Aggregator

USN-8032-1: AIOHTTP vulnerabilities

Ubuntu Security Advisories
6 days 17 hours ago
Charles Chan discovered that AIOHTTP incorrectly handled the decompression of compressed requests. A remote attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 25.10. (CVE-2025-69223) Thomas Rinsma discovered that AIOHTTP incorrectly handled non-ASCII characters in HTTP headers. A remote attacker could possibly use this issue to perform a request smuggling attack to bypass certain proxy protections. This issue was only addressed in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-69224) Thomas Rinsma discovered that AIOHTTP incorrectly handled non-ASCII characters in the Range header. A remote attacker could possibly use this issue to perform a request smuggling attack. (CVE-2025-69225) Thomas Rinsma discovered that AIOHTTP incorrectly handled path normalization when serving static files. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2025-69226) Thomas Rinsma discovered that AIOHTTP incorrectly handled certain POST request bodies. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2025-69227) Thomas Rinsma discovered that AIOHTTP incorrectly handled large POST request payloads. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2025-69228) It was discovered that AIOHTTP incorrectly handled chunked messages. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2025-69229)

USN-7990-4: Linux kernel (Oracle) vulnerabilities

Ubuntu Security Advisories
1 week ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Padata parallel execution mechanism; - Netfilter; (CVE-2022-49698, CVE-2025-21726, CVE-2025-40019)

USN-8040-1: MUNGE vulnerability

Ubuntu Security Advisories
1 week ago
Titouan Lazard discovered that MUNGE contained an exploitable buffer overflow in munged (the MUNGE authentication daemon). A local attacker could possibly use this issue to forge MUNGE credentials, leading to arbitrary code execution.

USN-8039-1: libpng vulnerability

Ubuntu Security Advisories
1 week ago
It was discovered that the libpng simplified API incorrectly handled quantizing RGB images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service.

USN-7988-5: Linux kernel (Azure) vulnerabilities

Ubuntu Security Advisories
1 week ago
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Media drivers; - NVME drivers; - File systems infrastructure; - Timer subsystem; - Memory management; - Packet sockets; (CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195, CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)

USN-8037-1: DNSdist vulnerabilities

Ubuntu Security Advisories
1 week ago
It was discovered that HTTP/2, which is used/vendored by DNSdist, did not properly account for resources when handling client-triggered stream resets. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-8671) It was discovered that DNSdist did not properly manage memory limits when handling an unlimited number of queries on a single TCP connection. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-30193) It was discovered that DNSdist, when configured with the nghttp2 library, did not correctly process certain DNS over HTTPS queries. An attacker could possibly use this cause a denial of service. (CVE-2025-30187)

USN-8035-1: libpng vulnerabilities

Ubuntu Security Advisories
1 week ago
It was discovered that the libpng simplified API incorrectly processed palette PNG images with partial transparency and gamma correction. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2025-66293) Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit output format and non-minimal row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-22695) Cosmin Truta discovered that the libpng simplified API incorrectly handled invalid row strides. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-22801) It was discovered that the libpng simplified API incorrectly handled quantizing RGB images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. (CVE-2026-25646)