12 hours 56 minutes ago
USN-8477-1 fixed a vulnerability in tar. The update introduced a regression
that could cause tar to fail to extract certain valid files.
This update fixes the problem.
Original advisory details:
It was discovered that tar incorrectly handled certain crafted archive files.
An attacker could possibly use this to inject hidden files with
attacker-controlled content, bypassing pre-extraction inspection mechanisms.
15 hours 17 minutes ago
Jay Neiva and Mauro Carrillo discovered that Authlib did not properly
validate cryptographic keys embedded in JWT headers. An attacker could
possibly use this issue to forge trusted tokens, resulting in
authentication and authorization bypass. (CVE-2026-27962)
Jay Neiva and Mauro Carrillo discovered that Authlib incorrectly handled
RSA1_5 encrypted tokens. An attacker could possibly use this issue to
recover sensitive encrypted information, resulting in information
disclosure. (CVE-2026-28490)
Jay Neiva and Mauro Carrillo discovered that Authlib did not properly
reject unsupported cryptographic algorithms when validating OpenID
Connect ID tokens. An attacker could possibly use this issue to bypass
token integrity checks, resulting in authentication bypass.
(CVE-2026-28498)
Johnny Deuss discovered that Authlib did not provide cross-site request
forgery protection for the OAuth cache feature in its Starlette
integration. An attacker could possibly use this issue to perform
unauthorized OAuth actions, resulting in cross-site request forgery.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS.
(CVE-2026-41425)
19 hours 7 minutes ago
It was discovered that the Net::IMAP client in Ruby did not properly
sanitize Symbol arguments passed to IMAP commands. A remote attacker
controlling a malicious IMAP server, or able to influence command
arguments, could use this to inject arbitrary IMAP commands via CRLF
sequences. (CVE-2026-42258)
It was discovered that the Zlib::GzipReader in Ruby did not correctly
ensure sufficient buffer capacity in the zstream_buffer_ungets function.
An attacker could use this to craft a gzip stream that, when processed,
could cause a buffer overflow, resulting in memory corruption and possibly
arbitrary code execution. (CVE-2026-27820)
20 hours 2 minutes ago
Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer
token in command-line arguments when validating APT credentials. A local
attacker could possibly use this issue to obtain sensitive information
and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494)
Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly
validate data received from the contract server when writing APT source
files. An attacker could possibly use this issue to inject arbitrary APT
configuration and execute arbitrary code. (CVE-2026-11386)
Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not
properly handle symbolic links when collecting diagnostic logs. A local
attacker could possibly use this issue to obtain sensitive information
from files owned by the administrator. This issue only affected Ubuntu
16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-12391)
21 hours 17 minutes ago
It was discovered that NTFS-3G had a heap buffer overflow when reading
certain NTFS images. A local attacker could possibly use this issue to
execute arbitrary code. (CVE-2026-42616)
It was discovered that NTFS-3G had multiple heap buffer overflows when
processing certain NTFS images. A local attacker could possibly use these
issues to execute arbitrary code. (CVE-2026-42617, CVE-2026-42618,
CVE-2026-46569, CVE-2026-46570, CVE-2026-46572, CVE-2026-56135)
It was discovered that NTFS-3G had out-of-bounds reads when processing
certain NTFS images. A local attacker could possibly use these issues to
obtain sensitive information. (CVE-2026-46571, CVE-2026-56136)
1 day 15 hours ago
Artur Stetsko discovered that the .NET did not properly validate
authentication data. An attacker could possibly use this issue to elevate
privileges. (CVE-2026-47300)
Levi Broderick discovered that .NET did not properly handle XML encryption
during parsing. An attacker could possibly use this issue to consume
excessive resources, resulting in a denial of service. (CVE-2026-47302)
Pham Quang Minh discovered that .NET did not properly parse
authentication data. An attacker could possibly use this issue to bypass
authentication and elevate privileges. (CVE-2026-47303)
Levi Broderick discovered that .NET did not properly verify cryptographic
signatures during XML encryption. An attacker could possibly use this issue
to bypass security features over a network and access encrypted data.
(CVE-2026-47304)
It was discovered that .NET did not properly validate input during TLS
handshakes. An attacker could possibly use this issue to cause .NET to
crash, resulting in a denial of service. (CVE-2026-50524)
Levi Broderick discovered that .NET did not properly handle resource
allocation during XML encryption. An attacker could possibly use this issue
to consume excessive resources, resulting in a denial of service.
(CVE-2026-50525)
Siwei Li discovered that .NET did not properly handle link resolution
before file access during the container image build process. A local
attacker could possibly use this issue to inject resources that could be
incorporated into container images built by other users on the same
machine. (CVE-2026-50526)
Levi Broderick discovered that .NET did not properly handle memory while
performing XML encryption. An attacker could possibly use this issue to
cause .NET to crash, resulting in a denial of service. (CVE-2026-50527)
Henrique Pereira discovered that .NET did not properly handle
authorization checks during TLS/SSL connections. An attacker could
possibly use this issue to bypass authorization checks during secure
communications. (CVE-2026-50528)
It was discovered that .NET did not properly handle resource allocation
during XML encryption. An attacker could possibly use this issue to
consume excessive resources, resulting in a denial of service.
