Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 515
Alerts This Week
Warning Icon 1 515

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 349 articles for you...
172

Ubuntu 26.04 Tar Important Regression Extraction Issue USN-8477-2

USN-8477-1 introduced a regression in tar. ========================================================================== Ubuntu Security Notice USN-8477-2 July 16, 2026 tar regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: USN-8477-1 introduced a regression in tar Software Description: - tar: GNU tar archive utility Details: USN-8477-1 fixed a vulnerability in tar. The update introduced a regression that could cause tar to fail to extract certain valid files. This update fixes the problem. Original advisory details: It was discovered that tar incorrectly handled certain crafted archive files. An attacker could possibly use this to inject hidden files with attacker-controlled content, bypassing pre-extraction inspection mechanisms. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS tar 1.35+dfsg-4ubuntu0.3 Ubuntu 24.04 LTS tar 1.35+dfsg-3ubuntu0.3 Ubuntu 22.04 LTS tar 1.34+dfsg-1ubuntu0.1.22.04.5 Ubuntu 20.04 LTS tar 1.30+dfsg-7ubuntu0.20.04.4+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS tar 1.29b-2ubuntu0.4+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS tar 1.28-2.1ubuntu0.2+esm5 Available with Ubuntu Pro Ubuntu 14.04 LTS tar 1.27.1-1ubuntu0.1+esm6 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8477-2 https://ubuntu.com/security/notices/USN-8477-1 CVE-2026-5704, https://launchpad.net/bugs/2160650 Package Information: https://launchpad.net/ubuntu/+source/tar/1.35+dfsg-4ubuntu0.3 https://launchpad.net/ubuntu/+source/tar/1.35+dfsg-3ubuntu0.3 https://launchpad.net/ubuntu/+source/tar/1.34+dfsg-1ubuntu0.1.22.04.5 . A regression in the tar package has been fixed in Ubuntu to ensure proper file extraction and security integrity.. Ubuntu Security, tar Update, Software Vulnerability, System Security, File Extraction Issue. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 16, 2026 Important Ubuntu
172

Ubuntu cifs-utils Important Local Attack Regression USN-8496-2

USN-8496-1 introduced a regression in cifs-utils. ========================================================================== Ubuntu Security Notice USN-8496-2 July 03, 2026 cifs-utils regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: USN-8496-1 introduced a regression in cifs-utils Software Description: - cifs-utils: Common Internet File System utilities Details: USN-8496-1 fixed a vulnerability in cifs-utils. Unfortunately, the fix introduced a regression with Kerberos mounts. This update reverts the security update until a complete fix is available. We apologize for the inconvenience. Original advisory details: It was discovered that cifs-utils incorrectly dropped root privileges before looking up user information. A local attacker could possibly use this issue to execute arbitrary code as the root user. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS cifs-utils 2:7.4-1ubuntu0.26.04.2 Ubuntu 25.10 cifs-utils 2:7.4-1ubuntu0.25.10.2 Ubuntu 24.04 LTS cifs-utils 2:7.0-2ubuntu0.4 Ubuntu 22.04 LTS cifs-utils 2:6.14-1ubuntu0.5 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8496-2 https://ubuntu.com/security/notices/USN-8496-1 https://launchpad.net/bugs/2159053 Package Information: https://launchpad.net/ubuntu/+source/cifs-utils/2:7.4-1ubuntu0.26.04.2 https://launchpad.net/ubuntu/+source/cifs-utils/2:7.4-1ubuntu0.25.10.2 https://launchpad.net/ubuntu/+source/cifs-utils/2:7.0-2ubuntu0.4 https://launchpad.net/ubuntu/+source/cifs-utils/2:6.14-1ubuntu0.5 . Ubuntu 8496-2 resolves regression in cifs-utils after USN-8496-1 update in various Ubuntuversions.. Ubuntu Security Notice, cifs-utils fix, root privilege issue. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jul 03, 2026 Important Ubuntu
172

