10869 matches found
USN-8095-1: Linux kernel vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
USN-8094-1: Linux kernel vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module LSM. An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information kernel memory, local...
USN-8087-2: python-cryptography regression
USN-8087-1 fixed a vulnerability in python-cryptography. The update caused a regression when using ECC algorithms with certain software. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that python-cryptography incorrectly handled...
USN-8093-1: libssh vulnerability
It was discovered that libssh incorrectly performed bounds checking when processing SFTP extensions. If a client application queried extension data out of bounds, it could cause the application to crash, resulting in a denial of service, or exhibit unintended behavior...
USN-8092-1: Sudo vulnerability
It was discovered that Sudo incorrectly checked return codes when dropping privileges to run the mailer. A local attacker could possibly use this issue to escalate privileges...
USN-8091-1: util-linux vulnerability
It was discovered that the util-linux su utility did not drop capabilities when being used with the --pty option. While not a security issue by itself, a local attacker could possibly use the su tool to exploit vulnerabilities in other applications...
USN-8090-2: OpenSSH vulnerabilities
USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the corresponding updates for Ubuntu 20.04 LTS. Original advisory details: Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the...
USN-8090-1: OpenSSH vulnerabilities
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly...
USN-8089-1: Go Networking vulnerabilities
Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go Networking could hang during shutdown if preempted by a fatal error. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LT...
USN-8088-1: go-git vulnerabilities
Ionut Lalu discovered that go-git incorrectly handled certain specially crafted Git server responses. An attacker could possibly use this issue to cause a denial of service. CVE-2023-49568, CVE-2025-21614 Ionut Lalu discovered that go-git incorrectly handled file system paths when using the...
USN-8087-1: python-cryptography vulnerability
It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys...
USN-8086-1: FreeType vulnerability
It was discovered that FreeType did not correctly handle certain integer arithmetic. An attacker could possibly use this issue to leak sensitive information...
USN-8085-1: .NET vulnerabilities
It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not properly handle certain malformed Base64Url encoded input. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. This issue only affected .NET 9.0 and .NET 10.0. CVE-2026-26127...
USN-8084-1: curl vulnerabilities
Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate-authenticated HTTP or HTTPS requests. This could result in the use of credentials from a different connection, contrary to expectations. CVE-2026-1965 It was discovered that curl incorrectly leaked OAuth...
USN-8081-1: libpng vulnerabilities
It was discovered that libpng did not properly handle memory when processing certain PNG files. An attacker could possibly use this issue to cause libpng to crash, resulting in a denial of service, or disclose sensitive information. CVE-2025-64505 Joshua Inscoe discovered that libpng did not...
USN-8083-1: GeoPandas vulnerability
It was discovered that GeoPandas incorrectly handled certain input. An attacker could possibly use this issue to perform SQL injection attacks...
USN-8082-1: GIMP vulnerabilities
Michael Randrianantenaina discovered that GIMP incorrectly handled certain malformed ICO files. An attacker could possibly use this to cause a denial of service or execute arbitrary code. CVE-2025-5473 Seungho Kim discovered that GIMP incorrectly handled certain memory operations when running the...
USN-8060-7: Linux kernel (NVIDIA) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - MMC subsystem; CVE-2022-49267, CVE-2025-21780...
USN-8059-8: Linux kernel (NVIDIA) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; CVE-2025-22037, CVE-2025-37899...
USN-8080-1: YARA vulnerabilities
Kamil Frankowicz discovered that a number of YARA's functions generated memory exceptions when processing specially crafted rules or files. A remote attacker could possibly use these issues to cause YARA to crash, resulting in a denial of service. These issues only affected Ubuntu 16.04 LTS...
USN-7968-2: Apache HTTP Server regression
USN-7968-1 fixed vulnerabilities in Apache HTTP Server. The update introduced a regression in modmd where the MDStapleOthers setting was ignored which resulted in OCSP being broken for some domains. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It w...
USN-8018-2: Python regression
USN-8018-1 fixed vulnerabilities in python3. That update introduced regressions. The patches for CVE-2025-15366 and CVE-2025-15367 caused behavior regressions in IMAP and POP3 handling, which upstream chose to avoid by not backporting them. Additionally, the patch for CVE-2026-0865 incorrectly...
