Explore top 10 tips to secure your open-source projects now. Read More
×Several security issues were fixed in NTFS-3G.. ========================================================================== Ubuntu Security Notice USN-8554-1 July 16, 2026 ntfs-3g vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in NTFS-3G. Software Description: - ntfs-3g: read/write NTFS driver for FUSE Details: It was discovered that NTFS-3G had a heap buffer overflow when reading certain NTFS images. A local attacker could possibly use this issue to execute arbitrary code. (CVE-2026-42616) It was discovered that NTFS-3G had multiple heap buffer overflows when processing certain NTFS images. A local attacker could possibly use these issues to execute arbitrary code. (CVE-2026-42617, CVE-2026-42618, CVE-2026-46569, CVE-2026-46570, CVE-2026-46572, CVE-2026-56135) It was discovered that NTFS-3G had out-of-bounds reads when processing certain NTFS images. A local attacker could possibly use these issues to obtain sensitive information. (CVE-2026-46571, CVE-2026-56136) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libntfs-3g89t64 1:2022.10.3-5ubuntu1.1 ntfs-3g 1:2022.10.3-5ubuntu1.1 Ubuntu 24.04 LTS libntfs-3g89t64 1:2022.10.3-1.2ubuntu3.2 ntfs-3g 1:2022.10.3-1.2ubuntu3.2 Ubuntu 22.04 LTS libntfs-3g89 1:2021.8.22-3ubuntu1.4 ntfs-3g 1:2021.8.22-3ubuntu1.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8554-1 CVE-2026-42616, CVE-2026-42617, CVE-2026-42618, CVE-2026-46569, CVE-2026-46570, CVE-2026-46571, CVE-2026-46572, CVE-2026-56135, CVE-2026-56136 Package Information: https://launchpad.net/ubuntu/+source/ntfs-3g/1:2022.10.3-5ubuntu1.1 https://launchpad.net/ubuntu/+source/ntfs-3g/1:2022.10.3-1.2ubuntu3.2 https://launchpad.net/ubuntu/+source/ntfs-3g/1:2021.8.22-3ubuntu1.4 . Ensure your Ubuntu system is secure by addressing the critical issues in NTFS-3G with the latest updates.. NTFS-3G update, Ubuntu security, buffer overflow, code execution, system security. . Severity: Important. LinuxSecurity.com Team
Several security issues were fixed in libheif.. ========================================================================== Ubuntu Security Notice USN-8526-1 July 09, 2026 libheif vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 Summary: Several security issues were fixed in libheif. Software Description: - libheif: An ISO/IEC 23008-12:2017 HEIF and AVIF file format decoder and encoder Details: Xianrui Dong discovered that libheif had an out-of-bounds read in its HEIF sequence track parser. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-47254) Junyi Liu discovered that libheif had a null pointer dereference in its image tiling interface. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-47709) Calvin Young and Enoch Chow discovered that libheif had an integer overflow in its inline mask size calculation. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-47714) Ariel Koren discovered that libheif had an integer underflow in its grid image tile coordinate transform. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-48029) It was discovered that libheif had a missing bound check in its HEIF sequence parser, allowing unbounded heap allocation. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-50142) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS heif-gdk-pixbuf 1.21.2-3ubuntu0.3 heif-thumbnailer 1.21.2-3ubuntu0.3 heif-view 1.21.2-3ubuntu0.3 libheif-dev 1.21.2-3ubuntu0.3 libheif-examples 1.21.2-3ubuntu0.3 libheif-plugin-aomdec 1.21.2-3ubuntu0.3 libheif-plugin-aomenc 1.21.2-3ubuntu0.3 libheif-plugin-dav1d 1.21.2-3ubuntu0.3 libheif-plugin-ffmpegdec 1.21.2-3ubuntu0.3 libheif-plugin-j2kdec 1.21.2-3ubuntu0.3 libheif-plugin-j2kenc 1.21.2-3ubuntu0.3 libheif-plugin-jpegdec 1.21.2-3ubuntu0.3 libheif-plugin-jpegenc 1.21.2-3ubuntu0.3 libheif-plugin-kvazaar 1.21.2-3ubuntu0.3 libheif-plugin-libde265 1.21.2-3ubuntu0.3 libheif-plugin-rav1e 1.21.2-3ubuntu0.3 libheif-plugin-svtenc 1.21.2-3ubuntu0.3 libheif-plugin-x265 1.21.2-3ubuntu0.3 libheif-plugins-all 