CPP-Httplib, ImageMagick, containerd, xrdp, and AMD Microcode updates for Ubuntu

Ubuntu 7131 Published by

Ubuntu released a series of security notices to address multiple critical flaws across several widely used software packages. The updates patch dangerous memory corruption issues in ImageMagick and containerd, fix HTTP header parsing errors in cpp-httplib and Apache MINA, and resolve authentication bypasses in xrdp and NSD. Additional notices cover cryptographic key prediction risks in node-pbkdf2 and side-channel data leakage vulnerabilities affecting AMD Zen processors.

[USN-8470-1] cpp-httplib vulnerability
[USN-8468-1] ImageMagick vulnerabilities
[USN-8474-1] NSD vulnerabilities
[USN-8452-1] pbkdf2 vulnerability
[USN-8472-1] containerd vulnerabilities
[USN-8465-1] Apache MINA vulnerabilities
[USN-8473-1] containerd-stable vulnerabilities
[USN-8471-1] containerd vulnerabilities
[USN-8476-1] xrdp vulnerabilities
[USN-8475-1] AMD Microcode vulnerabilities




[USN-8470-1] cpp-httplib vulnerability


==========================================================================
Ubuntu Security Notice USN-8470-1
June 25, 2026

cpp-httplib vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

cpp-httplib could mishandle HTTP requests if it received specially
crafted network traffic.

Software Description:
- cpp-httplib: A C++ header-only HTTP/HTTPS server and client library

Details:

It was discovered that cpp-httplib incorrectly percent-decoded HTTP
request header values. A remote attacker could use this to inject crafted
header content possibly leading to response splitting, log injection
or proxy smuggling.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
libcpp-httplib-dev 0.26.0+ds-2ubuntu3+esm1
Available with Ubuntu Pro
libcpp-httplib0.26 0.26.0+ds-2ubuntu3+esm1
Available with Ubuntu Pro

Ubuntu 25.10
libcpp-httplib-dev 0.18.7-1ubuntu0.25.10.2
libcpp-httplib0.18 0.18.7-1ubuntu0.25.10.2

Ubuntu 24.04 LTS
libcpp-httplib-dev 0.14.3+ds-1.1ubuntu0.1~esm2
Available with Ubuntu Pro
libcpp-httplib0.14t64 0.14.3+ds-1.1ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libcpp-httplib-dev 0.10.3+ds-1ubuntu0.1~esm2
Available with Ubuntu Pro
libcpp-httplib0 0.10.3+ds-1ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8470-1
CVE-2026-45372

Package Information:
https://launchpad.net/ubuntu/+source/cpp-httplib/0.18.7-1ubuntu0.25.10.2



[USN-8468-1] ImageMagick vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8468-1
June 24, 2026

imagemagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain images
when using the wavelet-denoise operator. An attacker could possibly use
this issue to trigger a heap buffer over-read, resulting in information
disclosure. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2026-27798)

It was discovered that ImageMagick incorrectly handled certain DJVU
images. An attacker could possibly use this issue to trigger a heap
buffer over-read, resulting in information disclosure. (CVE-2026-27799)

It was discovered that ImageMagick incorrectly handled certain MNG
images. An attacker could possibly use this issue to trigger a stack
buffer overflow, resulting in arbitrary code execution. (CVE-2026-28690)

It was discovered that ImageMagick incorrectly handled certain JBIG
images. An attacker could possibly use this issue to trigger a pointer
dereference error, resulting in a denial of service. (CVE-2026-28691)

It was discovered that ImageMagick incorrectly handled certain MAT
images. An attacker could possibly use this issue to trigger a heap
buffer over-read, resulting in information disclosure. (CVE-2026-28692)

It was discovered that ImageMagick incorrectly handled certain DIB
images. An attacker could possibly use this issue to trigger an integer
overflow, resulting in arbitrary code execution. (CVE-2026-28693)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
imagemagick-6.q16 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libimage-magick-perl 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libimage-magick-q16-perl 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libimage-magick-q16hdri-perl 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagick++-6-headers 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagick++-6.q16-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagick++-6.q16-dev 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagick++-6.q16hdri-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagick++-6.q16hdri-dev 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagick++-dev 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickcore-6-arch-config 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickcore-6-headers 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickcore-6.q16-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickcore-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickcore-6.q16-dev 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-dev 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickcore-dev 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickwand-6-headers 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickwand-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickwand-6.q16-dev 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickwand-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickwand-6.q16hdri-dev 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
libmagickwand-dev 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro
perlmagick 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm10
Available with Ubuntu Pro

Ubuntu 22.04 LTS
imagemagick-6-common 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
imagemagick-common 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libimage-magick-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libimage-magick-q16-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libimage-magick-q16hdri-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagick++-6-headers 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagick++-6.q16-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagick++-6.q16hdri-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagick++-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickcore-6-arch-config 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickcore-6-headers 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickcore-6.q16-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickcore-6.q16hdri-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickcore-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickwand-6-headers 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickwand-6.q16-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickwand-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickwand-6.q16hdri-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
libmagickwand-dev 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro
perlmagick 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm11
Available with Ubuntu Pro

Ubuntu 20.04 LTS
imagemagick-6-common 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
imagemagick-common 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libimage-magick-perl 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libimage-magick-q16-perl 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libimage-magick-q16hdri-perl 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagick++-6-headers 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagick++-6.q16-dev 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagick++-6.q16hdri-dev 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagick++-dev 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickcore-6-arch-config 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickcore-6-headers 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickcore-6.q16-dev 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickcore-6.q16hdri-dev 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickcore-dev 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickwand-6-headers 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickwand-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickwand-6.q16-dev 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickwand-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickwand-6.q16hdri-dev 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
libmagickwand-dev 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro
perlmagick 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm11
Available with Ubuntu Pro

