#Ubuntu

Ubuntu has released USN-8454-1 to address several libheif vulnerabilities that could lead to denial of service, sensitive information exposure, or possible arbitrary code execution when handling crafted HEIF or AVIF files.

Ubuntu has issued USN-8447-2 to deliver LXD updates for multiple embedded Go Cryptography vulnerabilities affecting SSH-related security controls and denial-of-service exposure.

Ubuntu has published USN-8450-1 addressing four Apache Tomcat vulnerabilities tied to denial of service, potential crashes, possible arbitrary code execution, credential exposure, and authorization bypass risks.

Ubuntu has published USN-8361-3 for a Linux kernel vulnerability affecting the packet sockets subsystem. The notice says an attacker could possibly use the issue to compromise a system, making timely patch review and deployment important for defenders.

Ubuntu has published USN-8438-1 to address multiple OpenImageIO vulnerabilities that could lead to denial of service or possible arbitrary code execution when handling crafted image files.

Ubuntu has released USN-8433-1 to address multiple OpenStack Keystone vulnerabilities that could enable privilege escalation, authentication bypass, token abuse, and cross-project credential issues in affected deployments.

Ubuntu has released USN-8349-3 to fix regressions introduced by an earlier rsync security update. The notice also points administrators back to the underlying rsync flaws that can affect availability, access controls, and sensitive data exposure.

Ubuntu has issued USN-8423-1 for multiple lwIP vulnerabilities, including buffer overflow issues that could lead to denial of service, information disclosure, or possible arbitrary code execution in affected environments.

Ubuntu has released USN-8426-1 to address multiple Linux kernel (Azure) vulnerabilities, including flaws that could let a local attacker escalate privileges or possibly escape a container. Teams running Ubuntu workloads on Azure should prioritize patching and validation.

Ubuntu has issued USN-8420-1 for .NET vulnerabilities that can lead to unauthorized file tampering and denial of service. Teams running .NET on Ubuntu should review affected packages and apply vendor-provided updates.

Ubuntu has published USN-8422-1 for a Mistral vulnerability caused by improper access policy enforcement on some API endpoints, creating a risk of arbitrary code execution on workers and possible exposure of sensitive service credentials.

Ubuntu has published USN-8419-1 for an HTTP-Daemon vulnerability that could let a remote attacker execute arbitrary commands, overwrite files, or expose sensitive information under certain conditions.

Ubuntu has released USN-6455-2 to correct an Exim regression introduced by an earlier security fix on Ubuntu 22.04 LTS. The update resolves Taint mismatch errors affecting certain connections while preserving protections for prior Exim vulnerabilities.

Ubuntu has published USN-8414-2 to deliver OpenSSL fixes for Ubuntu 14.04, 16.04, 18.04, and 20.04 LTS, addressing vulnerabilities tied to denial of service, information disclosure, authentication bypass, and possible code execution.

Ubuntu has published USN-8405-1 for multiple CUPS vulnerabilities that may lead to unauthorized access, file overwrite, denial of service, information disclosure, or possible arbitrary code execution depending on system configuration and exposure.

Ubuntu has published USN-8406-1 for Net::CIDR::Lite, addressing flaws that could allow IP-based access control bypasses on affected Ubuntu 16.04 LTS and 18.04 LTS systems.

Ubuntu has published USN-8408-1 for a Twig vulnerability caused by improper validation of PHP callables when a source policy is used. In affected environments, an authenticated user could potentially execute arbitrary code.

Ubuntu has issued USN-8401-1 for multiple Netty vulnerabilities that can enable request smuggling, header injection, Redis command injection, validation bypass, and denial-of-service conditions across supported LTS releases.

Ubuntu has released USN-8349-2 to correct multiple rsync regressions introduced by a prior security update. Teams relying on rsync should review affected systems and apply the corrected packages promptly.

Ubuntu has temporarily reverted a pip security patch on 22.04 LTS, 24.04 LTS, and 26.04 LTS after it caused a regression. The notice affects fixes tied to CVE-2025-66471 and is important for teams managing Python package workflows on Ubuntu.

Ubuntu has published USN-8344-1 for pip vulnerabilities affecting TLS certificate verification and bundled urllib3 decompression handling, with risks including machine-in-the-middle exposure and denial of service.

Ubuntu has issued USN-8338-2 to correct a regression introduced by the earlier Apache HTTP Server update. The fix restores mod_http2 loading on Ubuntu 18.04 LTS and is important for administrators validating recent Apache package updates.

Ubuntu has published USN-8341-1 for OpenJDK 26, addressing multiple vulnerabilities that could expose sensitive information, allow data modification, or trigger denial-of-service conditions in affected environments.

Ubuntu refreshed CVE-2026-23407 on May 23, 2026 and describes another AppArmor bounds-check weakness, this time around DEFAULT table handling in verify_dfa. This alert explains why repeated parser issues deserve architectural attention, not just patching.

Ubuntu updated CVE-2026-23269 on May 23, 2026 after describing an AppArmor out-of-bounds read during policy unpacking. This alert focuses on why security-policy parsing flaws matter even when they look more internal than public-facing.

Ubuntu refreshed CVE-2026-23112 on May 23, 2026 and gives it a high priority because it can be used for a remote denial of service on nvmet-tcp exposing hosts. This alert explains why storage-adjacent kernel bugs deserve better visibility.

Ubuntu updated the CVE-2026-26740 record on May 23, 2026 and still lists maintained releases as vulnerable with fixes deferred. This alert explains why an unfixed library issue can still deserve attention even before a package update exists.