Ubuntu Security Advisories

USN-8535-1: PipeWire vulnerabilities

13 hours 57 minutes ago
It was discovered that PipeWire accepted unbounded Content-Length values in its RAOP module. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS. (CVE-2026-14324) It was discovered that PipeWire performed multiple unbounded stack allocations in its PulseAudio protocol server. A local attacker could possibly use this issue to cause a denial of service. (CVE-2026-14330)

USN-8534-1: LibreOffice vulnerabilities

14 hours 47 minutes ago
It was discovered that LibreOffice incorrectly handled importing DXF drawings. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-6039) It was discovered that LibreOffice incorrectly handled certain ODF number formats. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-6040) It was discovered that LibreOffice incorrectly handled importing EMF+ graphics. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-6045) It was discovered that LibreOffice incorrectly handled importing PPT presentations. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-8356) It was discovered that LibreOffice Calc incorrectly handled compiling certain formulas. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possily execute arbitrary code. (CVE-2026-8357) It was discovered that LibreOffice Calc incorrectly handled importing spreadsheet tracked changes. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-8358)

USN-8533-1: OpenSSH vulnerabilities

16 hours 44 minutes ago
It was discovered that OpenSSH sftp did not properly constrain the location of downloaded files when connecting to an attacker-controlled server. An attacker could possibly use this issue to write files to unintended locations on the file system. (CVE-2026-59995) It was discovered that OpenSSH scp could place files in the parent directory of the intended destination when copying between two remote hosts. An attacker could possibly use this issue to write files to unintended locations. (CVE-2026-59996) It was discovered that OpenSSH internal-sftp only recognized the first nine command-line arguments, This could result in certain security-sensitive arguments being ignored, contrary to expectations. (CVE-2026-59997) It was discovered that OpenSSH had undocumented behaviour regarding the GSSAPIStrictAcceptorCheck option in environments using Windows Active Directory. The documentation has been updated to clarify use of the option. (CVE-2026-59998) It was discovered that OpenSSH did not properly enforce precedence of DisableForwarding=yes over PermitTunnel=yes in server configurations. This could possibly result in intended network forwarding restrictions being bypassed, contrary to expectations. (CVE-2026-59999) It was discovered that OpenSSH mishandled the MaxAuthTries limit for GSSAPI authentication. A remote attacker could use this issue to perform excessive authentication attempts. (CVE-2026-60000) It was discovered that OpenSSH did not always honour the minimum authentication delay. An attacker could possibly use this issue to perform brute-force attacks more efficiently. (CVE-2026-60001) It was discovered that the OpenSSH client had a use-after-free vulnerability when a server changed its host key during a key re-exchange. An attacker able to intercept communications could possibly use this issue to execute arbitrary code or obtain sensitive information. (CVE-2026-60002)

USN-8532-1: libssh2 vulnerabilities

17 hours 5 minutes ago
It was discovered that libssh2 incorrectly handled certain publickey subsystem attributes. A remote attacker controlling a malicious SSH server could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2026-58050) It was discovered that libssh2 did not properly initialize publickey list entries before parsing. A remote attacker controlling a malicious SSH server could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2026-58051)

USN-8496-3: cifs-utils vulnerability

17 hours 18 minutes ago
USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a regression and was backed out in USN-8496-2. This update reintroduces the security fix, along with a fix for the regression. Original advisory details: It was discovered that cifs-utils incorrectly dropped root privileges before looking up user information. A local attacker could possibly use this issue to execute arbitrary code as the root user.

