https://ubuntu.com/security/notices/rss.xmlRecent content on Ubuntu security notices2026 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.http://www.rssboard.org/rss-specificationFeedgenTue, 16 Jun 2026 15:15:03 +0000https://ubuntu.com/security/notices/USN-8432-1It was discovered that FreeRDP incorrectly handled memory under certain circumstances, which could lead to an out-of-bounds heap write. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-45700) In addition, this update fixes a regression introduced in USN-8105-1. The update introduces a complete fix for CVE-2026-22858, CVE-2026-23732 and CVE-2026-25952 in Ubuntu 24.04 LTS and Ubuntu 25.10.https://ubuntu.com/security/notices/USN-8432-1Tue, 16 Jun 2026 08:41:44 +0000https://ubuntu.com/security/notices/USN-8349-3USN-8349-1 fixed vulnerabilities in rsync. Unfortunately that update introduced multiple regressions in rsync functionality. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote attacker with read access to an rsync server could possibly use this issue to cause a denial of service. (CVE-2025-10158) Batuhan Sancak, Damien Neil, and Michael Stapelberg discovered that rsync daemons configured without chroot protection were exposed to a race condition on parent path components. A local attacker with write access to a module could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-29518) It was discovered that rsync did not properly validate a length value while sorting extended attributes. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-41035) It was discovered that rsync performed reverse-DNS lookups after chrooting in some daemon configurations. A remote attacker could possibly use this issue to bypass hostname-based access controls and access network services. (CVE-2026-43617) Omar Elsayed discovered that rsync did not properly check for integer overflows while decoding compressed tokens. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-43618) Andrew Tridgell discovered that rsync did not fully fix a symlink race condition in path-based system calls for daemons configured without chroot protection. A local attacker could possibly use this issue to overwrite files, obtain sensitive information, or escalate privileges. (CVE-2026-43619) Pratham Gupta discovered that rsync did not properly validate an index while processing file lists. A remote attacker could possibly use this issue to cause rsync to crash, resulting in a denial of service. (CVE-2026-43620) Michal Ruprich discovered that rsync contained an off-by-one error while handling HTTP proxy responses. An attacker able to intercept network communications or a malicious proxy server could possibly use this issue to cause a denial of service. (CVE-2026-45232)https://ubuntu.com/security/notices/USN-8349-3Tue, 16 Jun 2026 07:31:50 +0000https://ubuntu.com/security/notices/USN-8431-1It was discovered that Ruby's Net::IMAP library did not properly verify that Transport Layer Security (TLS) encryption was started after issuing a STARTTLS command. A remote attacker could possibly use this issue to perform a machine-in-the-middle attack and silently bypass TLS encryption. (CVE-2026-42246) It was also discovered that Ruby's Net::IMAP library did not validate string arguments passed to certain commands. A remote attacker could possibly use this issue to inject arbitrary IMAP commands. (CVE-2026-42257)https://ubuntu.com/security/notices/USN-8431-1Mon, 15 Jun 2026 17:24:17 +0000https://ubuntu.com/security/notices/USN-8430-1It was discovered that ADSys did not properly handle certain HTTP/2 frames. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-27141) It was discovered that ADSys did not properly handle certain HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2026-33814)https://ubuntu.com/security/notices/USN-8430-1Mon, 15 Jun 2026 16:19:26 +0000https://ubuntu.com/security/notices/USN-8428-1It was discovered that tmux incorrectly handled image cleanup, leading to a use-after-free vulnerability. A local attacker could possibly use this issue to cause tmux to crash, resulting in a denial of service.https://ubuntu.com/security/notices/USN-8428-1Mon, 15 Jun 2026 13:03:51 +0000https://ubuntu.com/security/notices/USN-8398-3USN-8398-1 fixed a vulnerability in nginx. The update caused a regression and was temporarily reverted in USN-8398-2. This update introduces a complete fix for CVE-2026-49975. We apologize for the inconvenience. Original advisory details: It was discovered that nginx incorrectly handled certain cookie headers in the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nginx to consume excessive resources, resulting in a denial of service.https://ubuntu.com/security/notices/USN-8398-3Mon, 15 Jun 2026 12:44:22 +0000https://ubuntu.com/security/notices/USN-8405-2USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a regression that cause CUPS to crash when parsing certain large printer PPD files. This update fixes the problem. Original advisory details: Ariel Silver discovered that CUPS incorrectly handled username comparisons during authorization checks. A local attacker could possibly use this issue to gain unauthorized access to restricted operations. (CVE-2026-27447) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled notify-recipient-uri values in the RSS notifier. A remote attacker could possibly use this issue to overwrite lp-writable files and cause a denial of service. (CVE-2026-34978) Jacob Newman discovered that CUPS incorrectly handled filter option strings when processing job attributes. An attacker could use this issue to cause CUPS to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-34979) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled page-border values in shared PostScript queues. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-34980) Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled localhost authentication to attacker-controlled IPP services. A local attacker could possibly use this issue to overwrite arbitrary files and execute arbitrary code. (CVE-2026-34990) Tomer Fichman discovered that CUPS incorrectly handled negative job-password-supported values. A local attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. (CVE-2026-39314) Tomer Fichman discovered that CUPS incorrectly handled temporary printer deletion. An attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service, or to execute arbitrary code. (CVE-2026-39316) Tomer Fichman discovered that CUPS incorrectly handled certain malformed SNMP responses. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-41079)https://ubuntu.com/security/notices/USN-8405-2Mon, 15 Jun 2026 12:12:13 +0000https://ubuntu.com/security/notices/USN-8427-1It was discovered that Mesa did not properly validate memory allocation sizes in WebGPU under certain circumstances. An attacker could use this issue to cause Mesa to crash, resulting in a denial of service, or possibly execute arbitrary code.https://ubuntu.com/security/notices/USN-8427-1Mon, 15 Jun 2026 12:01:35 +0000https://ubuntu.com/security/notices/USN-8426-1It was discovered that the Linux kernel algif_aead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-31431) It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Ethernet bonding driver; - SMB network file system; - Netfilter; - io_uring subsystem; - Packet sockets; - RDS protocol; - TLS protocol; (CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351, CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033, CVE-2026-43077, CVE-2026-43078, CVE-2026-43494, CVE-2026-46028) https://ubuntu.com/security/notices/USN-8426-1Thu, 11 Jun 2026 21:57:52 +0000https://ubuntu.com/security/notices/USN-8423-1It was discovered that lwIP contained a buffer overflow in the EAP authentication handling code. An attacker could possibly use this issue to trigger a buffer overflow, resulting in arbitrary code execution or a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-8597) It was discovered that lwIP incorrectly handled certain ICMPv6 or 6LoWPAN packets. An attacker could possibly use this issue to trigger a buffer overflow, resulting in information disclosure. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-22283, CVE-2020-22284) It was discovered that lwIP did not properly validate certain SNMPv3 authentication parameters. An attacker could possibly use this issue to trigger a stack-based buffer overflow, resulting in arbitrary code execution or a denial of service. (CVE-2026-8836)https://ubuntu.com/security/notices/USN-8423-1Thu, 11 Jun 2026 18:54:54 +0000