Ubuntu QEMU Medium Regression Denial of Service Fix USN-8412-3

USN-8412-1 introduced a regression in QEMU. ========================================================================== Ubuntu Security Notice USN-8412-3 June 28, 2026 qemu regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: USN-8412-1 introduced a regression in QEMU Software Description: - qemu: Machine emulator and virtualizer Details: USN-8412-1 fixed vulnerabilities QEMU. On Ubuntu 20.04 LTS, the fix for CVE-2024-4467 was incomplete and prevented the creation of boot volumes from qcow2 images. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly handled certain responses from an iSCSI server. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-1711) It was discovered that the iSCSI block driver in QEMU incorrectly handled certain memory operations, leading to a heap-based buffer over-read. An attacker could possibly use this issue to expose sensitive information from the host. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-11947) Ziming Zhang discovered that the SM501 display driver in QEMU contained an integer overflow. A local attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-12829) Gaoning Pan and Xingwei Li discovered that the USB xHCI controller implementation in QEMU contained an infinite loop. An attacker inside the guest could possibly use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2020-14394) Lei Sun discovered that QEMUincorrectly handled certain MemoryRegionOps objects, leading to a NULL pointer dereference. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2020-15469) Alexander Bulekov discovered that the e1000e network device implementation in QEMU contained a use-after-free. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-15859) Ziming Zhang discovered that the XGMAC Ethernet controller in QEMU contained a buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-15863) Alexander Bulekov discovered that the SDHCI device emulation in QEMU contained a heap-based buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-17380) Sergej Schumilo, Cornelius Aschermann, and Simon Wörner discovered that the USB xHCI controller implementation in QEMU did not check a return value, leading to a use-after-free. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-25084) Gaoning Pan, Yongkang Jia, and Yi Ren discovered that the USB OHCI controller implementation in QEMU contained a stack-based buffer over- read. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-25624) It was discovered that the USB OHCI controller implementation in QEMU contained an infinite loop. An attacker inside theguest could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-25625) Cheolwoo Myung discovered that the USB EHCI emulation in QEMU did not handle DMA memory map failures, leading to a reachable assertion. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-25723) Gaoning Pan discovered that the network device emulation in QEMU could be made to trigger an assertion failure when processing packets that lacked a valid layer 3 protocol. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-27617) Wenxiang Qian discovered that the ATAPI emulation in QEMU did not properly validate a buffer index, leading to an out-of-bounds read. An attacker inside the guest could possibly use this issue to expose sensitive information or cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-29443) Cheolwoo Myung discovered that the ESP SCSI emulation in QEMU contained a NULL pointer dereference. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2020-35504) Cheolwoo Myung discovered that the am53c974 SCSI host bus adapter emulation in QEMU contained a NULL pointer dereference. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2020-35505) It was discovered that the SDHCI controller emulation in QEMU contained out-of-bounds read and write issues. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-3409) It was discovered that several network device emulations in QEMU contained an infinite loop when operating in loopback mode. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-3416) Alexander Bulekov discovered that the floppy disk emulation in QEMU contained a heap-based buffer overflow. An attacker inside the guest could possibly use this issue to expose sensitive information or cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-3507) Remy Noel discovered that the USB redirector device emulation in QEMU performed an unbounded stack allocation when combining USB packets. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-3527) It was discovered that the QXL display device emulation in QEMU contained an integer overflow, leading to a heap-based buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-4206) It was discovered that the QXL display device emulation in QEMU performed a double fetch of guest-controlled values, leading to a heap-based buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-4207) It was discovered that the 9pfs server implementation in QEMU contained a race condition, leading to a use-after-free. A malicious 9pclient could possibly use this issue to escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-20181) Gaoning Pan discovered that the floppy disk emulation in QEMU contained a NULL pointer dereference. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-20196) Gaoning Pan discovered that the vmxnet3 network device emulation in QEMU contained an integer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-20203) It was discovered that the ARM Generic Interrupt Controller emulation in QEMU contained an out-of-bounds heap access. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-20221) Alexander Bulekov, Cheolwoo Myung, Sergej Schumilo, Cornelius Aschermann, and Simon Wörner discovered that the e1000 network device emulation in QEMU contained an infinite loop. An attacker inside the guest could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-20257) It was discovered that the 9p passthrough file system implementation in QEMU did not prevent opening special files on the host. A malicious guest could possibly use this issue to escape the exported 9p tree. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-2861) It was discovered that the virtio crypto device emulation in QEMU did not properly validate certain buffer lengths, leading to a heap buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, orpossibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2023-3180) It was discovered that the built-in VNC server in QEMU contained a NULL pointer dereference when cleaning up a connection that failed during the handshake. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2023-3354) It was discovered that QEMU could incorrectly direct a guest I/O operation to disk offset 0 instead of the intended offset. An attacker inside the guest could possibly use this issue to read or overwrite sensitive data, potentially gaining control of the host. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-5088) It was discovered that several virtio device emulations in QEMU did not properly guard against DMA reentrancy, leading to a double free. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-3446) It was discovered that the SDHCI device emulation in QEMU contained a heap- based buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2024-3447) It was discovered that the QEMU disk image utility (qemu-img) did not properly handle certain crafted image files. An attacker could possibly use this issue to cause qemu-img to consume excessive resources or access an unintended external file, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2024-4467) Cyrille Chatras discovered that the LSI53C895A SCSI Host Bus Adapter emulation in QEMU contained a use-after-free. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-6519) It was discovered that the NBD server in QEMU contained an improper synchronization issue during socket closure. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2024-7409) It was discovered that the USB emulation in QEMU contained a reachable assertion. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2024-8354) It was discovered that QEMU incorrectly handled resources during the VNC WebSocket handshake, leading to a use-after-free. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-11234) It was discovered that QEMU could be made to read out of bounds when reading VMDK images. An attacker could possibly use this issue to expose sensitive information or cause QEMU to crash, resulting in a denial of service. (CVE-2026-2243) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS qemu 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-block-extra 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-guest-agent 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-kvm 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-arm 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-common 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-data 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-gui 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-mips 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-misc 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-ppc 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-s390x 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-sparc 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-x86 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-x86-microvm 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-system-x86-xen 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-user 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-user-binfmt 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-user-static 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro qemu-utils 1:4.2-3ubuntu6.30+esm3 Available with Ubuntu Pro After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8412-3 https://ubuntu.com/security/notices/USN-8412-2 https://ubuntu.com/security/notices/USN-8412-1 https://launchpad.net/bugs/2158180 . Fix for QEMU regression affecting Ubuntu 20.04 LTS with potential denial of service is detailed within this advisory.. QEMU regression exploit,directory denial of service,image handling error,Ubuntu 20.04 security. . Severity: Medium.LinuxSecurity.com Team

