[USN-8314-1] Ayttm vulnerabilities
[USN-8313-1] XML-RPC for C and C++ vulnerabilities
[USN-8311-1] Dnsmasq vulnerability
[USN-8321-1] Papers vulnerability
[USN-8319-1] Libgcrypt vulnerabilities
[USN-8320-1] Memcached vulnerabilities
[USN-8317-1] GStreamer Good Plugins vulnerabilities
[USN-8318-1] libcaca vulnerability
[USN-8315-1] MediaWiki vulnerabilities
[USN-8322-1] Apache Commons BeanUtils vulnerability
[USN-8326-1] Foomuuri vulnerabilities
[USN-8325-1] tgt vulnerability
[USN-8324-1] Apache Tika vulnerabilities
[USN-8323-1] Postorius vulnerability
[USN-8314-1] Ayttm vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8314-1
May 27, 2026
ayttm vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Ayttm.
Software Description:
- ayttm: Universal Instant Messaging Client
Details:
It was discovered that Expat, vendored in Ayttm, incorrectly handled
certain files. An attacker could possibly use this issue to cause a crash
or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
ayttm 0.6.3-3ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8314-1
CVE-2022-25235, CVE-2022-25236
[USN-8313-1] XML-RPC for C and C++ vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8313-1
May 27, 2026
xmlrpc-c vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in XML-RPC for C and C++.
Software Description:
- xmlrpc-c: Lightweight RPC library based on XML and HTTP
Details:
It was discovered that Expat, vendored in XML-RPC, incorrectly handled
certain files. An attacker could possibly use this issue to cause a crash
or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libxmlrpc-c++8t64 1.33.14-12ubuntu0.1~esm1
Available with Ubuntu Pro
libxmlrpc-core-c3t64 1.33.14-12ubuntu0.1~esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.14-12ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libxmlrpc-c++8v5 1.33.14-10ubuntu0.1~esm1
Available with Ubuntu Pro
libxmlrpc-core-c3 1.33.14-10ubuntu0.1~esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.14-10ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libxmlrpc-c++8v5 1.33.14-8ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
libxmlrpc-core-c3 1.33.14-8ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.14-8ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libxmlrpc-c++8v5 1.33.14-8ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
libxmlrpc-core-c3 1.33.14-8ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.14-8ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libxmlrpc-c++8v5 1.33.14-1ubuntu1+esm1
Available with Ubuntu Pro
libxmlrpc-core-c3 1.33.14-1ubuntu1+esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.14-1ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libxmlrpc-c++8 1.33.06-0ubuntu1+esm1
Available with Ubuntu Pro
libxmlrpc-core-c3 1.33.06-0ubuntu1+esm1
Available with Ubuntu Pro
xmlrpc-api-utils 1.33.06-0ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8313-1
CVE-2022-25235, CVE-2022-25236
[USN-8311-1] Dnsmasq vulnerability
==========================================================================
Ubuntu Security Notice USN-8311-1
May 26, 2026
dnsmasq vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
Dnsmasq could be made to crash if it received specially crafted
input.
Software Description:
- dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
Petr Menšík discovered that Dnsmasq incorrectly handled certain
input in the dhcp_release utility. A local attacker could possibly
use this issue to cause Dnsmasq to crash, resulting in a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
dnsmasq-utils 2.68-1ubuntu0.2+esm6
Available with Ubuntu Pro
In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-8311-1
CVE-2020-37127
[USN-8321-1] Papers vulnerability
==========================================================================
Ubuntu Security Notice USN-8321-1
May 27, 2026
papers vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
Summary:
Papers could be made to run programs as your login if it opened a
specially crafted PDF file.