USN-8531-1: libexif vulnerabilities

17 hours 36 minutes ago
It was discovered that libexif had an integer overflow in its MakerNote decoder when called with a zero-length buffer. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-32775) It was discovered that libexif had an integer overflow in its Nikon MakerNote handler on 32-bit systems. A local attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-40385) It was discovered that libexif had an integer underflow in its size checking for Fuji and Olympus MakerNote decoding. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-40386)

USN-8530-1: Linux kernel (AWS) vulnerabilities

3 days 19 hours ago
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - SCSI subsystem; - Thermal drivers; - USB over IP driver; - Network file system (NFS) server daemon; - SMB network file system; - Tracing infrastructure; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Ceph Core library; - DCCP (Datagram Congestion Control Protocol); - IPv4 networking; - IPv6 networking; - Netfilter; - RxRPC session sockets; - X.25 network layer; (CVE-2021-47202, CVE-2024-56643, CVE-2026-23272, CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637, CVE-2026-31659, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414, CVE-2026-45988, CVE-2026-46043, CVE-2026-46119, CVE-2026-46243)

USN-8529-1: Linux kernel vulnerabilities

3 days 19 hours ago
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - InfiniBand drivers; - SCSI subsystem; - Thermal drivers; - USB over IP driver; - Network file system (NFS) server daemon; - SMB network file system; - Tracing infrastructure; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Ceph Core library; - DCCP (Datagram Congestion Control Protocol); - IPv4 networking; - IPv6 networking; - Netfilter; - RxRPC session sockets; - X.25 network layer; (CVE-2021-47202, CVE-2024-56643, CVE-2026-23272, CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637, CVE-2026-31659, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414, CVE-2026-45988, CVE-2026-46043, CVE-2026-46119, CVE-2026-46243)

USN-8528-1: Linux kernel (Xilinx ZynqMP) vulnerabilities

3 days 19 hours ago
It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431) It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Ethernet bonding driver; - Network drivers; - STMicroelectronics network drivers; - NVME drivers; - x86 platform drivers; - SCSI subsystem; - SPI subsystem; - TCM subsystem; - USB over IP driver; - File systems infrastructure; - HFS+ file system; - Network file system (NFS) server daemon; - SMB network file system; - IPv6 networking; - Netfilter; - Tracing infrastructure; - io_uring subsystem; - Timer subsystem; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Ceph Core library; - IPv4 networking; - MAC80211 subsystem; - Multipath TCP; - Packet sockets; - RDS protocol; - RxRPC session sockets; - SMC sockets; - Sun RPC protocol; - TLS protocol; - X.25 network layer; - AMD SoC Alsa drivers; - KVM subsystem; (CVE-2022-48816, CVE-2023-53673, CVE-2024-35862, CVE-2024-50060, CVE-2025-37778, CVE-2025-37822, CVE-2025-37924, CVE-2025-38201, CVE-2025-40082, CVE-2025-68214, CVE-2025-68263, CVE-2025-71089, CVE-2025-71220, CVE-2025-71222, CVE-2025-71224, CVE-2026-23176, CVE-2026-23180, CVE-2026-23182, CVE-2026-23190, CVE-2026-23193, CVE-2026-23198, CVE-2026-23202, CVE-2026-23206, CVE-2026-23216, CVE-2026-23256, CVE-2026-23257, CVE-2026-23258, CVE-2026-23262, CVE-2026-23272, CVE-2026-23274, CVE-2026-23278, CVE-2026-23351, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31418, CVE-2026-31419, CVE-2026-31478, CVE-2026-31504, CVE-2026-31533, CVE-2026-31607, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011, CVE-2026-43033, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43077, CVE-2026-43078, CVE-2026-43114, CVE-2026-43117, CVE-2026-43186, CVE-2026-43304, CVE-2026-43341, CVE-2026-43383, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43494, CVE-2026-43501, CVE-2026-45988, CVE-2026-46028, CVE-2026-46043, CVE-2026-46119, CVE-2026-46135, CVE-2026-46195, CVE-2026-46243)