Calendar%202 Jun 29, 2026 Medium Ubuntu
172

Ubuntu 20.04 LTS rsync Significant Denial Of Service Resolutions USN-8349-3

USN-8349-1 introduced regressions in rsync.. ========================================================================== Ubuntu Security Notice USN-8349-3 June 16, 2026 rsync regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: USN-8349-1 introduced regressions in rsync. Software Description: - rsync: fast, versatile, remote (and local) file-copying tool Details: USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. (CVE-2025-10158) Batuhan Sancak, Damien Neil, and Michael Stapelberg discovered that rsync daemons configured without chroot protection were exposed to a race condition on parent path components. A local attacker with write access to a module could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-29518) It was discovered that rsync did not properly validate a length value while sorting extended attributes. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-41035) It was discovered that rsync performed reverse-DNS lookups after chrooting in some daemon configurations. A remote attacker could possibly use this issue to bypass hostname-based access controls and access network services. (CVE-2026-43617) Omar Elsayed discovered that rsync did not properly check for integer overflows while decoding compressed tokens. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-43618) Andrew Tridgell discovered that rsync did not fully fix a symlink race condition in path-based system calls for daemons configured without chroot protection. A local attacker could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-43619) Pratham Gupta discovered that rsync did not properly validate an index while processing file lists. A remote attacker could possibly use this issue to cause rsync to crash, resulting in a denial of service. (CVE-2026-43620) Michal Ruprich discovered that rsync contained an off-by-one error while handling HTTP proxy responses. An attacker able to intercept network communications or a malicious proxy server could possibly use this issue to cause a denial of service. (CVE-2026-45232) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS rsync 3.1.3-8ubuntu0.9+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS rsync 3.1.2-2.1ubuntu1.6+esm4 Available with Ubuntu Pro Ubuntu 16.04 LTS rsync 3.1.1-3ubuntu1.3+esm6 Available with Ubuntu Pro Ubuntu 14.04 LTS rsync 3.1.0-2ubuntu0.4+esm4 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. After a standard system update you need to restart rsync daemons to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8349-3 https://ubuntu.com/security/notices/USN-8349-2 https://ubuntu.com/security/notices/USN-8349-1 https://launchpad.net/bugs/2155874 . Critical updates with fixes for rsync regressions in Ubuntu 20.04 to 14.04 LTS addressing security issues.. rsync updates, Ubuntu security, rsync patch, system updates, security issues. . Severity: Important.LinuxSecurity.com Team