Software Description:
- papers: PDF document viewer for GNOME
Details:
It was discovered that Papers incorrectly handled PDF /GoToR actions. If a
user were tricked into opening a specially crafted PDF file, an attacker
could use this issue to manipulate command lines and possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
papers 50.1-0ubuntu1.1
Ubuntu 25.10
papers 48.0-1ubuntu1.25.10.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8321-1
CVE-2026-46529
Package Information:
https://launchpad.net/ubuntu/+source/papers/50.1-0ubuntu1.1
https://launchpad.net/ubuntu/+source/papers/48.0-1ubuntu1.25.10.4
[USN-8319-1] Libgcrypt vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8319-1
May 27, 2026
libgcrypt20 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Libgcrypt.
Software Description:
- libgcrypt20: LGPL Crypto library
Details:
It was discovered that Libgcrypt incorrectly handled crafted ECDH
ciphertext. An attacker could possibly use this issue to cause Libgcrypt to
crash, resulting in a denial of service. (CVE-2026-41989)
It was discovered that Libgcrypt incorrectly handled Dilithium signing. An
attacker could possibly use this issue to cause Libgcrypt to crash,
resulting in a denial of service. This issue only affected Ubuntu 26.04
LTS. (CVE-2026-41990)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
libgcrypt20 1.12.0-2ubuntu0.1
Ubuntu 25.10
libgcrypt20 1.11.0-7ubuntu0.1
Ubuntu 24.04 LTS
libgcrypt20 1.10.3-2ubuntu0.1
Ubuntu 22.04 LTS
libgcrypt20 1.9.4-3ubuntu3.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8319-1
CVE-2026-41989, CVE-2026-41990
Package Information:
https://launchpad.net/ubuntu/+source/libgcrypt20/1.12.0-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libgcrypt20/1.11.0-7ubuntu0.1
https://launchpad.net/ubuntu/+source/libgcrypt20/1.10.3-2ubuntu0.1
https://launchpad.net/ubuntu/+source/libgcrypt20/1.9.4-3ubuntu3.2
[USN-8320-1] Memcached vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8320-1
May 27, 2026
memcached vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Memcached could be made to expose sensitive information over the network.
Software Description:
- memcached: High-performance in-memory object caching system
Details:
It was discovered that Memcached's SASL password database authentication
had a timing side channel when handling username and password data. A
remote attacker could possibly use this issue to obtain sensitive
information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
memcached 1.6.40-1ubuntu0.1
Ubuntu 25.10
memcached 1.6.38-1ubuntu0.1
Ubuntu 24.04 LTS
memcached 1.6.24-1ubuntu0.1
Ubuntu 22.04 LTS
memcached 1.6.14-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8320-1
CVE-2026-47783, CVE-2026-47784
Package Information:
https://launchpad.net/ubuntu/+source/memcached/1.6.40-1ubuntu0.1
https://launchpad.net/ubuntu/+source/memcached/1.6.38-1ubuntu0.1
https://launchpad.net/ubuntu/+source/memcached/1.6.24-1ubuntu0.1
https://launchpad.net/ubuntu/+source/memcached/1.6.14-1ubuntu0.2
[USN-8317-1] GStreamer Good Plugins vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8317-1
May 27, 2026
gst-plugins-good1.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in GStreamer Good Plugins.
Software Description:
- gst-plugins-good1.0: GStreamer plugins
Details:
It was discovered that GStreamer Good Plugins incorrectly handled certain
MP4 audio tracks. An attacker could possibly use this issue to cause
GStreamer Good Plugins to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
gstreamer1.0-plugins-good 1.26.5-1ubuntu2.3
libgstreamer-plugins-good1.0-0 1.26.5-1ubuntu2.3
Ubuntu 24.04 LTS
gstreamer1.0-plugins-good 1.24.2-1ubuntu1.4
libgstreamer-plugins-good1.0-0 1.24.2-1ubuntu1.4
Ubuntu 22.04 LTS
gstreamer1.0-plugins-good 1.20.3-0ubuntu1.6
libgstreamer-plugins-good1.0-0 1.20.3-0ubuntu1.6
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8317-1
CVE-2026-46469, CVE-2026-46470
Package Information:
https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.26.5-1ubuntu2.3
https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.24.2-1ubuntu1.4
https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.20.3-0ubuntu1.6
[USN-8318-1] libcaca vulnerability
==========================================================================
Ubuntu Security Notice USN-8318-1
May 27, 2026
libcaca vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
libcaca could be made to crash or run programs as your login if it
opened a specially crafted file.