USN-8076-1: Qt vulnerabilities
It was discovered that Qt did not correctly handle OpenSSL's error queue. An attacker could possibly use this issue to cause a denial of service. This issue was only addressed in Ubuntu 20.04 LTS. CVE-2020-13962 It was discovered that Qt incorrectly handled certain XBM image files. If a user or...
USN-8079-1: less vulnerability
It was discovered that less incorrectly handled certain file names. An attacker could possibly use this issue to cause a denial of service or execute arbitrary commands...
USN-8078-1: Zutty vulnerability
Carter Sande discovered that Zutty did not correctly echo invalid input to the console on DECRQSS. An attacker could possibly use this issue to execute arbitrary commands...
USN-8077-1: Bleach vulnerabilities
It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS...
USN-8071-2: NSS vulnerability
USN-8071-1 fixed a vulnerability in nss. This update provides the corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote...
USN-8075-1: GIMP vulnerabilities
Michael Randrianantenaina discovered that calculating the linear size of a DDS file could overflow on 32-bit systems. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS...
USN-8073-1: QEMU vulnerabilities
It was discovered that the UHCI controller implementation of QEMU could be brought into an invalid state. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. CVE-2024-8354 It was discovered that QEMU incorrectly handled memory durin...
USN-8074-2: Linux kernel (Azure FIPS) vulnerabilities
It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...
USN-8074-1: Linux kernel (Azure) vulnerabilities
It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...
USN-8059-7: Linux kernel (AWS FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; CVE-2025-22037, CVE-2025-37899...
USN-8070-3: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - File syste...
USN-8072-1: PostgreSQL vulnerabilities
Altan Birler discovered that PostgreSQL incorrectly validated oidvector types. An attacker could possibly use this issue to obtain a few bytes of sensitive information. CVE-2026-2003 Daniel Firer discovered that PostgreSQL incorrectly validated input in the intarray extension. An attacker could...
USN-8071-1: NSS vulnerability
It was discovered that NSS incorrectly handled memory when performing certain GHASH operations. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-8069-1: ImageMagick vulnerabilities
It was discovered that ImageMagick did not properly decode certain SUN image files. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-25897 It was discovered that ImageMagick did not properly validate pix...
LSN-0118-1: Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption large read crashes with a slab-use-after-free way down in the crypto API. In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF fo...
USN-8070-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - File syste...
USN-8070-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - MMC subsystem; - Network drivers; - USB Device Class drivers; - BTRFS file system; - File syste...
USN-8060-6: Linux kernel (AWS FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - MMC subsystem; CVE-2022-49267, CVE-2025-21780...
USN-8060-5: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - MMC subsystem; CVE-2022-49267, CVE-2025-21780...
USN-8062-2: curl vulnerabilities
USN-8062-1 fixed vulnerabilities in curl. This update provides the corresponding update for CVE-2025-14017, CVE-2025-15079, and CVE-2025-15224 for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that curl incorrectly handled...
USN-7990-6: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Padata parallel execution mechanism; - Netfilter; CVE-2022-49698, CVE-2025-21726, CVE-2025-400...
USN-8068-1: Intel Microcode vulnerability
Sergiu Ghetie discovered that some Intel® processors did not properly handle values in the microcode flow. A local authenticated user could potentially use this issue to escalate their privileges...
USN-8067-1: Mailman vulnerability
It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin request CSRF attack and set a new admin password or make other changes...
USN-5376-6: Git regression
USN-5376-4 fixed a regression in Git. This update provides the corresponding update for Ubuntu 18.04 LTS. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could...
USN-5376-5: Git regression
USN-5376-4 fixed a regression in Git. The update introduced a regression when specifying configuration includes due to additional restrictions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain...
USN-8059-6: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; CVE-2025-22037, CVE-2025-37899...
USN-8066-1: Rack vulnerabilities
Minh Pham Quang discovered that Rack did not correctly handle parsing certain paths, which could lead to a path traversal attack. An attacker could possibly use this issue to leak sensitive information. CVE-2026-22860 Ali Firas discovered that Rack did not correctly sanitize certain inputs. An...
USN-8065-1: Authlib vulnerabilities
Millie Solem discovered that Authlib did not properly restrict algorithm selection during JWT verification, allowing HMAC verification with asymmetric public keys when no algorithm was specified. A remote attacker could possibly use this issue to bypass signature verification and forge tokens,...