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; (CVE-2022-49046, CVE-2024-46816, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074)

USN-8199-1: OpenStack Glance vulnerabilities

Ubuntu Security Advisories

1 week 2 days ago

Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker could possibly use this issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-32498) Hyeongeun Ji and Abhishek Kekane discovered several server-side request forgery vulnerabilities in OpenStack Glance's image import. An attacker could possibly use this issue to bypass URL validation checks and redirect to internal services. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-34881)

USN-8198-1: Tornado vulnerabilities

Ubuntu Security Advisories

1 week 3 days ago

It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-31958) It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use this issue to inject arbitrary cookie attributes. (CVE-2026-35536)