Software Description:
- libcaca: text mode graphics utilities
Details:
It was discovered that libcaca incorrectly handled certain malformed files.
An attacker could use this issue to cause libcaca to crash, resulting in a
denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
caca-utils 0.99.beta20-6ubuntu2.1
libcaca0 0.99.beta20-6ubuntu2.1
Ubuntu 25.10
caca-utils 0.99.beta20-5ubuntu0.25.10.2
libcaca0 0.99.beta20-5ubuntu0.25.10.2
Ubuntu 24.04 LTS
caca-utils 0.99.beta20-4ubuntu0.2
libcaca0 0.99.beta20-4ubuntu0.2
Ubuntu 22.04 LTS
caca-utils 0.99.beta19-2.2ubuntu4.2
libcaca0 0.99.beta19-2.2ubuntu4.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8318-1
CVE-2026-42046
Package Information:
https://launchpad.net/ubuntu/+source/libcaca/0.99.beta20-6ubuntu2.1
https://launchpad.net/ubuntu/+source/libcaca/0.99.beta20-5ubuntu0.25.10.2
https://launchpad.net/ubuntu/+source/libcaca/0.99.beta20-4ubuntu0.2
https://launchpad.net/ubuntu/+source/libcaca/0.99.beta19-2.2ubuntu4.2
[USN-8315-1] MediaWiki vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8315-1
May 27, 2026
mediawiki vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
MediaWiki could be made to expose sensitive information over the
network.
Software Description:
- mediawiki: The collaborative editing software that runs Wikipedia.
Details:
It was discovered that MediaWiki incorrectly handled group membership
visibility in the OATHAuth extension. An authenticated attacker could
use this issue to determine if other users had two-factor authentication
enabled. (CVE-2026-34087)
It was discovered that MediaWiki incorrectly handled suppressed log entry
titles in the RecentChanges list. An unauthenticated attacker could use
this issue to view titles of deleted or suppressed pages that should be hidden.
(CVE-2026-34088)
It was discovered that MediaWiki incorrectly handled resource loading timing
information. An attacker could use this issue to determine if certain pages
existed on a wiki. (CVE-2026-34092)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
mediawiki 1:1.39.7-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
mediawiki 1:1.35.6-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
mediawiki 1:1.31.7-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8315-1
CVE-2026-34087, CVE-2026-34088, CVE-2026-34092
[USN-8322-1] Apache Commons BeanUtils vulnerability
==========================================================================
Ubuntu Security Notice USN-8322-1
May 27, 2026
commons-beanutils vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Apache Commons BeanUtils could be made to run programs if it received
specially crafted input.
Software Description:
- commons-beanutils: Apache Commons BeanUtils - Utility for manipulating Java beans
Details:
It was discovered that Apache Commons BeanUtils incorrectly allowed
access to the declaredClass property of Java enum objects when handling
externally supplied property paths. An attacker could possibly use this
issue to execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libcommons-beanutils-java 1.9.4-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libcommons-beanutils-java 1.9.4-1+deb11u1build0.22.04.1
Ubuntu 20.04 LTS
libcommons-beanutils-java 1.9.4-1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libcommons-beanutils-java 1.9.3-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libcommons-beanutils-java 1.9.2-3ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libcommons-beanutils-java 1.9.1-1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8322-1
CVE-2025-48734
Package Information:
https://launchpad.net/ubuntu/+source/commons-beanutils/1.9.4-1+deb11u1build0.22.04.1
[USN-8326-1] Foomuuri vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8326-1
May 27, 2026
foomuuri vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in Foomuuri.