USN-8527-1: Linux kernel (Raspberry Pi) vulnerabilities

3 days 20 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; - STMicroelectronics network drivers; - NVME drivers; - x86 platform drivers; - SCSI subsystem; - SPI subsystem; - TCM subsystem; - USB over IP driver; - File systems infrastructure; - HFS+ file system; - Network file system (NFS) server daemon; - SMB network file system; - IPv6 networking; - Tracing infrastructure; - Timer subsystem; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Ceph Core library; - IPv4 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - RxRPC session sockets; - SMC sockets; - Sun RPC protocol; - X.25 network layer; - AMD SoC Alsa drivers; - KVM subsystem; (CVE-2022-48816, CVE-2023-53673, CVE-2025-37778, CVE-2025-37822, CVE-2025-37924, CVE-2025-38201, CVE-2025-40082, CVE-2025-68214, CVE-2025-68263, CVE-2025-71089, CVE-2025-71220, CVE-2025-71222, CVE-2025-71224, CVE-2026-23176, CVE-2026-23180, CVE-2026-23182, CVE-2026-23190, CVE-2026-23193, CVE-2026-23198, CVE-2026-23202, CVE-2026-23206, CVE-2026-23216, CVE-2026-23256, CVE-2026-23257, CVE-2026-23258, CVE-2026-23262, CVE-2026-23272, CVE-2026-23278, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31418, CVE-2026-31478, CVE-2026-31607, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43114, CVE-2026-43117, CVE-2026-43186, CVE-2026-43304, CVE-2026-43341, CVE-2026-43383, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45988, CVE-2026-46043, CVE-2026-46119, CVE-2026-46135, CVE-2026-46195, CVE-2026-46243)

