Canonical USN OVAL Generator 1 5.11.1 2026-05-22T09:12:03 Copyright (C) 2026 Canonical LTD. All rights reserved. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License version 3 for more details. You should have received a copy of the GNU General Public License version 3 along with this program. If not, see http://www.gnu.org/licenses/. Ubuntu 26.04 LTS USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access. Update Instructions: Run `sudo pro fix USN-8190-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: ruby-rack-session - 2.1.1-0.1ubuntu0.26.04.1 No subscription required Medium CVE-2026-39324 Ubuntu 26.04 LTS USN-8192-1 fixed vulnerabilities in NTFS-3G. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Jeffrey Bencteux discovered that NTFS-3G incorrectly handled certain UTF-8 sequences. An attacker could use this issue to cause NTFS-3G to crash, resulting in a denial of service, or to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2023-52890) Andrea Bocchetti discovered that NTFS-3G incorrectly handled certain security descriptors. An attacker could use this issue to cause NTFS-3G to crash, resulting in a denial of service, or to execute arbitrary code. (CVE-2026-40706) Update Instructions: Run `sudo pro fix USN-8192-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libntfs-3g89t64 - 1:2022.10.3-5ubuntu1 ntfs-3g - 1:2022.10.3-5ubuntu1 ntfs-3g-dev - 1:2022.10.3-5ubuntu1 No subscription required Medium CVE-2026-40706 Ubuntu 26.04 LTS USN-8195-1 fixed a vulnerability in PackageKit. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that PackageKit incorrectly handled certain transactions. A local attacker could use this issue to install arbitrary packages as root, possibly resulting in privilege escalation. Update Instructions: Run `sudo pro fix USN-8195-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-packagekitglib-1.0 - 1.3.4-3ubuntu1 gstreamer1.0-packagekit - 1.3.4-3ubuntu1 libpackagekit-glib2-18 - 1.3.4-3ubuntu1 libpackagekit-glib2-dev - 1.3.4-3ubuntu1 packagekit - 1.3.4-3ubuntu1 packagekit-command-not-found - 1.3.4-3ubuntu1 packagekit-docs - 1.3.4-3ubuntu1 packagekit-gtk3-module - 1.3.4-3ubuntu1 No subscription required None https://launchpad.net/bugs/2149908 Ubuntu 26.04 LTS USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported_versions extension in TLS. A remote attacker could possibly use this issue to cause strongSwan to stop responding, resulting in a denial of service. (CVE-2026-35328) Haruto Kimura discovered that strongSwan incorrectly handled certain encrypted PKCS#7 containers. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35329) Lukas Johannes Moeller discovered that strongSwan incorrectly handled certain EAP-SIM/AKA attributes. A remote attacker could use this issue to cause strongSwan to stop responding, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-35330) Haruto Kimura discovered that strongSwan incorrectly handled processing of X.509 name constraints. A remote attacker could possibly use this issue to bypass excluded name constraints. (CVE-2026-35331) Haruto Kimura discovered that strongSwan incorrectly processed ECDH public values. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35332) Lukas Johannes Moeller discovered that strongSwan incorrectly handled certain RADIUS attributes. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35333) Ryo Shimada discovered that strongSwan incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35334) Update Instructions: Run `sudo pro fix USN-8196-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: charon-cmd - 6.0.4-1ubuntu3 charon-systemd - 6.0.4-1ubuntu3 libcharon-extauth-plugins - 6.0.4-1ubuntu3 libcharon-extra-plugins - 6.0.4-1ubuntu3 libstrongswan - 6.0.4-1ubuntu3 libstrongswan-extra-plugins - 6.0.4-1ubuntu3 libstrongswan-standard-plugins - 6.0.4-1ubuntu3 strongswan - 6.0.4-1ubuntu3 strongswan-charon - 6.0.4-1ubuntu3 strongswan-libcharon - 6.0.4-1ubuntu3 strongswan-nm - 6.0.4-1ubuntu3 strongswan-pki - 6.0.4-1ubuntu3 strongswan-starter - 6.0.4-1ubuntu3 strongswan-swanctl - 6.0.4-1ubuntu3 No subscription required Medium CVE-2026-35334 CVE-2026-35328 CVE-2026-35333 CVE-2026-35332 CVE-2026-35330 CVE-2026-35329 CVE-2026-35331 Ubuntu 26.04 LTS USN-8198-1 fixed vulnerabilities in Tornado. This update provides the corresponding updates for Ubuntu 26.04 LTS. Original advisory details: It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-31958) It was discovered that Tornado did not properly validate characters in cookie values. An attacker could possibly use this issue to inject arbitrary cookie attributes. (CVE-2026-35536) Update Instructions: Run `sudo pro fix USN-8198-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-tornado-doc - 6.5.4-0.1ubuntu0.1 python3-tornado - 6.5.4-0.1ubuntu0.1 No subscription required Medium CVE-2026-31958 CVE-2026-35536 Ubuntu 26.04 LTS USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-32316) It was discovered that jq did not correctly handle recursion in certain circumstances. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-33947) It was discovered that jq did not correctly handle improperly terminated strings. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-33948) It was discovered that jq did not correctly handle checking certain variable types. An attacker could possibly use this issue to cause a denial of service or leak sensitive information. (CVE-2026-39956) It was discovered that jq did not correctly handle certain string formatting. An attacker could possibly use this issue to leak sensitive information or cause a denial of service. (CVE-2026-39979) It was discovered that jq used a fixed seed for hash table operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-40164) Update Instructions: Run `sudo pro fix USN-8202-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: jq - 1.8.1-4ubuntu2 libjq-dev - 1.8.1-4ubuntu2 libjq1 - 1.8.1-4ubuntu2 No subscription required Medium CVE-2026-39979 CVE-2026-40164 CVE-2026-39956 CVE-2026-32316 CVE-2026-33947 CVE-2026-33948 Ubuntu 26.04 LTS It was discovered that ClamAV incorrectly handled certain HTML files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-8207-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: clamav - 1.4.4+dfsg-0ubuntu0.26.04.1 clamav-base - 1.4.4+dfsg-0ubuntu0.26.04.1 clamav-daemon - 1.4.4+dfsg-0ubuntu0.26.04.1 clamav-doc - 1.4.4+dfsg-0ubuntu0.26.04.1 clamav-docs - 1.4.4+dfsg-0ubuntu0.26.04.1 clamav-freshclam - 1.4.4+dfsg-0ubuntu0.26.04.1 