Software Description:
- foomuuri: multizone bidirectional nftables firewall
Details:
Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly
enforce authorization. An unprivileged local attacker could possibly use
this issue to manipulate the firewall configuration, contrary to
expectations. (CVE-2025-67603)
Matthias Gerstner discovered that Foomuuri's D-Bus service did not properly
validate interface names. A local attacker could possibly use this issue to
manipulate the firewall configuration in unintended ways. (CVE-2025-67858)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
foomuuri 0.27-2+deb13u1build0.25.10.1
foomuuri-firewalld 0.27-2+deb13u1build0.25.10.1
Ubuntu 24.04 LTS
foomuuri 0.22-1ubuntu0.1~esm1
Available with Ubuntu Pro
foomuuri-firewalld 0.22-1ubuntu0.1~esm1
Available with Ubuntu Pro
After a standard system update you need to restart Foomuuri to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8326-1
CVE-2025-67603, CVE-2025-67858
Package Information:
https://launchpad.net/ubuntu/+source/foomuuri/0.27-2+deb13u1build0.25.10.1
[USN-8325-1] tgt vulnerability
==========================================================================
Ubuntu Security Notice USN-8325-1
May 27, 2026
tgt vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
tgt could be made to generate an identical sequence of challenges.
Software Description:
- tgt: Linux SCSI target user-space daemon
Details:
It was discovered that tgt incorrectly tried to achieve entropy by calling
rand without srand. An attacker could possibly use this issue to make tgt
generate an identical sequence of challenges, resulting in authentication
bypass.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
tgt 1:1.0.85-1.1ubuntu6+esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
tgt 1:1.0.80-1ubuntu2+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
tgt 1:1.0.72-1ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
tgt 1:1.0.63-1ubuntu1.1+esm1
Available with Ubuntu Pro
Ubuntu 14.04 LTS
tgt 1:1.0.43-0ubuntu4.1~14.04.3+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8325-1
CVE-2024-45751
[USN-8324-1] Apache Tika vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8324-1
May 27, 2026
tika vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Apache Tika.
Software Description:
- tika: A content analysis toolkit
Details:
It was discovered that Apache Tika incorrectly handled XML external
entities when parsing XFA content in PDF files. An attacker could possibly
use this issue to obtain sensitive information or send malicious requests
to internal resources or third-party servers.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libtika-java 1.22-2+deb11u1build0.22.04.1
Ubuntu 20.04 LTS
libtika-java 1.22-1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8324-1
CVE-2025-54988, CVE-2025-66516
Package Information:
https://launchpad.net/ubuntu/+source/tika/1.22-2+deb11u1build0.22.04.1
[USN-8323-1] Postorius vulnerability
==========================================================================
Ubuntu Security Notice USN-8323-1
May 27, 2026
postorius vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Postorius could be made to expose sensitive information over the network.
Software Description:
- postorius: Django based management interface for Mailman
Details:
It was discovered that Postorius did not properly escape HTML in message
subjects when rendering the Held messages pop-up. An attacker could
possibly use this issue to inject arbitrary HTML, resulting in exposure
of sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
python3-django-postorius 1.3.13-1ubuntu1.1~26.04.1
Ubuntu 25.10
python3-django-postorius 1.3.13-1ubuntu1.1~25.10.1
Ubuntu 24.04 LTS
python3-django-postorius 1.3.10-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
python3-django-postorius 1.3.5-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
python3-django-postorius 1.2.4-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
python-django-postorius 1.1.2-3ubuntu0.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8323-1
CVE-2026-44742
Package Information:
https://launchpad.net/ubuntu/+source/postorius/1.3.13-1ubuntu1.1~26.04.1
https://launchpad.net/ubuntu/+source/postorius/1.3.13-1ubuntu1.1~25.10.1