USN-8492-5: Linux kernel (FIPS) vulnerabilities

3 days 20 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - ATM drivers; - RNBD block device driver; - Ublk userspace block driver; - Bus devices; - Character device driver; - TPM device driver; - Clock framework and drivers; - Clocksource drivers; - CPU idle management framework; - Hardware crypto device drivers; - DMA engine subsystem; - EFI core; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - Multifunction device drivers; - Broadcom VK accelerator driver; - MOST (Media Oriented Systems Transport) drivers; - MTD block device drivers; - Ethernet bonding driver; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - NTB driver; - NVME drivers; - PCI subsystem; - Performance monitor drivers; - Pin controllers subsystem; - x86 platform drivers; - Power supply drivers; - RapidIO drivers; - RAS (Reliability, Availability, Serviceability) subsystem; - Remote Processor subsystem; - RPMSG subsystem; - S/390 drivers; - SCSI subsystem; - MediaTek SoC drivers; - Texas Instruments SoC drivers; - SPI subsystem; - Greybus lights staging drivers; - Realtek RTL8723BS SDIO drivers; - UFS subsystem; - ChipIdea USB driver; - DesignWare USB3 driver; - USB over IP driver; - vDPA drivers; - Virtio Host (VHOST) subsystem; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - Ceph distributed file system; - Ext4 file system; - F2FS file system; - FAT file system; - GFS2 file system; - HFS+ file system; - JFS file system; - Network file system (NFS) server daemon; - NILFS2 file system; - NTFS3 file system; - OCFS2 file system; - Proc file system; - Pstore file system; - Diskquota system; - SMB network file system; - XFS file system; - Audit subsystem; - Memory Management; - IPv6 networking; - Netfilter; - Tracing infrastructure; - Kernel kexec() syscall; - RCU subsystem; - Scheduler infrastructure; - Scatterlist API; - 9P file system network protocol; - Asynchronous Transfer Mode (ATM) subsystem; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Ceph Core library; - Networking core; - IPv4 networking; - KCM (Kernel Connection Multiplexor) sockets driver; - Multipath TCP; - NFC subsystem; - RDS protocol; - RxRPC session sockets; - Network traffic control; - SMC sockets; - Sun RPC protocol; - X.25 network layer; - XFRM subsystem; - AppArmor security module; - Simplified Mandatory Access Control Kernel framework; - SOF drivers; - USB sound devices; (CVE-2025-40005, CVE-2025-71229, CVE-2025-71231, CVE-2025-71232, CVE-2025-71233, CVE-2025-71235, CVE-2025-71236, CVE-2025-71237, CVE-2025-71238, CVE-2025-71239, CVE-2025-71265, CVE-2025-71266, CVE-2025-71267, CVE-2025-71272, CVE-2025-71273, CVE-2025-71274, CVE-2025-71286, CVE-2025-71291, CVE-2025-71292, CVE-2025-71294, CVE-2025-71295, CVE-2025-71297, CVE-2025-71304, CVE-2025-71305, CVE-2026-23100, CVE-2026-23169, CVE-2026-23220, CVE-2026-23221, CVE-2026-23222, CVE-2026-23228, CVE-2026-23229, CVE-2026-23230, CVE-2026-23233, CVE-2026-23234, CVE-2026-23235, CVE-2026-23236, CVE-2026-23237, CVE-2026-23238, CVE-2026-23241, CVE-2026-23242, CVE-2026-23243, CVE-2026-23249, CVE-2026-23266, CVE-2026-23267, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31411, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448, CVE-2026-31478, CVE-2026-31607, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31687, CVE-2026-31693, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43114, CVE-2026-43117, CVE-2026-43123, CVE-2026-43124, CVE-2026-43128, CVE-2026-43130, CVE-2026-43132, CVE-2026-43133, CVE-2026-43134, CVE-2026-43135, CVE-2026-43136, CVE-2026-43137, CVE-2026-43139, CVE-2026-43140, CVE-2026-43141, CVE-2026-43143, CVE-2026-43145, CVE-2026-43147, CVE-2026-43148, CVE-2026-43149, CVE-2026-43150, CVE-2026-43152, CVE-2026-43153, CVE-2026-43156, CVE-2026-43157, CVE-2026-43158, CVE-2026-43159, CVE-2026-43163, CVE-2026-43167, CVE-2026-43168, CVE-2026-43169, CVE-2026-43170, CVE-2026-43171, CVE-2026-43173, CVE-2026-43175, CVE-2026-43180, CVE-2026-43182, CVE-2026-43183, CVE-2026-43184, CVE-2026-43186, CVE-2026-43187, CVE-2026-43189, CVE-2026-43190, CVE-2026-43194, CVE-2026-43196, CVE-2026-43199, CVE-2026-43200, CVE-2026-43201, CVE-2026-43202, CVE-2026-43203, CVE-2026-43205, CVE-2026-43206, CVE-2026-43207, CVE-2026-43209, CVE-2026-43211, CVE-2026-43212, CVE-2026-43214, CVE-2026-43215, CVE-2026-43218, CVE-2026-43221, CVE-2026-43222, CVE-2026-43223, CVE-2026-43225, CVE-2026-43226, CVE-2026-43227, CVE-2026-43230, CVE-2026-43231, CVE-2026-43232, CVE-2026-43233, CVE-2026-43236, CVE-2026-43238, CVE-2026-43239, CVE-2026-43241, CVE-2026-43242, CVE-2026-43244, CVE-2026-43246, CVE-2026-43248, CVE-2026-43249, CVE-2026-43250, CVE-2026-43251, CVE-2026-43253, CVE-2026-43255, CVE-2026-43256, CVE-2026-43257, CVE-2026-43258, CVE-2026-43261, CVE-2026-43262, CVE-2026-43264, CVE-2026-43266, CVE-2026-43268, CVE-2026-43269, CVE-2026-43270, CVE-2026-43271, CVE-2026-43273, CVE-2026-43275, CVE-2026-43277, CVE-2026-43278, CVE-2026-43279, CVE-2026-43283, CVE-2026-43287, CVE-2026-43288, CVE-2026-43289, CVE-2026-43291, CVE-2026-43295, CVE-2026-43296, CVE-2026-43297, CVE-2026-43300, CVE-2026-43302, CVE-2026-43304, CVE-2026-43312, CVE-2026-43313, CVE-2026-43314, CVE-2026-43315, CVE-2026-43316, CVE-2026-43317, CVE-2026-43318, CVE-2026-43319, CVE-2026-43320, CVE-2026-43341, CVE-2026-43378, CVE-2026-43383, CVE-2026-43384, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45847, CVE-2026-45848, CVE-2026-45849, CVE-2026-45851, CVE-2026-45852, CVE-2026-45856, CVE-2026-45857, CVE-2026-45859, CVE-2026-45860, CVE-2026-45861, CVE-2026-45862, CVE-2026-45864, CVE-2026-45865, CVE-2026-45866, CVE-2026-45867, CVE-2026-45868, CVE-2026-45869, CVE-2026-45870, CVE-2026-45871, CVE-2026-45872, CVE-2026-45873, CVE-2026-45875, CVE-2026-45877, CVE-2026-45878, CVE-2026-45879, CVE-2026-45880, CVE-2026-45881, CVE-2026-45882, CVE-2026-45883, CVE-2026-45884, CVE-2026-45885, CVE-2026-45886, CVE-2026-45890, CVE-2026-45891, CVE-2026-45893, CVE-2026-45895, CVE-2026-45902, CVE-2026-45904, CVE-2026-45905, CVE-2026-45910, CVE-2026-45912, CVE-2026-45913, CVE-2026-45914, CVE-2026-45915, CVE-2026-45916, CVE-2026-45917, CVE-2026-45919, CVE-2026-45921, CVE-2026-45923, CVE-2026-45928, CVE-2026-45935, CVE-2026-45936, CVE-2026-45938, CVE-2026-45941, CVE-2026-45946, CVE-2026-45947, CVE-2026-45948, CVE-2026-45954, CVE-2026-45957, CVE-2026-45960, CVE-2026-45962, CVE-2026-45964, CVE-2026-45965, CVE-2026-45968, CVE-2026-45969, CVE-2026-45970, CVE-2026-45972, CVE-2026-45973, CVE-2026-45974, CVE-2026-45976, CVE-2026-45978, CVE-2026-45981, CVE-2026-45982, CVE-2026-45983, CVE-2026-45984, CVE-2026-45988, CVE-2026-46043, CVE-2026-46115, CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195, CVE-2026-46243, CVE-2026-46244, CVE-2026-46246, CVE-2026-46247, CVE-2026-46249, CVE-2026-46250, CVE-2026-46251, CVE-2026-46253, CVE-2026-46254, CVE-2026-46255, CVE-2026-46259, CVE-2026-46260, CVE-2026-46261, CVE-2026-46265, CVE-2026-46266, CVE-2026-46267, CVE-2026-46270, CVE-2026-46289, CVE-2026-46328)