clamav-milter - 1.4.4+dfsg-0ubuntu0.26.04.1 clamav-testfiles - 1.4.4+dfsg-0ubuntu0.26.04.1 clamdscan - 1.4.4+dfsg-0ubuntu0.26.04.1 libclamav-dev - 1.4.4+dfsg-0ubuntu0.26.04.1 libclamav12 - 1.4.4+dfsg-0ubuntu0.26.04.1 No subscription required Medium CVE-2026-20031 Ubuntu 26.04 LTS Martino Spagnuolo discovered that HAProxy did not check received body lengths in the HTTP/3 parser. A remote attacker could possibly use this issue to perform a request smuggling attack and obtain sensitive information. Update Instructions: Run `sudo pro fix USN-8208-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: haproxy - 3.2.9-1ubuntu2.1 haproxy-doc - 3.2.9-1ubuntu2.1 vim-haproxy - 3.2.9-1ubuntu2.1 No subscription required Medium CVE-2026-33555 Ubuntu 26.04 LTS It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could use this issue to cause Little CMS to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-8209-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblcms2-2 - 2.17-1ubuntu0.1 liblcms2-dev - 2.17-1ubuntu0.1 liblcms2-utils - 2.17-1ubuntu0.1 No subscription required Medium CVE-2026-41254 Ubuntu 26.04 LTS It was discovered that Pillow incorrectly handled certain FITS images. An attacker could possibly use this issue to cause Pillow to consume resources, leading to a denial of service. Update Instructions: Run `sudo pro fix USN-8211-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pil-doc - 12.1.1-2ubuntu1.1 python3-pil - 12.1.1-2ubuntu1.1 python3-pil.imagetk - 12.1.1-2ubuntu1.1 No subscription required Medium CVE-2026-40192 Ubuntu 26.04 LTS It was discovered that authd incorrectly assigned the primary group ID to users under certain conditions. A local attacker could possibly use this issue to achieve privilege escalation, or gain unauthorized access to files belonging to other users. Update Instructions: Run `sudo pro fix USN-8212-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: authd - 0.6.1ubuntu0.1 No subscription required Medium CVE-2026-6970 Ubuntu 26.04 LTS It was discovered that NLTK incorrectly handled file extraction when opening a maliciously crafted zip file. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code. Update Instructions: Run `sudo pro fix USN-8214-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-nltk - 3.9.2-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2025-14009 Ubuntu 26.04 LTS Ludvig Pedersen discovered that the System.Security.Cryptography.Xml library in .NET incorrectly handled certain XML inputs. An attacker could possibly use this issue to consume excessive resources, resulting in a denial of service. (CVE-2026-33116, CVE-2026-26171) Ludvig Pedersen and Kevin Jones discovered that the System.Security.Cryptography.Xml library in .NET incorrectly handled certain XML inputs. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. (CVE-2026-32203) Ludvig Pedersen discovered that the System.Net.Mail component in .NET incorrectly handled certain inputs. An attacker could possibly use this issue to perform a network spoofing attack. (CVE-2026-32178) It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges. (CVE-2026-40372) Update Instructions: Run `sudo pro fix USN-8216-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dotnet-sdk-10.0 - 10.0.107-0ubuntu1~26.04.1 dotnet-sdk-10.0-source-built-artifacts - 10.0.107-0ubuntu1~26.04.1 dotnet-sdk-aot-10.0 - 10.0.107-0ubuntu1~26.04.1 dotnet-sdk-dbg-10.0 - 10.0.107-0ubuntu1~26.04.1 dotnet-templates-10.0 - 10.0.107-0ubuntu1~26.04.1 No subscription required dotnet10 - 10.0.107-10.0.7-0ubuntu1~26.04.1 No subscription required aspnetcore-runtime-10.0 - 10.0.7-0ubuntu1~26.04.1 aspnetcore-runtime-dbg-10.0 - 10.0.7-0ubuntu1~26.04.1 aspnetcore-targeting-pack-10.0 - 10.0.7-0ubuntu1~26.04.1 dotnet-apphost-pack-10.0 - 10.0.7-0ubuntu1~26.04.1 dotnet-host-10.0 - 10.0.7-0ubuntu1~26.04.1 dotnet-hostfxr-10.0 - 10.0.7-0ubuntu1~26.04.1 dotnet-runtime-10.0 - 10.0.7-0ubuntu1~26.04.1 dotnet-runtime-dbg-10.0 - 10.0.7-0ubuntu1~26.04.1 dotnet-targeting-pack-10.0 - 10.0.7-0ubuntu1~26.04.1 No subscription required Medium CVE-2026-26171 CVE-2026-33116 CVE-2026-32178 CVE-2026-32203 CVE-2026-40372 Ubuntu 26.04 LTS Cameron Criswell discovered that UltraJSON contained a memory leak that would occur when parsing large integers. An attacker could possibly use this issue to cause UltraJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-32874) It was discovered that UltraJSON contained integer overflow/underflow issues when calculating how much memory to reserve for indentation in certain instances. An attacker could possibly use this issue to cause UltraJSON to crash, resulting in a denial of service. (CVE-2026-32875) Update Instructions: Run `sudo pro fix USN-8219-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-ujson - 5.11.0-3ubuntu0.1 No subscription required Medium CVE-2026-32875 CVE-2026-32874 Ubuntu 26.04 LTS Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol (-O) option. This could result in certain files being installed setuid or setgid, contrary to expectations. (CVE-2026-35385) Florian Kohnhäuser discovered that OpenSSH incorrectly handled shell metacharacters in usernames within a command line. When untrusted usernames and non-default configurations using % in ssh_config are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2026-35386) Christos Papakonstantinou discovered that OpenSSH incorrectly handled parsing the PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms options. This could result in unintended ECDSA algorithms being used, contrary to expectations. (CVE-2026-35387) Michalis Vasileiadis discovered that OpenSSH incorrectly handled proxy-mode multiplexing sessions. This could result in no confirmation being asked, contrary to expectations. (CVE-2026-35388) Vladimir Tokarev discovered that OpenSSH incorrectly handled certificates with the principal name containing a comma character when using user-trusted CA keys in authorized_keys and an authorized_keys principals="" option that lists more than one principal. This could result in inappropriate principal matching, contrary to expectations. (CVE-2026-35414) Update Instructions: Run `sudo pro fix USN-8222-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:10.2p1-2ubuntu3.2 openssh-client-gssapi - 1:10.2p1-2ubuntu3.2 openssh-server - 1:10.2p1-2ubuntu3.2 openssh-server-gssapi - 1:10.2p1-2ubuntu3.2 openssh-sftp-server - 1:10.2p1-2ubuntu3.2 openssh-tests - 1:10.2p1-2ubuntu3.2 ssh - 1:10.2p1-2ubuntu3.2 ssh-askpass-gnome - 1:10.2p1-2ubuntu3.2 No subscription required Medium CVE-2026-35388 CVE-2026-35385 CVE-2026-35387 CVE-2026-35414 CVE-2026-35386 Ubuntu 26.04 LTS Jared Deckard discovered that Python marshmallow did not correctly handle hiding certain fields. An attacker could possibly use this issue to leak sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-17175) It was discovered that Python marshmallow did not efficiently handle merging certain objects. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2025-68480) Update Instructions: Run `sudo pro fix USN-8225-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-marshmallow - 3.26.1-0.4ubuntu0.1~esm1 python3-marshmallow-doc - 3.26.1-0.4ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2025-68480 CVE-2018-17175 Ubuntu 26.04 LTS It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-4873) It was discovered that curl incorrectly reused certain HTTP Negotiate connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5545) It was discovered that curl incorrectly reused certain SMB connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5773) It was discovered that curl could leak proxy credentials when handling redirects in some configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6253) It was discovered that curl could leak cookies because of stale custom cookie host handling in some requests. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6276) It was discovered that curl could leak .netrc credentials when reusing proxy connections in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6429) It was discovered that curl could leak Digest authentication state when switching proxies in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-7168) Update Instructions: Run `sudo pro fix USN-8227-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 8.18.0-1ubuntu2.1 libcurl3t64-gnutls - 8.18.0-1ubuntu2.1 libcurl4-doc - 8.18.0-1ubuntu2.1 libcurl4-gnutls-dev - 8.18.0-1ubuntu2.1 libcurl4-openssl-dev - 8.18.0-1ubuntu2.1 libcurl4t64 - 8.18.0-1ubuntu2.1 No subscription required Medium CVE-2026-6276 CVE-2026-5773 CVE-2026-7168 CVE-2026-5545 CVE-2026-6253 CVE-2026-6429 CVE-2026-4873 Ubuntu 26.04 LTS It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-40685) It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-40686) It was discovered that Exim incorrectly handled SPA authenticator input. An authenticated user could possibly use this issue to execute arbitrary code. (CVE-2026-40687) Update Instructions: Run `sudo pro fix USN-8228-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4 - 4.99.1-1ubuntu1.1 exim4-base - 4.99.1-1ubuntu1.1 exim4-config - 4.99.1-1ubuntu1.1 exim4-daemon-heavy - 4.99.1-1ubuntu1.1 exim4-daemon-light - 4.99.1-1ubuntu1.1 exim4-dev - 4.99.1-1ubuntu1.1 eximon4 - 4.99.1-1ubuntu1.1 No subscription required Medium CVE-2026-40685 CVE-2026-40687 CVE-2026-40686 Ubuntu 26.04 LTS Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files. Update Instructions: Run `sudo pro fix USN-8229-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sed - 4.9-2ubuntu1 No subscription required Medium CVE-2026-5958 Ubuntu 26.04 LTS It was discovered that BuildKit, contained within Docker, incorrectly handled file path validation when processing frontend API messages. An attacker could possibly use this issue to write files outside of the intended state directory. (CVE-2026-33747) It was discovered that BuildKit, contained within Docker, incorrectly validated the subdir component of Git URL fragments. An attacker could possibly use this issue to access files outside of the checked-out repository root. (CVE-2026-33748) Update Instructions: Run `sudo pro fix USN-8230-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: docker-doc - 29.1.3-0ubuntu4.1 docker.io - 29.1.3-0ubuntu4.1 No subscription required Medium CVE-2026-33748 CVE-2026-33747 Ubuntu 26.04 LTS It was discovered that Dynaconf was incorrectly handling template evaluation in its string resolvers. A remote attacker could possibly use this issue to execute arbitrary code. Update Instructions: Run `sudo pro fix USN-8231-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-dynaconf - 3.2.12-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2026-33154 Ubuntu 26.04 LTS It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while SESSION_SAVE_EVERY_REQUEST was enabled. A remote attacker could possibly use this issue to steal a user's session. (CVE-2026-35192) Kyle Agronick and Jacob Walls discovered that Django incorrectly handled ASGI requests with missing or understated Content-Length header values. A remote attacker could possibly use this issue to cause Django to use excessive resources, leading to a denial of service. (CVE-2026-5766) Ahmad Sadeddin discovered that Django UpdateCacheMiddleware incorrectly cached requests where the Vary header contained an asterisk. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6907) Update Instructions: Run `sudo pro fix USN-8232-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-django-doc - 3:5.2.9-0ubuntu4.1 python3-django - 3:5.2.9-0ubuntu4.1 No subscription required Low CVE-2026-6907 CVE-2026-5766 CVE-2026-35192 Ubuntu 26.04 LTS USN-8233-1 fixed a vulnerability in nghttp2. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-8233-2` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnghttp2-14 - 1.68.0-2ubuntu0.1 libnghttp2-dev - 1.68.0-2ubuntu0.1 libnghttp2-doc - 1.68.0-2ubuntu0.1 nghttp2 - 1.68.0-2ubuntu0.1 nghttp2-client - 1.68.0-2ubuntu0.1 nghttp2-proxy - 1.68.0-2ubuntu0.1 nghttp2-server - 1.68.0-2ubuntu0.1 No subscription required Medium CVE-2026-27135 Ubuntu 26.04 LTS It was discovered that Mako incorrectly handled URIs with double-slash prefixes in TemplateLookup. A remote attacker could possibly use this issue to obtain sensitive information. Update Instructions: Run `sudo pro fix USN-8234-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-mako-doc - 1.3.10-3ubuntu0.1 python3-mako - 1.3.10-3ubuntu0.1 No subscription required Medium CVE-2026-41205 Ubuntu 26.04 LTS Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution. Update Instructions: Run `sudo pro fix USN-8237-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gir1.2-javascriptcoregtk-4.1 - 2.52.3-0ubuntu0.26.04.2 gir1.2-javascriptcoregtk-6.0 - 2.52.3-0ubuntu0.26.04.2 gir1.2-webkit-6.0 - 2.52.3-0ubuntu0.26.04.2 gir1.2-webkit2-4.1 - 2.52.3-0ubuntu0.26.04.2 libjavascriptcoregtk-4.1-0 - 2.52.3-0ubuntu0.26.04.2 libjavascriptcoregtk-4.1-dev - 2.52.3-0ubuntu0.26.04.2 