(CVE-2026-50648)
Miha Zupan discovered that .NET did not properly limit resource
allocation when handling HTTP/2 requests. An attacker could possibly use
this issue to consume excessive resources, resulting in a denial of
service. (CVE-2026-50651)
It was discovered that the .NET SMTP client did not properly handle the
encoding or escaping of output. An attacker could possibly use this issue
to spoof messages during message routing. (CVE-2026-50659)
It was discovered that .NET did not properly validate resource types when
parsing X.509 certificates. An attacker could possibly use this issue to
cause .NET to crash, resulting in a denial of service. (CVE-2026-57108)
1 day 18 hours ago
It was discovered that Sympa did not properly validate input on the
generic SSO login. A remote attacker could possibly use this issue to
perform a path traversal attack and gain unintended access.
1 day 18 hours ago
It was discovered that Tomcat incorrectly handled authorization when
multiple method constraints defined the same HTTP method. A remote
attacker could possibly use this issue to bypass authorization
restrictions. (CVE-2026-43515)
It was discovered that the Tomcat number guess example application did
not properly sanitize user-supplied input. An attacker could possibly
use this issue to inject malicious scripts, resulting in cross-site
scripting. (CVE-2026-50229)
It was discovered that Tomcat incorrectly evaluated rewrite valve
conditions in certain configurations. An attacker could possibly use
this issue to bypass rewrite rules, resulting in unauthorized access.
(CVE-2026-53404)
It was discovered that Tomcat incorrectly omitted certain authorization
information when logging the effective web.xml configuration. An
attacker could possibly use this issue to hide authorization
constraints, resulting in reduced auditability. (CVE-2026-55276)
1 day 19 hours ago
It was discovered that libslirp incorrectly handled TCP urgent data. A
privileged attacker inside a guest VM could possibly use this issue to
obtain sensitive information from the host process memory.
1 day 19 hours ago
It was discovered that idna did not properly reject oversized inputs before
performing expensive processing. An attacker could possibly use this issue
to cause idna to consume significant resources, leading to a denial of
service.
1 day 20 hours ago
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SCSI subsystem;
- Thermal drivers;
- USB over IP driver;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Tracing infrastructure;
- B.A.T.M.A.N. meshing protocol;
- Ceph Core library;
- DCCP (Datagram Congestion Control Protocol);
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- RxRPC session sockets;
- X.25 network layer;
(CVE-2021-47117, CVE-2021-47202, CVE-2023-52646, CVE-2024-56643,
CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637,
CVE-2026-31659, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037,
CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414,
CVE-2026-45988, CVE-2026-46119, CVE-2026-46243)
1 day 22 hours ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- RISC-V architecture;
- Cryptographic API;
- InfiniBand drivers;
- IOMMU subsystem;
- Network drivers;
- STMicroelectronics network drivers;
- NVME drivers;
- x86 platform drivers;
- SCSI subsystem;
- SPI subsystem;
- TCM subsystem;
- USB over IP driver;
- File systems infrastructure;
- HFS+ file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- IPv6 networking;
- Tracing infrastructure;
- Timer subsystem;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Ceph Core library;
- IPv4 networking;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- RxRPC session sockets;
- SMC sockets;
- Sun RPC protocol;
- X.25 network layer;
- AMD SoC Alsa drivers;
- KVM subsystem;
(CVE-2022-48816, CVE-2023-53673, CVE-2025-37778, CVE-2025-37822,
CVE-2025-37924, CVE-2025-38201, CVE-2025-40082, CVE-2025-68214,
CVE-2025-68263, CVE-2025-71089, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2026-23176, CVE-2026-23180, CVE-2026-23182,
CVE-2026-23190, CVE-2026-23193, CVE-2026-23198, CVE-2026-23202,
CVE-2026-23206, CVE-2026-23216, CVE-2026-23256, CVE-2026-23257,
CVE-2026-23258, CVE-2026-23262, CVE-2026-23272, CVE-2026-23278,
CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402,
CVE-2026-31418, CVE-2026-31478, CVE-2026-31607, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011,
CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43114,
CVE-2026-43117, CVE-2026-43185, CVE-2026-43186, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43383, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45988,
CVE-2026-46043, CVE-2026-46119, CVE-2026-46135, CVE-2026-46195,
CVE-2026-46243)
2 days ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- Cryptographic API;
- DMA engine subsystem;
- InfiniBand drivers;
- STMicroelectronics network drivers;
- Network drivers;
- NVME drivers;
- SCSI subsystem;
- USB over IP driver;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Kernel thread helper (kthread);
- IPv6 networking;
- Tracing infrastructure;
- Kernel exit() syscall;
- Scatterlist API;
- B.A.T.M.A.N. meshing protocol;
- Ethernet bridge;
- Ceph Core library;
- IPv4 networking;
- Multipath TCP;
- Netfilter;
- RxRPC session sockets;
- SMC sockets;
- X.25 network layer;
(CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392,
CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448,
CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718,
CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071,
CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125,
CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383,
CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898,
CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195,
CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289,
CVE-2026-46316, CVE-2026-46325)
2 days 1 hour ago
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- Cryptographic API;
- DMA engine subsystem;
- InfiniBand drivers;
- STMicroelectronics network drivers;
- Network drivers;
- NVME drivers;
- SCSI subsystem;
- USB over IP driver;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Kernel thread helper (kthread);
- IPv6 networking;
- Tracing infrastructure;
- Kernel exit() syscall;
- Scatterlist API;
- B.A.T.M.A.N. meshing protocol;
- Ethernet bridge;
- Ceph Core library;
- IPv4 networking;
- Multipath TCP;
- Netfilter;
- RxRPC session sockets;
- SMC sockets;
- X.25 network layer;
(CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392,
CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448,
CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718,
CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071,
CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125,
CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383,
CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898,
CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195,
CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289,
CVE-2026-46316, CVE-2026-46325)
2 days 11 hours ago
It was discovered that LuaJIT incorrectly handled certain inputs. An attacker
could possibly use these issues to cause a crash, resulting in a denial of
service, or execute arbitrary code.
