Ubuntu Security Advisories

USN-8477-2: tar regression

12 hours 56 minutes ago
USN-8477-1 fixed a vulnerability in tar. The update introduced a regression that could cause tar to fail to extract certain valid files. This update fixes the problem. Original advisory details: It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms.

USN-8557-1: Authlib vulnerabilities

15 hours 17 minutes ago
Jay Neiva and Mauro Carrillo discovered that Authlib did not properly validate cryptographic keys embedded in JWT headers. An attacker could possibly use this issue to forge trusted tokens, resulting in authentication and authorization bypass. (CVE-2026-27962) Jay Neiva and Mauro Carrillo discovered that Authlib incorrectly handled RSA1_5 encrypted tokens. An attacker could possibly use this issue to recover sensitive encrypted information, resulting in information disclosure. (CVE-2026-28490) Jay Neiva and Mauro Carrillo discovered that Authlib did not properly reject unsupported cryptographic algorithms when validating OpenID Connect ID tokens. An attacker could possibly use this issue to bypass token integrity checks, resulting in authentication bypass. (CVE-2026-28498) Johnny Deuss discovered that Authlib did not provide cross-site request forgery protection for the OAuth cache feature in its Starlette integration. An attacker could possibly use this issue to perform unauthorized OAuth actions, resulting in cross-site request forgery. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-41425)

USN-8556-1: Ruby vulnerabilities

19 hours 7 minutes ago
It was discovered that the Net::IMAP client in Ruby did not properly sanitize Symbol arguments passed to IMAP commands. A remote attacker controlling a malicious IMAP server, or able to influence command arguments, could use this to inject arbitrary IMAP commands via CRLF sequences. (CVE-2026-42258) It was discovered that the Zlib::GzipReader in Ruby did not correctly ensure sufficient buffer capacity in the zstream_buffer_ungets function. An attacker could use this to craft a gzip stream that, when processed, could cause a buffer overflow, resulting in memory corruption and possibly arbitrary code execution. (CVE-2026-27820)

USN-8555-1: Ubuntu Advantage Tools (pro client) vulnerabilities

20 hours 2 minutes ago
Bilal Teke discovered that Ubuntu Advantage Tools exposed the Pro bearer token in command-line arguments when validating APT credentials. A local attacker could possibly use this issue to obtain sensitive information and gain unauthorized access to Ubuntu Pro repositories. (CVE-2026-9494) Frederick Jerusha discovered that Ubuntu Advantage Tools did not properly validate data received from the contract server when writing APT source files. An attacker could possibly use this issue to inject arbitrary APT configuration and execute arbitrary code. (CVE-2026-11386) Mateusz Gierblinski discovered that Ubuntu Advantage Tools did not properly handle symbolic links when collecting diagnostic logs. A local attacker could possibly use this issue to obtain sensitive information from files owned by the administrator. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-12391)

USN-8554-1: NTFS-3G vulnerabilities

21 hours 17 minutes ago
It was discovered that NTFS-3G had a heap buffer overflow when reading certain NTFS images. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2026-42616) It was discovered that NTFS-3G had multiple heap buffer overflows when processing certain NTFS images. A local attacker could possibly use these issues to execute arbitrary code. (CVE-2026-42617, CVE-2026-42618, CVE-2026-46569, CVE-2026-46570, CVE-2026-46572, CVE-2026-56135) It was discovered that NTFS-3G had out-of-bounds reads when processing certain NTFS images. A local attacker could possibly use these issues to obtain sensitive information. (CVE-2026-46571, CVE-2026-56136)

USN-8553-1: .NET vulnerabilities

1 day 15 hours ago
Artur Stetsko discovered that the .NET did not properly validate authentication data. An attacker could possibly use this issue to elevate privileges. (CVE-2026-47300) Levi Broderick discovered that .NET did not properly handle XML encryption during parsing. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-47302) Pham Quang Minh discovered that .NET did not properly parse authentication data. An attacker could possibly use this issue to bypass authentication and elevate privileges. (CVE-2026-47303) Levi Broderick discovered that .NET did not properly verify cryptographic signatures during XML encryption. An attacker could possibly use this issue to bypass security features over a network and access encrypted data. (CVE-2026-47304) It was discovered that .NET did not properly validate input during TLS handshakes. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-50524) Levi Broderick discovered that .NET did not properly handle resource allocation during XML encryption. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50525) Siwei Li discovered that .NET did not properly handle link resolution before file access during the container image build process. A local attacker could possibly use this issue to inject resources that could be incorporated into container images built by other users on the same machine. (CVE-2026-50526) Levi Broderick discovered that .NET did not properly handle memory while performing XML encryption. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-50527) Henrique Pereira discovered that .NET did not properly handle authorization checks during TLS/SSL connections. An attacker could possibly use this issue to bypass authorization checks during secure communications. (CVE-2026-50528) It was discovered that .NET did not properly handle resource allocation during XML encryption. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50648) Miha Zupan discovered that .NET did not properly limit resource allocation when handling HTTP/2 requests. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-50651) It was discovered that the .NET SMTP client did not properly handle the encoding or escaping of output. An attacker could possibly use this issue to spoof messages during message routing. (CVE-2026-50659) It was discovered that .NET did not properly validate resource types when parsing X.509 certificates. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-57108)