libjavascriptcoregtk-6.0-1 - 2.52.3-0ubuntu0.26.04.2 libjavascriptcoregtk-6.0-dev - 2.52.3-0ubuntu0.26.04.2 libjavascriptcoregtk-bin - 2.52.3-0ubuntu0.26.04.2 libwebkit2gtk-4.1-0 - 2.52.3-0ubuntu0.26.04.2 libwebkit2gtk-4.1-dev - 2.52.3-0ubuntu0.26.04.2 libwebkitgtk-6.0-4 - 2.52.3-0ubuntu0.26.04.2 libwebkitgtk-6.0-dev - 2.52.3-0ubuntu0.26.04.2 libwebkitgtk-doc - 2.52.3-0ubuntu0.26.04.2 webkitgtk-webdriver - 2.52.3-0ubuntu0.26.04.2 No subscription required Medium CVE-2026-28871 CVE-2026-20664 CVE-2026-20608 CVE-2026-20691 CVE-2026-20636 CVE-2026-28859 CVE-2026-20665 CVE-2025-46299 CVE-2026-20635 CVE-2025-43213 CVE-2026-20652 CVE-2025-43457 CVE-2026-20643 CVE-2025-43511 CVE-2025-43214 CVE-2026-28857 CVE-2026-20644 CVE-2026-28861 CVE-2026-20676 Ubuntu 26.04 LTS It was discovered that EditorConfig incorrectly handled specially crafted configuration files. A local attacker could possibly use this issue to cause EditorConfig to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-8238-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: editorconfig - 0.12.10+~0.17.1-3ubuntu0.1 editorconfig-doc - 0.12.10+~0.17.1-3ubuntu0.1 libeditorconfig-dev - 0.12.10+~0.17.1-3ubuntu0.1 libeditorconfig0 - 0.12.10+~0.17.1-3ubuntu0.1 No subscription required Medium CVE-2026-40489 Ubuntu 26.04 LTS Bartlomiej Dmitruk and Stanislaw Strzalkowski discovered that Apache HTTP Server incorrectly handled certain memory operations when using the HTTP/2 protocol. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-23918) It was discovered that the Apache HTTP Server mod_rewrite module incorrectly handled certain privileges. A local attacker could possibly use this issue to obtain sensitive information. (CVE-2026-24072) Andrew Lacambra, Elhanan Haenel, Tianshuo Han, and Tristan Madani discovered that the Apache HTTP Server mod_proxy_ajp module incorrectly handled certain AJP server messages. An attacker in control of a backend AJP server could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-28780) Pavel Kohout discovered that Apache HTTP Server did not properly limit resource allocation in mod_md when processing OCSP response data. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2026-29168) Pavel Kohout discovered that the Apache HTTP Server incorrectly handled certain memory operations in mod_dav_lock. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-29169) Nitescu Lucian discovered that Apache HTTP Server had a timing attack vulnerability in mod_auth_digest. A remote attacker could possibly use this issue to bypass Digest authentication. (CVE-2026-33006) Pavel Kohout and Arkadi Vainbrand discovered that Apache HTTP Server incorrectly handled certain memory operations in mod_authn_socache. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-33007) Haruki Oyama, Merih Mengisteab, and Dawit Jeong discovered that Apache HTTP Server had an HTTP response splitting vulnerability in multiple modules when used with untrusted or compromised backend servers. An attacker could possibly use this issue to inject arbitrary HTTP headers. (CVE-2026-33523) Elhanan Haenel discovered that Apache HTTP Server incorrectly handled certain memory operations in mod_proxy_ajp. A remote attacker could possibly use this issue to cause Apache HTTP Server to crash, resulting in a denial of service. (CVE-2026-33857) Tianshuo Han and Jérôme Djouder discovered that Apache HTTP Server incorrectly handled certain string operations in mod_proxy_ajp. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-34032) Elhanan Haenel discovered that Apache HTTP Server incorrectly handled certain memory operations in mod_proxy_ajp. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2026-34059) Update Instructions: Run `sudo pro fix USN-8239-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: apache2 - 2.4.66-2ubuntu2.1 apache2-bin - 2.4.66-2ubuntu2.1 apache2-data - 2.4.66-2ubuntu2.1 apache2-dev - 2.4.66-2ubuntu2.1 apache2-doc - 2.4.66-2ubuntu2.1 apache2-ssl-dev - 2.4.66-2ubuntu2.1 apache2-suexec-custom - 2.4.66-2ubuntu2.1 apache2-suexec-pristine - 2.4.66-2ubuntu2.1 apache2-utils - 2.4.66-2ubuntu2.1 No subscription required High CVE-2026-33007 CVE-2026-34059 CVE-2026-23918 CVE-2026-33523 CVE-2026-24072 CVE-2026-34032 CVE-2026-28780 CVE-2026-29168 CVE-2026-29169 CVE-2026-33006 CVE-2026-33857 Ubuntu 26.04 LTS It was discovered that Expat, vendored in Swish-e incorrectly handled certain files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. (CVE-2022-25235, CVE-2022-25236) Update Instructions: Run `sudo pro fix USN-8240-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: swish-e - 2.4.7-7.1ubuntu0.1~esm1 swish-e-dev - 2.4.7-7.1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro High CVE-2022-25236 CVE-2022-25235 Ubuntu 26.04 LTS Michał Majchrowicz discovered that Vim’s zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-35177) It was discovered that Vim’s netbeans interface did not properly sanitize certain strings. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-39881) It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-41411) Update Instructions: Run `sudo pro fix USN-8246-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:9.1.2141-1ubuntu4.1 vim-common - 2:9.1.2141-1ubuntu4.1 vim-doc - 2:9.1.2141-1ubuntu4.1 vim-gtk3 - 2:9.1.2141-1ubuntu4.1 vim-gui-common - 2:9.1.2141-1ubuntu4.1 vim-motif - 2:9.1.2141-1ubuntu4.1 vim-nox - 2:9.1.2141-1ubuntu4.1 vim-runtime - 2:9.1.2141-1ubuntu4.1 vim-tiny - 2:9.1.2141-1ubuntu4.1 xxd - 2:9.1.2141-1ubuntu4.1 No subscription required Medium CVE-2026-41411 CVE-2026-39881 CVE-2026-35177 Ubuntu 26.04 LTS It was discovered that Little CMS incorrectly handled certain malformed ICC profiles. An attacker could possibly use this issue to cause Little CMS to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-8250-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblcms2-2 - 2.17-1ubuntu0.2 liblcms2-dev - 2.17-1ubuntu0.2 liblcms2-utils - 2.17-1ubuntu0.2 No subscription required Medium CVE-2026-42798 Ubuntu 26.04 LTS It was discovered that OpenJPEG did not properly handle memory when encoding image files. An attacker could use this issue to cause OpenJPEG to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-8252-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenjp2-7 - 2.5.4-1ubuntu0.1 libopenjp2-7-dev - 2.5.4-1ubuntu0.1 libopenjp2-tools - 2.5.4-1ubuntu0.1 libopenjpip-dec-server - 2.5.4-1ubuntu0.1 libopenjpip-viewer - 2.5.4-1ubuntu0.1 libopenjpip7 - 2.5.4-1ubuntu0.1 openjpeg-doc - 2.5.4-1ubuntu0.1 