Calendar%202 Jun 16, 2026 Important Ubuntu
172

Ubuntu 26.04 LTS CUPS At High Regression Risk with USN-8405-2 Update

USN-8405-1 introduced a regression in CUPS. ========================================================================== Ubuntu Security Notice USN-8405-2 June 15, 2026 cups regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: USN-8405-1 introduced a regression in CUPS Software Description: - cups: Common UNIX Printing System(tm) Details: USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a regression that cause CUPS to crash when parsing certain large printer PPD files. This update fixes the problem. Original advisory details: Ariel Silver discovered that CUPS incorrectly handled username comparisons during authorization checks. A local attacker could possibly use this issue to gain unauthorized access to restricted operations. (CVE-2026-27447) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled notify-recipient-uri values in the RSS notifier. A remote attacker could possibly use this issue to overwrite lp-writable files and cause a denial of service. (CVE-2026-34978) Jacob Newman discovered that CUPS incorrectly handled filter option strings when processing job attributes. An attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-34979) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled page-border values in shared PostScript queues. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-34980) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled localhost authentication to attacker-controlled IPP services. A local attacker could possibly use this issue to overwrite arbitrary files and execute arbitrary code. (CVE-2026-34990) Tomer Fichman discovered that CUPS incorrectly handled negative job-password-supported values. A localattacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. (CVE-2026-39314) Tomer Fichman discovered that CUPS incorrectly handled temporary printer deletion. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or to execute arbitrary code. (CVE-2026-39316) Tomer Fichman discovered that CUPS incorrectly handled certain malformed SNMP responses. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-41079) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS cups 2.4.16-1ubuntu1.3 cups-daemon 2.4.16-1ubuntu1.3 Ubuntu 25.10 cups 2.4.12-0ubuntu3.10 cups-daemon 2.4.12-0ubuntu3.10 Ubuntu 24.04 LTS cups 2.4.7-1.2ubuntu7.14 cups-daemon 2.4.7-1.2ubuntu7.14 Ubuntu 22.04 LTS cups 2.4.1op1-1ubuntu4.21 cups-daemon 2.4.1op1-1ubuntu4.21 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8405-2 https://ubuntu.com/security/notices/USN-8405-1 https://launchpad.net/bugs/2156339 Package Information: https://launchpad.net/ubuntu/+source/cups/2.4.16-1ubuntu1.3 https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu3.10 https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.14 https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.21 . ========================================================================== Ubuntu Security Notice US. usn-8405-1, introduced, regression, =========================================================. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 15, 2026 Important Ubuntu
172

Ubuntu 22.04 LTS Exim4 Moderate Regression CVE-2023-42117

USN-6455-1 introduced a regression in Exim. ========================================================================== Ubuntu Security Notice USN-6455-2 June 10, 2026 exim4 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: USN-6455-1 introduced a regression in Exim Software Description: - exim4: Exim is a mail transport agent Details: USN-6455-1 fixed vulnerabilities in Exim. The fix for CVE-2023-42117 introduced a regression on Ubuntu 22.04 LTS that resulted in certain connections logging a Taint mismatch error. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to memory corruption. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2023-42117) It was discovered that Exim incorrectly handled validation of user-supplied data, which could lead to an out-of-bounds read. An attacker could possibly use this issue to expose sensitive information. (CVE-2023-42119) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS exim4 4.95-4ubuntu2.10 exim4-daemon-heavy 4.95-4ubuntu2.10 exim4-daemon-light 4.95-4ubuntu2.10 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6455-2 https://ubuntu.com/security/notices/USN-6455-1 https://launchpad.net/bugs/2152830 Package Information: https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.10 . Exim on Ubuntu 22.04 LTS had a regression after security fix USN-6455-1, affecting stability when handling user data.. Ubuntu Security, Exim4 Malware, Memory Corruption Fix, Remote Attack Vulnerability, Exim Regression Update. . Severity: Important.LinuxSecurity.com Team