1.21.2-3ubuntu0.3 libheif1 1.21.2-3ubuntu0.3 Ubuntu 25.10 heif-gdk-pixbuf 1.20.2-1ubuntu0.6 heif-thumbnailer 1.20.2-1ubuntu0.6 heif-view 1.20.2-1ubuntu0.6 libheif-dev 1.20.2-1ubuntu0.6 libheif-examples 1.20.2-1ubuntu0.6 libheif-plugin-aomdec 1.20.2-1ubuntu0.6 libheif-plugin-aomenc 1.20.2-1ubuntu0.6 libheif-plugin-dav1d 1.20.2-1ubuntu0.6 libheif-plugin-ffmpegdec 1.20.2-1ubuntu0.6 libheif-plugin-j2kdec 1.20.2-1ubuntu0.6 libheif-plugin-j2kenc 1.20.2-1ubuntu0.6 libheif-plugin-jpegdec 1.20.2-1ubuntu0.6 libheif-plugin-jpegenc 1.20.2-1ubuntu0.6 libheif-plugin-kvazaar 1.20.2-1ubuntu0.6 libheif-plugin-libde265 1.20.2-1ubuntu0.6 libheif-plugin-rav1e 1.20.2-1ubuntu0.6 libheif-plugin-svtenc 1.20.2-1ubuntu0.6 libheif-plugin-x265 1.20.2-1ubuntu0.6 libheif-plugins-all 1.20.2-1ubuntu0.6 libheif1 1.20.2-1ubuntu0.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8526-1 CVE-2026-47254, CVE-2026-47709, CVE-2026-47714,CVE-2026-48029, CVE-2026-50142 Package Information: https://launchpad.net/ubuntu/+source/libheif/1.21.2-3ubuntu0.3 https://launchpad.net/ubuntu/+source/libheif/1.20.2-1ubuntu0.6 . Several security issues affecting libheif on Ubuntu 26.04 LTS and 25.10 have been addressed. Update recommended.. Ubuntu security update, libheif vulnerabilities, software security patch. . Severity: Important. LinuxSecurity.com Team
Several security issues were fixed in curl.. ========================================================================== Ubuntu Security Notice USN-8525-1 July 09, 2026 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in curl. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP redirects in conjunction with .netrc files. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2024-11053) Hiroki Kurosawa discovered that curl incorrectly handled OCSP stapling responses. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-8096) Joshua Rogers discovered that curl had a use-after-free vulnerability when resetting and cleaning up HTTP/2 stream handles. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2026-10536) Quac Tran and Ngoc Hieu discovered that curl incorrectly reused connections when switching authentication methods to the same host. An attacker could possibly use this issue to obtain sensitive information or perform unauthorized actions. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-5545) Osama Hamad discovered that curl incorrectly reused SMB connections when the target share differed between transfers. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu20.04 LTS. (CVE-2026-5773) Muhamad Arga Reksapati discovered that curl incorrectly forwarded Digest proxy authentication credentials to a different proxy host. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2026-7168) It was discovered that curl incorrectly skipped SSH host verification options when using schemeless URLs with --proto-default. An attacker could possibly use this issue to perform machine-in-the-middle attacks. This issue only affected Ubuntu 25.04 and Ubuntu 25.10. (CVE-2026-12064) It was discovered that curl did not enforce an upper bound on memory allocated for unacknowledged WebSocket PING frames. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-11586) It was discovered that curl could stall indefinitely when a malicious HTTP/3 server sent a continuous stream of empty UDP datagrams. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-11352) It was discovered that curl could incorrectly continue trusting a native platform CA store after an application switched the handle to use custom CA material. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 25.10. (CVE-2026-11564) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS curl 8.18.0-1ubuntu2.3 libcurl3t64-gnutls 8.18.0-1ubuntu2.3 libcurl4-gnutls-dev 8.18.0-1ubuntu2.3 libcurl4-openssl-dev 8.18.0-1ubuntu2.3 libcurl4t64 8.18.0-1ubuntu2.3 Ubuntu 25.10 curl 8.14.1-2ubuntu1.5 libcurl3t64-gnutls 8.14.1-2ubuntu1.5 libcurl4-gnutls-dev 8.14.1-2ubuntu1.5 libcurl4-openssl-dev 8.14.1-2ubuntu1.5 libcurl4t64 8.14.1-2ubuntu1.5 Ubuntu 24.04 LTS curl 8.5.0-2ubuntu10.11 libcurl3t64-gnutls 8.5.0-2ubuntu10.11 libcurl4-gnutls-dev 8.5.0-2ubuntu10.11 libcurl4-openssl-dev 8.5.0-2ubuntu10.11 libcurl4t64 8.5.0-2ubuntu10.11 Ubuntu 20.04 LTS curl 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl3-gnutls 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl3-nss 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4-gnutls-dev 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4-nss-dev 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro libcurl4-openssl-dev 7.68.0-1ubuntu2.25+esm5 Available with Ubuntu Pro Ubuntu 18.04 LTS curl 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl3-gnutls 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl3-nss 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4-gnutls-dev 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4-nss-dev 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro libcurl4-openssl-dev 7.58.0-2ubuntu3.24+esm10 Available with Ubuntu Pro Ubuntu 16.04 LTS curl 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl3 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl3-gnutls 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl3-nss 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl4-gnutls-dev 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl4-nss-dev 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro libcurl4-openssl-dev 7.47.0-1ubuntu2.19+esm17 Available with Ubuntu Pro Ubuntu 14.04 LTS curl 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl3 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl3-gnutls 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl3-nss 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl4-gnutls-dev 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl4-nss-dev 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro libcurl4-openssl-dev 7.35.0-1ubuntu2.20+esm21 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8525-1 CVE-2024-11053, CVE-2024-8096, CVE-2026-10536, CVE-2026-11352, CVE-2026-11564, CVE-2026-11586, CVE-2026-12064, CVE-2026-5545, CVE-2026-5773, CVE-2026-7168 Package Information: https://launchpad.net/ubuntu/+source/curl/8.18.0-1ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/8.14.1-2ubuntu1.5 https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.11 . Multiple security issues resolved in curl for various Ubuntu versions addressing sensitive information exposure and denial of service.. Ubuntu Security, curl Update, HTTP Client Issues, Open Source Vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Multiple security vulnerabilities have been discovered in Tomcat 11, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6329-1
Multiple security vulnerabilities have been discovered in Tomcat 10, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6328-1
Multiple security vulnerabilities have been discovered in Tomcat 10, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. Although we are not aware of any problems, new upstream versions may introduce new options, limits or code changes which may or may not affect your existing. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6328-1
Multiple security vulnerabilities have been discovered in Tomcat 9, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. In order to address certain vulnerabilities and restore the compatibility with Tomcat 9, an upgrade of the Tomcat native library, libtcnative-1, was required. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4619-1
Multiple security vulnerabilities have been discovered in Tomcat 9, a Java based web server, servlet and JSP engine which may result in a denial of service, authentication bypass or the disclosure of sensitive information. In order to address certain vulnerabilities and restore the compatibility with Tomcat 9, an upgrade of the Tomcat native library, libtcnative-1, was required. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4619-1
Get the latest Linux and open source security news straight to your inbox.