USN-8551-1: Tomcat vulnerabilities

1 day 18 hours ago
It was discovered that Tomcat incorrectly handled authorization when multiple method constraints defined the same HTTP method. A remote attacker could possibly use this issue to bypass authorization restrictions. (CVE-2026-43515) It was discovered that the Tomcat number guess example application did not properly sanitize user-supplied input. An attacker could possibly use this issue to inject malicious scripts, resulting in cross-site scripting. (CVE-2026-50229) It was discovered that Tomcat incorrectly evaluated rewrite valve conditions in certain configurations. An attacker could possibly use this issue to bypass rewrite rules, resulting in unauthorized access. (CVE-2026-53404) It was discovered that Tomcat incorrectly omitted certain authorization information when logging the effective web.xml configuration. An attacker could possibly use this issue to hide authorization constraints, resulting in reduced auditability. (CVE-2026-55276)

USN-8549-1: idna vulnerability

1 day 19 hours ago
It was discovered that idna did not properly reject oversized inputs before performing expensive processing. An attacker could possibly use this issue to cause idna to consume significant resources, leading to a denial of service.

USN-8548-1: Linux kernel vulnerabilities

1 day 20 hours ago
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SCSI subsystem; - Thermal drivers; - USB over IP driver; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - SMB network file system; - Tracing infrastructure; - B.A.T.M.A.N. meshing protocol; - Ceph Core library; - DCCP (Datagram Congestion Control Protocol); - IPv4 networking; - IPv6 networking; - Netfilter; - RxRPC session sockets; - X.25 network layer; (CVE-2021-47117, CVE-2021-47202, CVE-2023-52646, CVE-2024-56643, CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637, CVE-2026-31659, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414, CVE-2026-45988, CVE-2026-46119, CVE-2026-46243)

USN-8547-1: Linux kernel vulnerabilities

1 day 22 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; - STMicroelectronics network drivers; - NVME drivers; - x86 platform drivers; - SCSI subsystem; - SPI subsystem; - TCM subsystem; - USB over IP driver; - File systems infrastructure; - HFS+ file system; - Network file system (NFS) server daemon; - SMB network file system; - IPv6 networking; - Tracing infrastructure; - Timer subsystem; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Ceph Core library; - IPv4 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - RxRPC session sockets; - SMC sockets; - Sun RPC protocol; - X.25 network layer; - AMD SoC Alsa drivers; - KVM subsystem; (CVE-2022-48816, CVE-2023-53673, CVE-2025-37778, CVE-2025-37822, CVE-2025-37924, CVE-2025-38201, CVE-2025-40082, CVE-2025-68214, CVE-2025-68263, CVE-2025-71089, CVE-2025-71220, CVE-2025-71222, CVE-2025-71224, CVE-2026-23176, CVE-2026-23180, CVE-2026-23182, CVE-2026-23190, CVE-2026-23193, CVE-2026-23198, CVE-2026-23202, CVE-2026-23206, CVE-2026-23216, CVE-2026-23256, CVE-2026-23257, CVE-2026-23258, CVE-2026-23262, CVE-2026-23272, CVE-2026-23278, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31418, CVE-2026-31478, CVE-2026-31607, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43114, CVE-2026-43117, CVE-2026-43185, CVE-2026-43186, CVE-2026-43304, CVE-2026-43341, CVE-2026-43383, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45988, CVE-2026-46043, CVE-2026-46119, CVE-2026-46135, CVE-2026-46195, CVE-2026-46243)