Calendar%202 Jun 10, 2026 Important Ubuntu
172

Ubuntu 26.04 LTS Nginx Critical Denial Of Service Regression Vuln 8398-2

USN-8398-1 introduced a regression in nginx. ========================================================================== Ubuntu Security Notice USN-8398-2 June 09, 2026 nginx regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: USN-8398-1 introduced a regression in nginx Software Description: - nginx: small, powerful, scalable web/proxy server Details: USN-8398-1 fixed a vulnerability in nginx. The update introduced a regression causing nginx to crash when being used with external modules. This update reverts the fix for CVE-2026-49975 pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nginx to consume excessive resources, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS nginx 1.28.3-2ubuntu1.4 nginx-core 1.28.3-2ubuntu1.4 nginx-extras 1.28.3-2ubuntu1.4 nginx-full 1.28.3-2ubuntu1.4 nginx-light 1.28.3-2ubuntu1.4 Ubuntu 25.10 nginx 1.28.0-6ubuntu1.6 nginx-core 1.28.0-6ubuntu1.6 nginx-extras 1.28.0-6ubuntu1.6 nginx-full 1.28.0-6ubuntu1.6 nginx-light 1.28.0-6ubuntu1.6 Ubuntu 24.04 LTS nginx 1.24.0-2ubuntu7.11 nginx-core 1.24.0-2ubuntu7.11 nginx-extras 1.24.0-2ubuntu7.11 nginx-full 1.24.0-2ubuntu7.11 nginx-light 1.24.0-2ubuntu7.11 Ubuntu 22.04 LTS nginx 1.18.0-6ubuntu14.14 nginx-core 1.18.0-6ubuntu14.14 nginx-extras 1.18.0-6ubuntu14.14 nginx-full 1.18.0-6ubuntu14.14 nginx-light 1.18.0-6ubuntu14.14 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8398-2 https://ubuntu.com/security/notices/USN-8398-1 https://launchpad.net/bugs/2155992 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.28.3-2ubuntu1.4 https://launchpad.net/ubuntu/+source/nginx/1.28.0-6ubuntu1.6 https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.11 https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.14 . An nginx regression in Ubuntu affects multiple LTS versions, follow update instructions to resolve denial of service issues.. nginx update instructions, ubuntu security advisory, denial of service regression. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Jun 09, 2026 Critical Ubuntu
172

Ubuntu 26.04 LTS Nginx Important Denial of Service Regression USN-8398-2

USN-8398-1 introduced a regression in nginx. ========================================================================== Ubuntu Security Notice USN-8398-2 June 09, 2026 nginx regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: USN-8398-1 introduced a regression in nginx Software Description: - nginx: small, powerful, scalable web/proxy server Details: USN-8398-1 fixed a vulnerability in nginx. The update introduced a regression causing nginx to crash when being used with external modules. This update reverts the fix for CVE-2026-49975 pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nginx to consume excessive resources, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS nginx 1.28.3-2ubuntu1.4 nginx-core 1.28.3-2ubuntu1.4 nginx-extras 1.28.3-2ubuntu1.4 nginx-full 1.28.3-2ubuntu1.4 nginx-light 1.28.3-2ubuntu1.4 Ubuntu 25.10 nginx 1.28.0-6ubuntu1.6 nginx-core 1.28.0-6ubuntu1.6 nginx-extras 1.28.0-6ubuntu1.6 nginx-full 1.28.0-6ubuntu1.6 nginx-light 1.28.0-6ubuntu1.6 Ubuntu 24.04 LTS nginx 1.24.0-2ubuntu7.11 nginx-core 1.24.0-2ubuntu7.11 nginx-extras 1.24.0-2ubuntu7.11 nginx-full 1.24.0-2ubuntu7.11 nginx-light 1.24.0-2ubuntu7.11 Ubuntu 22.04 LTS nginx 1.18.0-6ubuntu14.14 nginx-core 1.18.0-6ubuntu14.14 nginx-extras 1.18.0-6ubuntu14.14 nginx-full 1.18.0-6ubuntu14.14 nginx-light 1.18.0-6ubuntu14.14 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8398-2 https://ubuntu.com/security/notices/USN-8398-1 https://launchpad.net/bugs/2155992 Package Information: https://launchpad.net/ubuntu/+source/nginx/1.28.3-2ubuntu1.4 https://launchpad.net/ubuntu/+source/nginx/1.28.0-6ubuntu1.6 https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.11 https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.14 . A regression update for nginx in Ubuntu introduces issues after previous fixes, affecting service continuity and performance.. Ubuntu Nginx security issue, Nginx denials service Ubuntu, Ubuntu nginx update. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Jun 09, 2026 Important Ubuntu
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200