USN-8526-1: libheif vulnerabilities

4 days 10 hours ago
Xianrui Dong discovered that libheif had an out-of-bounds read in its HEIF sequence track parser. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-47254) Junyi Liu discovered that libheif had a null pointer dereference in its image tiling interface. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-47709) Calvin Young and Enoch Chow discovered that libheif had an integer overflow in its inline mask size calculation. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-47714) Ariel Koren discovered that libheif had an integer underflow in its grid image tile coordinate transform. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-48029) It was discovered that libheif had a missing bound check in its HEIF sequence parser, allowing unbounded heap allocation. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-50142)

USN-8525-1: curl vulnerabilities

4 days 10 hours ago
Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP redirects in conjunction with .netrc files. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2024-11053) Hiroki Kurosawa discovered that curl incorrectly handled OCSP stapling responses. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-8096) Joshua Rogers discovered that curl had a use-after-free vulnerability when resetting and cleaning up HTTP/2 stream handles. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2026-10536) Quac Tran and Ngoc Hieu discovered that curl incorrectly reused connections when switching authentication methods to the same host. An attacker could possibly use this issue to obtain sensitive information or perform unauthorized actions. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-5545) Osama Hamad discovered that curl incorrectly reused SMB connections when the target share differed between transfers. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2026-5773) Muhamad Arga Reksapati discovered that curl incorrectly forwarded Digest proxy authentication credentials to a different proxy host. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-7168) It was discovered that curl incorrectly skipped SSH host verification options when using schemeless URLs with --proto-default. An attacker could possibly use this issue to perform machine-in-the-middle attacks. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-12064) It was discovered that curl did not enforce an upper bound on memory allocated for unacknowledged WebSocket PING frames. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-11586) It was discovered that curl could stall indefinitely when a malicious HTTP/3 server sent a continuous stream of empty UDP datagrams. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-11352) It was discovered that curl could incorrectly continue trusting a native platform CA store after an application switched the handle to use custom CA material. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 25.10. (CVE-2026-11564)