USN-8546-1: Linux kernel (Raspberry Pi) vulnerabilities

2 days ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; - STMicroelectronics network drivers; - Network drivers; - NVME drivers; - SCSI subsystem; - USB over IP driver; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - SMB network file system; - Kernel thread helper (kthread); - IPv6 networking; - Tracing infrastructure; - Kernel exit() syscall; - Scatterlist API; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Ceph Core library; - IPv4 networking; - Multipath TCP; - Netfilter; - RxRPC session sockets; - SMC sockets; - X.25 network layer; (CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392, CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448, CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125, CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304, CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383, CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898, CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115, CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195, CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289, CVE-2026-46316, CVE-2026-46325)

USN-8545-1: Linux kernel (HWE) vulnerabilities

2 days 1 hour ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; - STMicroelectronics network drivers; - Network drivers; - NVME drivers; - SCSI subsystem; - USB over IP driver; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - SMB network file system; - Kernel thread helper (kthread); - IPv6 networking; - Tracing infrastructure; - Kernel exit() syscall; - Scatterlist API; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Ceph Core library; - IPv4 networking; - Multipath TCP; - Netfilter; - RxRPC session sockets; - SMC sockets; - X.25 network layer; (CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392, CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448, CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125, CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304, CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383, CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898, CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115, CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195, CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289, CVE-2026-46316, CVE-2026-46325)

USN-8543-1: Wget vulnerabilities

2 days 13 hours ago
It was discovered that Wget mishandled semicolons in the userinfo subcomponent of a URL. A remote attacker could possibly use this issue to trick a user into connecting to a different host than intended. This issue only affected Ubuntu 14.04 LTS. (CVE-2024-38428) It was discovered that Wget incorrectly handled Metalink documents containing a whitespace-only URL. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-58469) It was discovered that Wget incorrectly handled Content-Range header values, leading to an integer overflow. A remote attacker could possibly use this issue to cause download desynchronization. (CVE-2026-58470) It was discovered that Wget incorrectly handled character set conversion of server-supplied filenames. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-58471) It was discovered that Wget incorrectly handled HTML attributes requiring entity encoding. A remote attacker could possibly use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2026-58472)

USN-8542-1: Dnsmasq vulnerabilities

2 days 15 hours ago
Yiwei Hou discovered that Dnsmasq incorrectly handled logging of DS or DNSKEY. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2026-12725) It was discovered that Dnsmasq incorrectly validated the length of fixed-length DNS record fields when parsing NS section records. A remote attacker could possibly use this issue to cause Dnsmasq to read out of bounds, possibly exposing sensitive information. (CVE-2026-12969)

USN-8526-2: libheif vulnerabilities

2 days 16 hours ago
USN-8526-1 fixed vulnerabilities in libheif. This update provides the corresponding updates for CVE-2026-47709 and CVE-2026-47714 in Ubuntu 24.04 LTS. Original advisory details: Junyi Liu discovered that libheif had a null pointer dereference in its image tiling interface. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-47709) Calvin Young and Enoch Chow discovered that libheif had an integer overflow in its inline mask size calculation. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-47714)

USN-8541-1: Vim vulnerabilities

2 days 16 hours ago
Hirohito Higashi discovered that Vim incorrectly escaped class or trait names when performing PHP omni-completion. An attacker could possibly use this issue to trick a user into opening a specially crafted PHP file and executing arbitrary commands. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-59856) Hirohito Higashi discovered that Vim incorrectly handled sound-folding of certain words when using a spell file. An attacker could possibly use this issue to cause Vim to crash, resulting in a denial of service. (CVE-2026-59857) It was discovered that Vim incorrectly escaped certain tags file fields when performing C omni-completion. An attacker could possibly use this issue to trick a user into opening a specially crafted file and executing arbitrary commands. (CVE-2026-59858)

USN-8540-1: OpenVPN vulnerabilities

2 days 17 hours ago
It was discovered that OpenVPN had a 1-byte buffer overrun when handling NTLMv2 proxy responses. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-11771) It was discovered that OpenVPN incorrectly handled metadata when extracting tls-crypt-v2 client keys. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-12932) It was discovered that OpenVPN had a use-after-free in the ack_write_buf handling. An attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-12996) It was discovered that OpenVPN had a use-after-free in the tls_wrap_reneg handling. An attacker could use this issue to cause OpenVPN to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-13117) It was discovered that OpenVPN incorrectly validated authentication tokens when external authentication was enabled. A remote attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-13122) It was discovered that OpenVPN had a memory leak when handling tls-crypt-v2 client keys. A remote attacker with a valid tls-crypt-v2 client key could possibly use this issue to cause OpenVPN to consume excessive resources, leading to a denial of service. (CVE-2026-13698)
Checked
56 minutes 15 seconds ago