No subscription required Medium CVE-2026-6192 Ubuntu 26.04 LTS Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use this issue to cause Postfix to crash, resulting in a denial of service. Update Instructions: Run `sudo pro fix USN-8253-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: postfix - 3.10.6-4ubuntu2.1 postfix-cdb - 3.10.6-4ubuntu2.1 postfix-doc - 3.10.6-4ubuntu2.1 postfix-ldap - 3.10.6-4ubuntu2.1 postfix-lmdb - 3.10.6-4ubuntu2.1 postfix-mongodb - 3.10.6-4ubuntu2.1 postfix-mysql - 3.10.6-4ubuntu2.1 postfix-pcre - 3.10.6-4ubuntu2.1 postfix-pgsql - 3.10.6-4ubuntu2.1 postfix-sqlite - 3.10.6-4ubuntu2.1 No subscription required Medium CVE-2026-43964 Ubuntu 26.04 LTS Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An attacker could use this issue to bypass sandbox protections and write files to arbitrary locations, possibly leading to arbitrary code execution. Update Instructions: Run `sudo pro fix USN-8256-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: opam - 2.5.0-1ubuntu0.1~esm1 opam-doc - 2.5.0-1ubuntu0.1~esm1 opam-installer - 2.5.0-1ubuntu0.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2026-41082 Ubuntu 26.04 LTS Quang Luong discovered that OpenEXR incorrectly handled sample count accumulation when processing deep scan line image files. An attacker could possibly use this issue to cause OpenEXR to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-27622) It was discovered that OpenEXR had an integer overflow in the PXR24 decoder. An attacker could possibly use this issue to cause OpenEXR to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-34380) Quang Luong discovered that OpenEXR had a signed integer overflow in the PIZ decoder. An attacker could possibly use this issue to cause OpenEXR to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-34588) Update Instructions: Run `sudo pro fix USN-8259-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libopenexr-3-1-30 - 3.1.13-2ubuntu0.26.04.1~esm1 libopenexr-dev - 3.1.13-2ubuntu0.26.04.1~esm1 libopenexr-doc - 3.1.13-2ubuntu0.26.04.1~esm1 openexr - 3.1.13-2ubuntu0.26.04.1~esm1 Available with Ubuntu Pro: https://ubuntu.com/pro Medium CVE-2026-27622 CVE-2026-34380 CVE-2026-34588 Ubuntu 26.04 LTS Andrew S. Fasano, Royce M, and Hugo Martinez Ray discovered that Dnsmasq did not allocate the necessary space to store domain names in some contexts. An attacker could possibly use this issue to write out-of-bounds, and could cause a denial of service or execute arbitrary code. (CVE-2026-2291) Royce M discovered that Dnsmasq could loop infinitely due to erroneously missing the window header. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-4890) Royce M discovered that a maliciously crafted packet could cause Dnsmasq to report a negative length. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-4891) Royce M and Asim Viladi Oglu Manizada discovered that certain configurations of Dnsmasq could write over the DHCPv6 CLID buffer within a privileged helper. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-4892) Royce M discovered that certain configurations of Dnsmasq could bypass internal bounds checks. An attacker could possibly use this issue to permit malformed packets, and could cause a denial of service. (CVE-2026-4893) Hugo Martinez discovered that Dnsmasq did not check the rdlen element of a record. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-5172) Update Instructions: Run `sudo pro fix USN-8268-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dnsmasq - 2.92-1ubuntu0.2 dnsmasq-base - 2.92-1ubuntu0.2 dnsmasq-base-lua - 2.92-1ubuntu0.2 dnsmasq-utils - 2.92-1ubuntu0.2 No subscription required Medium CVE-2026-4890 CVE-2026-4891 CVE-2026-2291 CVE-2026-4892 CVE-2026-5172 CVE-2026-4893 Ubuntu 26.04 LTS It is discovered that Avahi incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2026-24401) Guillaume Meunier discovered that Avahi incorrectly handled crafted input. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2026-34933) Update Instructions: Run `sudo pro fix USN-8269-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: avahi-autoipd - 0.8-18ubuntu1.1 avahi-daemon - 0.8-18ubuntu1.1 avahi-discover - 0.8-18ubuntu1.1 avahi-dnsconfd - 0.8-18ubuntu1.1 avahi-ui-utils - 0.8-18ubuntu1.1 avahi-utils - 0.8-18ubuntu1.1 gir1.2-avahi-0.6 - 0.8-18ubuntu1.1 libavahi-client-dev - 0.8-18ubuntu1.1 libavahi-client3 - 0.8-18ubuntu1.1 libavahi-common-data - 0.8-18ubuntu1.1 libavahi-common-dev - 0.8-18ubuntu1.1 libavahi-common3 - 0.8-18ubuntu1.1 libavahi-compat-libdnssd-dev - 0.8-18ubuntu1.1 libavahi-compat-libdnssd1 - 0.8-18ubuntu1.1 libavahi-core-dev - 0.8-18ubuntu1.1 libavahi-core7 - 0.8-18ubuntu1.1 libavahi-glib-dev - 0.8-18ubuntu1.1 libavahi-glib1 - 0.8-18ubuntu1.1 libavahi-gobject-dev - 0.8-18ubuntu1.1 libavahi-gobject0 - 0.8-18ubuntu1.1 libavahi-ui-gtk3-0 - 0.8-18ubuntu1.1 libavahi-ui-gtk3-dev - 0.8-18ubuntu1.1 python3-avahi - 0.8-18ubuntu1.1 No subscription required Medium CVE-2026-24401 CVE-2026-34933 Ubuntu 26.04 LTS It was discovered that Exim incorrectly handled BDAT body parsing. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-8270-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: exim4 - 4.99.1-1ubuntu1.2 exim4-base - 4.99.1-1ubuntu1.2 exim4-config - 4.99.1-1ubuntu1.2 exim4-daemon-heavy - 4.99.1-1ubuntu1.2 exim4-daemon-light - 4.99.1-1ubuntu1.2 exim4-dev - 4.99.1-1ubuntu1.2 eximon4 - 4.99.1-1ubuntu1.2 No subscription required None https://launchpad.net/bugs/2152202 Ubuntu 26.04 LTS It was discovered that the nginx ngx_http_rewrite_module component incorrectly handled certain rewrite directives. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Update Instructions: Run `sudo pro fix USN-8271-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnginx-mod-http-geoip - 1.28.3-2ubuntu1.1 libnginx-mod-http-image-filter - 1.28.3-2ubuntu1.1 libnginx-mod-http-perl - 1.28.3-2ubuntu1.1 libnginx-mod-http-xslt-filter - 1.28.3-2ubuntu1.1 libnginx-mod-mail - 1.28.3-2ubuntu1.1 libnginx-mod-stream - 1.28.3-2ubuntu1.1 libnginx-mod-stream-geoip - 1.28.3-2ubuntu1.1 nginx - 1.28.3-2ubuntu1.1 nginx-common - 1.28.3-2ubuntu1.1 nginx-core - 1.28.3-2ubuntu1.1 nginx-dev - 1.28.3-2ubuntu1.1 nginx-doc - 1.28.3-2ubuntu1.1 nginx-extras - 1.28.3-2ubuntu1.1 nginx-full - 1.28.3-2ubuntu1.1 nginx-light - 1.28.3-2ubuntu1.1 No subscription required High CVE-2026-42945 Ubuntu 26.04 LTS Andrew Griffiths discovered that Unbound did not properly handle certain DNSCrypt packets. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service. (CVE-2026-32792) Qifan Zhang discovered that Unbound incorrectly handled DNSSEC validation in certain situations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-33278) Qifan Zhang discovered that Unbound incorrectly handled certain ghost domain name records. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-40622) Qifan Zhang discovered that Unbound did not properly limit processing of long EDNS option lists. A remote attacker could possibly use this issue to cause Unbound to use excessive resources, leading to a denial of service. (CVE-2026-41292) Qifan Zhang discovered that Unbound incorrectly handled jostle logic under certain circumstances. A remote attacker could possibly use this issue to cause Unbound to use excessive resources, leading to a denial of service. (CVE-2026-42534) Qifan Zhang discovered that Unbound did not properly bound NSEC3 hash calculations. A remote attacker could possibly use this issue to cause Unbound to use excessive resources, leading to a denial of service. (CVE-2026-42923) Qifan Zhang discovered that Unbound incorrectly handled multiple EDNS options in certain situations. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-42944) Qifan Zhang discovered that Unbound incorrectly handled DNSSEC validation of malicious content. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service. (CVE-2026-42959) TaoFei Guo, Yang Luo, and JianJun Chen discovered that Unbound incorrectly handled delegation processing in certain situations. A remote attacker could possibly use this issue to poison the DNS cache and obtain sensitive information. (CVE-2026-42960) Qifan Zhang discovered that Unbound did not properly bound name compression in certain cases. A remote attacker could possibly use this issue to cause Unbound to use excessive resources, leading to a denial of service. (CVE-2026-44390) Qifan Zhang discovered that Unbound had a use-after-free issue in RPZ handling. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-44608) Update Instructions: Run `sudo pro fix USN-8282-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libunbound-dev - 1.24.2-1ubuntu2.1 libunbound8 - 1.24.2-1ubuntu2.1 python3-unbound - 1.24.2-1ubuntu2.1 unbound - 1.24.2-1ubuntu2.1 unbound-anchor - 1.24.2-1ubuntu2.1 unbound-host - 1.24.2-1ubuntu2.1 No subscription required High CVE-2026-40622 CVE-2026-33278 CVE-2026-42923 CVE-2026-44390 CVE-2026-42944 CVE-2026-41292 CVE-2026-42959 CVE-2026-42960 CVE-2026-42534 CVE-2026-32792 CVE-2026-44608 Ubuntu 26.04 LTS Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 25.10. (CVE-2025-10158) Batuhan Sancak, Damien Neil, and Michael Stapelberg discovered that rsync daemons configured without chroot protection were exposed to a race condition on parent path components. A local attacker with write access to a module could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-29518) It was discovered that rsync did not properly validate a length value while sorting extended attributes. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-41035) It was discovered that rsync performed reverse-DNS lookups after chrooting in some daemon configurations. A remote attacker could possibly use this issue to bypass hostname-based access controls and access network services. (CVE-2026-43617) Omar Elsayed discovered that rsync did not properly check for integer overflows while decoding compressed tokens. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-43618) Andrew Tridgell discovered that rsync did not fully fix a symlink race condition in path-based system calls for daemons configured without chroot protection. A local attacker could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-43619) Pratham Gupta discovered that rsync did not properly validate an index while processing file lists. A remote attacker could possibly use this issue to cause rsync to crash, resulting in a denial of service. (CVE-2026-43620) Michal Ruprich discovered that rsync contained an off-by-one error while handling HTTP proxy responses. An attacker able to intercept network communications or a malicious proxy server could possibly use this issue to cause a denial of service. (CVE-2026-45232) Update Instructions: Run `sudo pro fix USN-8283-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: rsync - 3.4.1+ds1-7ubuntu0.2 No subscription required High CVE-2026-43619 CVE-2026-43617 CVE-2026-43620 CVE-2025-10158 CVE-2026-29518 CVE-2026-43618 CVE-2026-41035 CVE-2026-45232 Ubuntu 26.04 LTS Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remote attacker could possibly use this issue to obtain sensitive information, or cause a denial of service. (CVE-2026-33845) Haruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did not properly validate DTLS handshake fragment lengths in certain cases. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-33846) Oleh Konko and Joshua Rogers discovered that GnuTLS did not properly validate OCSP responses in certain cases. A remote attacker could possibly use this issue to bypass certificate revocation checks, leading to a machine-in-the-middle attack. (CVE-2026-3832) Oleh Konko and Joshua Rogers discovered that GnuTLS did not properly handle case-insensitive name constraints in certain cases. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-3833) Joshua Rogers discovered that GnuTLS did not properly order DTLS packets with duplicate sequence numbers in certain cases. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service. (CVE-2026-42009) Joshua Rogers discovered that GnuTLS did not properly handle usernames containing NUL characters in certain RSA-PSK configurations. A remote attacker could possibly use this issue to bypass authentication and gain unintended access to services. (CVE-2026-42010) Haruto Kimura discovered that GnuTLS did not properly apply permitted name constraints in certain certificate validation paths. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-42011) Oleh Konko discovered that GnuTLS incorrectly fell back to Common Name checks for certain URI and SRV subject alternative names. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-42012) Haruto Kimura and Joshua Rogers discovered that GnuTLS incorrectly fell back to Common Name checks when subject alternative names were oversized. A remote attacker could possibly use this issue to bypass certificate validation, leading to a machine-in-the-middle attack. (CVE-2026-42013) Luigino Camastra and Joshua Rogers discovered that GnuTLS had a use-after-free issue when changing PKCS#11 token security officer PINs in certain cases. An attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-42014) Zou Dikai discovered that GnuTLS did not properly validate PKCS#12 bag sizes in certain cases. An attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-42015) Joshua Rogers discovered that GnuTLS did not properly handle very short premaster secrets in certain RSA key exchange cases with PKCS#11-backed server keys. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5260) Doria Tang discovered that GnuTLS did not perform PKCS#7 padding checks in constant time in certain cases. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-5419) Update Instructions: Run `sudo pro fix USN-8284-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnutls-bin - 3.8.12-2ubuntu1.1 gnutls-doc - 3.8.12-2ubuntu1.1 libgnutls-dane0t64 - 3.8.12-2ubuntu1.1 libgnutls-openssl27t64 - 3.8.12-2ubuntu1.1 libgnutls28-dev - 3.8.12-2ubuntu1.1 libgnutls30t64 - 3.8.12-2ubuntu1.1 No subscription required Medium CVE-2026-3832 CVE-2026-5260 CVE-2026-33846 CVE-2026-3833 CVE-2026-42012 CVE-2026-42014 CVE-2026-5419 CVE-2026-33845 CVE-2026-42015 CVE-2026-42009 CVE-2026-42010 CVE-2026-42013 CVE-2026-42011 Ubuntu 26.04 LTS Guannan Wang, Zhanpeng Liu, Guancheng Li, and Emma Reuter discovered that OpenVPN incorrectly handled suitably malformed packets with valid tls-crypt-v2 keys. An attacker could possibly use this issue to cause OpenVPN to crash, resulting in a denial of service. (CVE-2026-35058) Guannan Wang, Zhanpeng Liu, and Guancheng Li discovered that OpenVPN had a race condition in the TLS handshake process that could leak packet data from a previous handshake under certain circumstances. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-40215) Update Instructions: Run `sudo pro fix USN-8286-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openvpn - 2.7.0-1ubuntu1.1 No subscription required Medium CVE-2026-35058 CVE-2026-40215 Ubuntu 26.04 LTS It was discovered that Bubblewrap incorrectly handled the sandbox setup phase when installed in setuid mode. A local attacker could possibly use this issue to bypass sandbox restrictions. Update Instructions: Run `sudo pro fix USN-8288-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bubblewrap - 0.11.1-1ubuntu0.1 No subscription required Medium CVE-2026-41163 Ubuntu 26.04 LTS It was discovered that libarchive incorrectly handled certain RAR archives. An attacker could possibly use this issue to cause an out-of-bounds read via a crafted RAR archive, leading to sensitive memory disclosure. (CVE-2026-4424) It was discovered that libarchive incorrectly handled certain ISO files. An attacker could possibly use this issue to cause incorrect memory allocation via a crafted ISO file, leading to a denial of service. (CVE-2026-4426) It was discovered that libarchive incorrectly handled block pointer allocation in zisofs on 32-bit systems. An attacker could possibly use this issue to cause a heap buffer overflow via a crafted ISO9660 image, possibly leading to arbitrary code execution. (CVE-2026-5121) Update Instructions: Run `sudo pro fix USN-8292-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libarchive-dev - 3.8.5-1ubuntu2.1 libarchive-tools - 3.8.5-1ubuntu2.1 libarchive13t64 - 3.8.5-1ubuntu2.1 No subscription required Medium CVE-2026-4424 CVE-2026-4426 CVE-2026-5121 Ubuntu 26.04 LTS Vitaly Simonovich discovered that Bind could exhaust memory during GSS-API TKEY negotiation. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. (CVE-2026-3039) Shuhan Zhang discovered that Bind incorrectly handled self-pointed glue records. A remote attacker could possibly use this issue to use Bind in denial of service amplification attacks against other systems. (CVE-2026-3592) Naresh Kandula Parmar discovered that Bind incorrectly handled memory in the DNS-over-HTTPS implementation. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-3593) It was discovered that Bind incorrectly handled DNS messages whose class was not IN. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. (CVE-2026-5946) Naoki Wakamatsu discovered that Bind incorrectly handled SIG(0) validation during a query flood. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-5947) Billy Baraja discovered that Bind had an unbounded resend loop in the resolver. A remote attacker could possibly use this issue to cause Bind to use excessive resources, leading to a denial of service. (CVE-2026-5950) Update Instructions: Run `sudo pro fix USN-8293-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.20.18-1ubuntu2.1 bind9-dev - 1:9.20.18-1ubuntu2.1 bind9-dnsutils - 1:9.20.18-1ubuntu2.1 bind9-doc - 1:9.20.18-1ubuntu2.1 bind9-host - 1:9.20.18-1ubuntu2.1 bind9-libs - 1:9.20.18-1ubuntu2.1 bind9-utils - 1:9.20.18-1ubuntu2.1 No subscription required Medium CVE-2026-3592 CVE-2026-5947 CVE-2026-5946 CVE-2026-5950 CVE-2026-3593 CVE-2026-3039 Ubuntu 26.04 LTS It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. (CVE-2026-6472) It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker could possibly use this issue to cause PostgreSQL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-6473) It was discovered that PostgreSQL incorrectly handled format strings in the timeofday() function. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6474) It was discovered that PostgreSQL incorrectly followed symbolic links in pg_basebackup and pg_rewind. An attacker could possibly use this issue to overwrite local files and execute arbitrary code. (CVE-2026-6475) It was discovered that PostgreSQL had an SQL injection vulnerability in pg_createsubscriber. An attacker could possibly use this issue to execute arbitrary SQL as a superuser. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-6476) It was discovered that PostgreSQL used an unsafe libpq function in large object operations. An attacker could possibly use this issue to overwrite client memory and execute arbitrary code. (CVE-2026-6477) It was discovered that PostgreSQL did not compare MD5-hashed passwords in constant time. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6478) It was discovered that PostgreSQL had uncontrolled recursion during SSL and GSS negotiation. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-6479) It was discovered that PostgreSQL incorrectly handled array length mismatches in pg_restore_attribute_stats(). An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-6575) It was discovered that PostgreSQL had a stack buffer overflow in the refint module. An attacker could use this issue to cause PostgreSQL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-6637) It was discovered that PostgreSQL had an SQL injection vulnerability in logical replication REFRESH PUBLICATION. An attacker could possibly use this issue to execute arbitrary SQL. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-6638) Update Instructions: Run `sudo pro fix USN-8294-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libecpg-compat3 - 18.4-0ubuntu0.26.04.1 libecpg-dev - 18.4-0ubuntu0.26.04.1 libecpg6 - 18.4-0ubuntu0.26.04.1 libpgtypes3 - 18.4-0ubuntu0.26.04.1 libpq-dev - 18.4-0ubuntu0.26.04.1 libpq-oauth - 18.4-0ubuntu0.26.04.1 libpq5 - 18.4-0ubuntu0.26.04.1 postgresql-18 - 18.4-0ubuntu0.26.04.1 postgresql-18-jit - 18.4-0ubuntu0.26.04.1 postgresql-client-18 - 18.4-0ubuntu0.26.04.1 postgresql-doc-18 - 18.4-0ubuntu0.26.04.1 postgresql-plperl-18 - 18.4-0ubuntu0.26.04.1 postgresql-plpython3-18 - 18.4-0ubuntu0.26.04.1 postgresql-pltcl-18 - 18.4-0ubuntu0.26.04.1 postgresql-server-dev-18 - 18.4-0ubuntu0.26.04.1 No subscription required Medium CVE-2026-6638 CVE-2026-6476 CVE-2026-6477 CVE-2026-6479 CVE-2026-6475 CVE-2026-6474 CVE-2026-6478 CVE-2026-6472 CVE-2026-6473 CVE-2026-6637 CVE-2026-6575 /etc/lsb-release ^[\s\S]*DISTRIB_CODENAME=([a-z]+)$ 1 unix resolute 0:2.1.1-0.1ubuntu0.26.04.1 1:2022.10.3-5ubuntu1 0:1.3.4-3ubuntu1 0:6.0.4-1ubuntu3 0:6.5.4-0.1ubuntu0.1 0:1.8.1-4ubuntu2 0:1.4.4+dfsg-0ubuntu0.26.04.1 0:3.2.9-1ubuntu2.1 0:2.17-1ubuntu0.1 0:12.1.1-2ubuntu1.1 0:0.6.1ubuntu0.1 0:3.9.2-1ubuntu0.1~esm1 0:10.0.107-0ubuntu1~26.04.1 0:10.0.107-10.0.7-0ubuntu1~26.04.1 0:10.0.7-0ubuntu1~26.04.1 0:5.11.0-3ubuntu0.1 1:10.2p1-2ubuntu3.2 0:3.26.1-0.4ubuntu0.1~esm1 0:8.18.0-1ubuntu2.1 0:4.99.1-1ubuntu1.1 0:4.9-2ubuntu1 0:29.1.3-0ubuntu4.1 0:3.2.12-1ubuntu0.1~esm1 3:5.2.9-0ubuntu4.1 0:1.68.0-2ubuntu0.1 0:1.3.10-3ubuntu0.1 0:2.52.3-0ubuntu0.26.04.2 0:0.12.10+~0.17.1-3ubuntu0.1 0:2.4.66-2ubuntu2.1 0:2.4.7-7.1ubuntu0.1~esm1 2:9.1.2141-1ubuntu4.1 0:2.17-1ubuntu0.2 0:2.5.4-1ubuntu0.1 0:3.10.6-4ubuntu2.1 0:2.5.0-1ubuntu0.1~esm1 0:3.1.13-2ubuntu0.26.04.1~esm1 0:2.92-1ubuntu0.2 0:0.8-18ubuntu1.1 0:4.99.1-1ubuntu1.2 0:1.28.3-2ubuntu1.1 0:1.24.2-1ubuntu2.1 0:3.4.1+ds1-7ubuntu0.2 0:3.8.12-2ubuntu1.1 0:2.7.0-1ubuntu1.1 0:0.11.1-1ubuntu0.1 0:3.8.5-1ubuntu2.1 1:9.20.18-1ubuntu2.1 0:18.4-0ubuntu0.26.04.1 ruby-rack-session libntfs-3g89t64 ntfs-3g ntfs-3g-dev gir1.2-packagekitglib-1.0 gstreamer1.0-packagekit libpackagekit-glib2-18 libpackagekit-glib2-dev packagekit packagekit-command-not-found packagekit-docs packagekit-gtk3-module charon-cmd charon-systemd libcharon-extauth-plugins libcharon-extra-plugins libstrongswan libstrongswan-extra-plugins libstrongswan-standard-plugins strongswan strongswan-charon strongswan-libcharon strongswan-nm strongswan-pki strongswan-starter strongswan-swanctl python-tornado-doc python3-tornado jq libjq-dev libjq1 clamav clamav-base clamav-daemon clamav-doc clamav-docs clamav-freshclam clamav-milter clamav-testfiles clamdscan libclamav-dev libclamav12 haproxy haproxy-doc vim-haproxy liblcms2-2 liblcms2-dev liblcms2-utils python-pil-doc python3-pil python3-pil.imagetk authd python3-nltk dotnet-sdk-10.0 dotnet-sdk-10.0-source-built-artifacts dotnet-sdk-aot-10.0 dotnet-sdk-dbg-10.0 dotnet-templates-10.0 dotnet10 aspnetcore-runtime-10.0 aspnetcore-runtime-dbg-10.0 aspnetcore-targeting-pack-10.0 dotnet-apphost-pack-10.0 dotnet-host-10.0 dotnet-hostfxr-10.0 dotnet-runtime-10.0 dotnet-runtime-dbg-10.0 dotnet-targeting-pack-10.0 python3-ujson openssh-client openssh-client-gssapi openssh-server openssh-server-gssapi openssh-sftp-server openssh-tests ssh ssh-askpass-gnome python3-marshmallow python3-marshmallow-doc curl libcurl3t64-gnutls libcurl4-doc libcurl4-gnutls-dev libcurl4-openssl-dev libcurl4t64 exim4 exim4-base exim4-config exim4-daemon-heavy exim4-daemon-light exim4-dev eximon4 sed docker-doc docker.io python3-dynaconf python-django-doc python3-django libnghttp2-14 libnghttp2-dev libnghttp2-doc nghttp2 nghttp2-client nghttp2-proxy nghttp2-server python-mako-doc python3-mako gir1.2-javascriptcoregtk-4.1 gir1.2-javascriptcoregtk-6.0 gir1.2-webkit-6.0 gir1.2-webkit2-4.1 libjavascriptcoregtk-4.1-0 libjavascriptcoregtk-4.1-dev libjavascriptcoregtk-6.0-1 libjavascriptcoregtk-6.0-dev libjavascriptcoregtk-bin libwebkit2gtk-4.1-0 libwebkit2gtk-4.1-dev libwebkitgtk-6.0-4 libwebkitgtk-6.0-dev libwebkitgtk-doc webkitgtk-webdriver editorconfig editorconfig-doc libeditorconfig-dev libeditorconfig0 apache2 apache2-bin apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils swish-e swish-e-dev vim vim-common vim-doc vim-gtk3 vim-gui-common vim-motif vim-nox vim-runtime vim-tiny xxd liblcms2-2 liblcms2-dev liblcms2-utils libopenjp2-7 libopenjp2-7-dev libopenjp2-tools libopenjpip-dec-server libopenjpip-viewer libopenjpip7 openjpeg-doc postfix postfix-cdb postfix-doc postfix-ldap postfix-lmdb postfix-mongodb postfix-mysql postfix-pcre postfix-pgsql postfix-sqlite opam opam-doc opam-installer libopenexr-3-1-30 libopenexr-dev libopenexr-doc openexr dnsmasq dnsmasq-base dnsmasq-base-lua dnsmasq-utils avahi-autoipd avahi-daemon avahi-discover avahi-dnsconfd avahi-ui-utils avahi-utils gir1.2-avahi-0.6 libavahi-client-dev libavahi-client3 libavahi-common-data libavahi-common-dev libavahi-common3 libavahi-compat-libdnssd-dev libavahi-compat-libdnssd1 libavahi-core-dev libavahi-core7 libavahi-glib-dev libavahi-glib1 libavahi-gobject-dev libavahi-gobject0 libavahi-ui-gtk3-0 libavahi-ui-gtk3-dev python3-avahi exim4 exim4-base exim4-config exim4-daemon-heavy exim4-daemon-light exim4-dev eximon4 libnginx-mod-http-geoip libnginx-mod-http-image-filter libnginx-mod-http-perl libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream libnginx-mod-stream-geoip nginx nginx-common nginx-core nginx-dev nginx-doc nginx-extras nginx-full nginx-light libunbound-dev libunbound8 python3-unbound unbound unbound-anchor unbound-host rsync gnutls-bin gnutls-doc libgnutls-dane0t64 libgnutls-openssl27t64 libgnutls28-dev libgnutls30t64 openvpn bubblewrap libarchive-dev libarchive-tools libarchive13t64 bind9 bind9-dev bind9-dnsutils bind9-doc bind9-host bind9-libs bind9-utils libecpg-compat3 libecpg-dev libecpg6 libpgtypes3 libpq-dev libpq-oauth libpq5 postgresql-18 postgresql-18-jit postgresql-client-18 postgresql-doc-18 postgresql-plperl-18 postgresql-plpython3-18 postgresql-pltcl-18 postgresql-server-dev-18