USN-8524-1: Python vulnerability

4 days 14 hours ago
It was discovered that Python did not use sufficient entropy for Expat hash-flooding protection in the xml.parsers.expat and xml.etree.ElementTree modules. An attacker could use this to cause a denial of service via a crafted XML document.

USN-8523-1: libsoup vulnerabilities

4 days 15 hours ago
Eric Su and Samuel Dainard discovered that libsoup incorrectly handled content with zero-length resources. An attacker could possibly use this issue to trigger a buffer over-read, resulting in information disclosure or a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-2369) Kona Arctic discovered that libsoup did not properly protect sensitive cookies when establishing HTTPS tunnels through an HTTP proxy. An attacker could possibly use this issue to intercept session cookies, resulting in session hijacking or user impersonation. (CVE-2026-5119)

USN-8522-1: LibRaw vulnerabilities

4 days 17 hours ago
It was discovered that LibRaw incorrectly handled certain Nikon RAW image files. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service. (CVE-2026-5342) It was discovered that LibRaw had an integer overflow in its DNG image loader. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-20884) It was discovered that LibRaw incorrectly handled certain X3F thumbnail data. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-20889) It was discovered that LibRaw had a heap-based buffer overflow in its lossless JPEG image loader. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-21413) It was discovered that LibRaw had an integer overflow in its uncompressed floating-point DNG image loader. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.04. (CVE-2026-24450) It was discovered that LibRaw had a heap-based buffer overflow in its X3F Huffman decoder. An attacker could possibly use this issue to cause LibRaw to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-24660)

USN-8520-1: Expat vulnerability

4 days 18 hours ago
It was discovered that Expat used insufficient entropy when generating hash salt values for its internal hash table. An attacker could use this to craft an XML document that triggers hash flooding, leading to a denial of service.

USN-8519-1: Go Cryptography vulnerabilities

4 days 21 hours ago
Jakub Ciolek and Nicola Murino discovered that Go Cryptography incorrectly handled SSH agent responses. An attacker could use this to cause a denial of service. (CVE-2025-47913) Yuichi Watanabe discovered that Go Cryptography incorrectly handled SSH key exchanges. An attacker could use this to cause a denial of service. This issue did not affect Ubuntu 16.04 LTS. (CVE-2025-22869)