2 days 13 hours ago
It was discovered that Wget mishandled semicolons in the userinfo
subcomponent of a URL. A remote attacker could possibly use this issue
to trick a user into connecting to a different host than intended. This
issue only affected Ubuntu 14.04 LTS. (CVE-2024-38428)
It was discovered that Wget incorrectly handled Metalink documents
containing a whitespace-only URL. A remote attacker could possibly use
this issue to cause a denial of service. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
26.04 LTS. (CVE-2026-58469)
It was discovered that Wget incorrectly handled Content-Range header
values, leading to an integer overflow. A remote attacker could
possibly use this issue to cause download desynchronization.
(CVE-2026-58470)
It was discovered that Wget incorrectly handled character set
conversion of server-supplied filenames. A remote attacker could possibly
use this issue to cause a denial of service or possibly execute arbitrary
code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-58471)
It was discovered that Wget incorrectly handled HTML attributes
requiring entity encoding. A remote attacker could possibly use this issue
to cause a denial of service or possibly execute arbitrary code.
(CVE-2026-58472)
2 days 15 hours ago
Yiwei Hou discovered that Dnsmasq incorrectly handled logging of DS or
DNSKEY. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2026-12725)
It was discovered that Dnsmasq incorrectly validated the length of
fixed-length DNS record fields when parsing NS section records. A remote
attacker could possibly use this issue to cause Dnsmasq to read out of
bounds, possibly exposing sensitive information. (CVE-2026-12969)
2 days 16 hours ago
USN-8526-1 fixed vulnerabilities in libheif. This update provides the
corresponding updates for CVE-2026-47709 and CVE-2026-47714 in
Ubuntu 24.04 LTS.
Original advisory details:
Junyi Liu discovered that libheif had a null pointer dereference in its
image tiling interface. An attacker could possibly use this issue to
cause a denial of service. (CVE-2026-47709)
Calvin Young and Enoch Chow discovered that libheif had an integer
overflow in its inline mask size calculation. An attacker could
possibly use this issue to cause a denial of service or obtain sensitive
information. (CVE-2026-47714)
2 days 16 hours ago
Hirohito Higashi discovered that Vim incorrectly escaped class or trait
names when performing PHP omni-completion. An attacker could possibly
use this issue to trick a user into opening a specially crafted PHP
file and executing arbitrary commands. This issue only affected Ubuntu
22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-59856)
Hirohito Higashi discovered that Vim incorrectly handled sound-folding
of certain words when using a spell file. An attacker could possibly
use this issue to cause Vim to crash, resulting in a denial of service.
(CVE-2026-59857)
It was discovered that Vim incorrectly escaped certain tags file fields
when performing C omni-completion. An attacker could possibly use this
issue to trick a user into opening a specially crafted file and
executing arbitrary commands. (CVE-2026-59858)
2 days 17 hours ago
It was discovered that OpenVPN had a 1-byte buffer overrun when handling
NTLMv2 proxy responses. An attacker could use this issue to cause a denial
of service or possibly execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-11771)
It was discovered that OpenVPN incorrectly handled metadata when extracting
tls-crypt-v2 client keys. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2026-12932)
It was discovered that OpenVPN had a use-after-free in the ack_write_buf
handling. An attacker could use this issue to cause OpenVPN to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-12996)
It was discovered that OpenVPN had a use-after-free in the tls_wrap_reneg
handling. An attacker could use this issue to cause OpenVPN to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-13117)
It was discovered that OpenVPN incorrectly validated authentication tokens
when external authentication was enabled. A remote attacker could possibly
use this issue to cause OpenVPN to crash, resulting in a denial of service.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS.
(CVE-2026-13122)
It was discovered that OpenVPN had a memory leak when handling tls-crypt-v2
client keys. A remote attacker with a valid tls-crypt-v2 client key could
possibly use this issue to cause OpenVPN to consume excessive resources,
leading to a denial of service. (CVE-2026-13698)
Checked
56 minutes 15 seconds ago