USN-8492-4: Linux kernel (Raspberry Pi) vulnerabilities

4 days 21 hours ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - ATM drivers; - RNBD block device driver; - Ublk userspace block driver; - Bus devices; - Character device driver; - TPM device driver; - Clock framework and drivers; - Clocksource drivers; - CPU idle management framework; - Hardware crypto device drivers; - DMA engine subsystem; - EFI core; - GPIO subsystem; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - IIO subsystem; - InfiniBand drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - Multifunction device drivers; - Broadcom VK accelerator driver; - MOST (Media Oriented Systems Transport) drivers; - MTD block device drivers; - Ethernet bonding driver; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - NTB driver; - NVME drivers; - PCI subsystem; - Performance monitor drivers; - Pin controllers subsystem; - x86 platform drivers; - Power supply drivers; - RapidIO drivers; - RAS (Reliability, Availability, Serviceability) subsystem; - Remote Processor subsystem; - RPMSG subsystem; - S/390 drivers; - SCSI subsystem; - MediaTek SoC drivers; - Texas Instruments SoC drivers; - SPI subsystem; - Greybus lights staging drivers; - Realtek RTL8723BS SDIO drivers; - UFS subsystem; - ChipIdea USB driver; - DesignWare USB3 driver; - USB over IP driver; - vDPA drivers; - Virtio Host (VHOST) subsystem; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - Ceph distributed file system; - Ext4 file system; - F2FS file system; - FAT file system; - GFS2 file system; - HFS+ file system; - JFS file system; - Network file system (NFS) server daemon; - NILFS2 file system; - NTFS3 file system; - OCFS2 file system; - Proc file system; - Pstore file system; - Diskquota system; - SMB network file system; - XFS file system; - Audit subsystem; - Memory Management; - IPv6 networking; - Netfilter; - Tracing infrastructure; - Kernel kexec() syscall; - RCU subsystem; - Scheduler infrastructure; - Scatterlist API; - 9P file system network protocol; - Asynchronous Transfer Mode (ATM) subsystem; - B.A.T.M.A.N. meshing protocol; - Bluetooth subsystem; - Ethernet bridge; - Ceph Core library; - Networking core; - IPv4 networking; - KCM (Kernel Connection Multiplexor) sockets driver; - Multipath TCP; - NFC subsystem; - RDS protocol; - RxRPC session sockets; - Network traffic control; - SMC sockets; - Sun RPC protocol; - X.25 network layer; - XFRM subsystem; - AppArmor security module; - Simplified Mandatory Access Control Kernel framework; - SOF drivers; - USB sound devices; (CVE-2025-40005, CVE-2025-71229, CVE-2025-71231, CVE-2025-71232, CVE-2025-71233, CVE-2025-71235, CVE-2025-71236, CVE-2025-71237, CVE-2025-71238, CVE-2025-71239, CVE-2025-71265, CVE-2025-71266, CVE-2025-71267, CVE-2025-71272, CVE-2025-71273, CVE-2025-71274, CVE-2025-71286, CVE-2025-71291, CVE-2025-71292, CVE-2025-71294, CVE-2025-71295, CVE-2025-71297, CVE-2025-71304, CVE-2025-71305, CVE-2026-23100, CVE-2026-23169, CVE-2026-23220, CVE-2026-23221, CVE-2026-23222, CVE-2026-23228, CVE-2026-23229, CVE-2026-23230, CVE-2026-23233, CVE-2026-23234, CVE-2026-23235, CVE-2026-23236, CVE-2026-23237, CVE-2026-23238, CVE-2026-23241, CVE-2026-23242, CVE-2026-23243, CVE-2026-23249, CVE-2026-23266, CVE-2026-23267, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31411, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448, CVE-2026-31478, CVE-2026-31607, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31687, CVE-2026-31693, CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43114, CVE-2026-43117, CVE-2026-43123, CVE-2026-43124, CVE-2026-43128, CVE-2026-43130, CVE-2026-43132, CVE-2026-43133, CVE-2026-43134, CVE-2026-43135, CVE-2026-43136, CVE-2026-43137, CVE-2026-43139, CVE-2026-43140, CVE-2026-43141, CVE-2026-43143, CVE-2026-43145, CVE-2026-43147, CVE-2026-43148, CVE-2026-43149, CVE-2026-43150, CVE-2026-43152, CVE-2026-43153, CVE-2026-43156, CVE-2026-43157, CVE-2026-43158, CVE-2026-43159, CVE-2026-43163, CVE-2026-43167, CVE-2026-43168, CVE-2026-43169, CVE-2026-43170, CVE-2026-43171, CVE-2026-43173, CVE-2026-43175, CVE-2026-43180, CVE-2026-43182, CVE-2026-43183, CVE-2026-43184, CVE-2026-43186, CVE-2026-43187, CVE-2026-43189, CVE-2026-43190, CVE-2026-43194, CVE-2026-43196, CVE-2026-43199, CVE-2026-43200, CVE-2026-43201, CVE-2026-43202, CVE-2026-43203, CVE-2026-43205, CVE-2026-43206, CVE-2026-43207, CVE-2026-43209, CVE-2026-43211, CVE-2026-43212, CVE-2026-43214, CVE-2026-43215, CVE-2026-43218, CVE-2026-43221, CVE-2026-43222, CVE-2026-43223, CVE-2026-43225, CVE-2026-43226, CVE-2026-43227, CVE-2026-43230, CVE-2026-43231, CVE-2026-43232, CVE-2026-43233, CVE-2026-43236, CVE-2026-43238, CVE-2026-43239, CVE-2026-43241, CVE-2026-43242, CVE-2026-43244, CVE-2026-43246, CVE-2026-43248, CVE-2026-43249, CVE-2026-43250, CVE-2026-43251, CVE-2026-43253, CVE-2026-43255, CVE-2026-43256, CVE-2026-43257, CVE-2026-43258, CVE-2026-43261, CVE-2026-43262, CVE-2026-43264, CVE-2026-43266, CVE-2026-43268, CVE-2026-43269, CVE-2026-43270, CVE-2026-43271, CVE-2026-43273, CVE-2026-43275, CVE-2026-43277, CVE-2026-43278, CVE-2026-43279, CVE-2026-43283, CVE-2026-43287, CVE-2026-43288, CVE-2026-43289, CVE-2026-43291, CVE-2026-43295, CVE-2026-43296, CVE-2026-43297, CVE-2026-43300, CVE-2026-43302, CVE-2026-43304, CVE-2026-43312, CVE-2026-43313, CVE-2026-43314, CVE-2026-43315, CVE-2026-43316, CVE-2026-43317, CVE-2026-43318, CVE-2026-43319, CVE-2026-43320, CVE-2026-43341, CVE-2026-43378, CVE-2026-43383, CVE-2026-43384, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45847, CVE-2026-45848, CVE-2026-45849, CVE-2026-45851, CVE-2026-45852, CVE-2026-45856, CVE-2026-45857, CVE-2026-45859, CVE-2026-45860, CVE-2026-45861, CVE-2026-45862, CVE-2026-45864, CVE-2026-45865, CVE-2026-45866, CVE-2026-45867, CVE-2026-45868, CVE-2026-45869, CVE-2026-45870, CVE-2026-45871, CVE-2026-45872, CVE-2026-45873, CVE-2026-45875, CVE-2026-45877, CVE-2026-45878, CVE-2026-45879, CVE-2026-45880, CVE-2026-45881, CVE-2026-45882, CVE-2026-45883, CVE-2026-45884, CVE-2026-45885, CVE-2026-45886, CVE-2026-45890, CVE-2026-45891, CVE-2026-45893, CVE-2026-45895, CVE-2026-45902, CVE-2026-45904, CVE-2026-45905, CVE-2026-45910, CVE-2026-45912, CVE-2026-45913, CVE-2026-45914, CVE-2026-45915, CVE-2026-45916, CVE-2026-45917, CVE-2026-45919, CVE-2026-45921, CVE-2026-45923, CVE-2026-45928, CVE-2026-45935, CVE-2026-45936, CVE-2026-45938, CVE-2026-45941, CVE-2026-45946, CVE-2026-45947, CVE-2026-45948, CVE-2026-45954, CVE-2026-45957, CVE-2026-45960, CVE-2026-45962, CVE-2026-45964, CVE-2026-45965, CVE-2026-45968, CVE-2026-45969, CVE-2026-45970, CVE-2026-45972, CVE-2026-45973, CVE-2026-45974, CVE-2026-45976, CVE-2026-45978, CVE-2026-45981, CVE-2026-45982, CVE-2026-45983, CVE-2026-45984, CVE-2026-45988, CVE-2026-46043, CVE-2026-46115, CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195, CVE-2026-46243, CVE-2026-46244, CVE-2026-46246, CVE-2026-46247, CVE-2026-46249, CVE-2026-46250, CVE-2026-46251, CVE-2026-46253, CVE-2026-46254, CVE-2026-46255, CVE-2026-46259, CVE-2026-46260, CVE-2026-46261, CVE-2026-46265, CVE-2026-46266, CVE-2026-46267, CVE-2026-46270, CVE-2026-46289, CVE-2026-46328)
Checked
15 minutes 23 seconds ago