Ubuntu 18.04 LTS
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libimage-magick-perl 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libimage-magick-q16-perl 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libimage-magick-q16hdri-perl 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagick++-6-headers 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagick++-6.q16-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagick++-6.q16hdri-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagick++-6.q16hdri-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagick++-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickcore-6.q16-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickcore-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickcore-6.q16hdri-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickcore-6.q16hdri-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickcore-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickwand-6-headers 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickwand-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickwand-6.q16-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickwand-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickwand-6.q16hdri-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
libmagickwand-dev 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro
perlmagick 8:6.9.7.4+dfsg-16ubuntu6.15+esm13
Available with Ubuntu Pro

Ubuntu 16.04 LTS
imagemagick 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
imagemagick-common 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libimage-magick-perl 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libimage-magick-q16-perl 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libmagick++-6-headers 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libmagick++-6.q16-dev 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libmagickcore-6-arch-config 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libmagickcore-6-headers 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libmagickcore-6.q16-dev 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libmagickwand-6-headers 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
libmagickwand-6.q16-dev 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro
perlmagick 8:6.8.9.9-7ubuntu5.16+esm21
Available with Ubuntu Pro

Ubuntu 14.04 LTS
imagemagick 8:6.7.7.10-6ubuntu3.13+esm22
Available with Ubuntu Pro
imagemagick-common 8:6.7.7.10-6ubuntu3.13+esm22
Available with Ubuntu Pro
libmagick++-dev 8:6.7.7.10-6ubuntu3.13+esm22
Available with Ubuntu Pro
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm22
Available with Ubuntu Pro
libmagickcore-dev 8:6.7.7.10-6ubuntu3.13+esm22
Available with Ubuntu Pro
libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm22
Available with Ubuntu Pro
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm22
Available with Ubuntu Pro
libmagickwand-dev 8:6.7.7.10-6ubuntu3.13+esm22
Available with Ubuntu Pro
libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm22
Available with Ubuntu Pro
perlmagick 8:6.7.7.10-6ubuntu3.13+esm22
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8468-1
CVE-2026-27798, CVE-2026-27799, CVE-2026-28690, CVE-2026-28691,
CVE-2026-28692, CVE-2026-28693



[USN-8474-1] NSD vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8474-1
June 25, 2026

NSD vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

NSD could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- nsd: Several security issues were fixed in NSD, including a stack-based buffer overflow in APL resource record handling, a heap overflow in SVCB resource record handling, a use-after-free in TLS connection error logging, and a TLS authentication bypass for zone transfers.

Details:

It was discovered that NSD incorrectly handled APL resource records with an
address length larger than permitted for the address family. A remote attacker
could use this to cause a stack-based buffer overflow when the zone is written
to disk, potentially executing arbitrary code with the privileges of the NSD
server. (CVE-2026-12246)

It was discovered that NSD incorrectly handled SVCB resource records. A remote
attacker could use this to cause a heap overflow, potentially executing
arbitrary code with the privileges of the NSD server. This issue only affected
Ubuntu 26.04 LTS. (CVE-2026-12244)

It was discovered that NSD had a use-after-free vulnerability in TLS
connection error logging. A remote attacker could use this to cause a denial
of service by crashing the server process. This issue only affected Ubuntu
26.04 LTS. (CVE-2026-12245)

It was discovered that NSD incorrectly handled TLS authentication for zone
transfers. An attacker could bypass transfer security restrictions when
certain conditions were met. This issue only affected Ubuntu 26.04 LTS.
(CVE-2026-12490)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
nsd 4.14.0-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 24.04 LTS
nsd 4.8.0-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
nsd 4.3.9-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
nsd 4.1.26-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
nsd 4.1.17-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
nsd 4.1.7-1ubuntu0.1~esm1
Available with Ubuntu Pro
nsd3 4.1.7-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8474-1
CVE-2026-12244, CVE-2026-12245, CVE-2026-12246, CVE-2026-12490



[USN-8452-1] pbkdf2 vulnerability


==========================================================================
Ubuntu Security Notice USN-8452-1
June 18, 2026

node-pbkdf2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

pbkdf2 could be made to generate predictable cryptographic keys if it received specially crafted input.

Software Description:
- node-pbkdf2: PBKDF2 with any supported hashing algorithm in Node

Details:

Nikita Skovoroda discovered that pbkdf2 did not properly validate
certain algorithm names. An attacker could possibly use this issue to
generate predictable cryptographic keys, resulting in signature spoofing.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
node-pbkdf2 3.1.2-3ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
node-pbkdf2 3.1.2-2ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
node-pbkdf2 3.0.16-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
node-pbkdf2 3.0.14-2ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8452-1
CVE-2025-6545



[USN-8472-1] containerd vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8472-1
June 25, 2026

containerd-app vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in containerd.

Software Description:
- containerd-app: open and reliable container runtime

Details:

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS
frames. A remote attacker could possibly use this issue to cause containerd
to enter an infinite loop, resulting in a denial of service. (CVE-2026-33814)

Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly
handled group parsing when creating containers from images. An attacker
could possibly use this issue to cause containerd to consume excessive
memory, resulting in a denial of service. (CVE-2026-47262)

Henry Beberman and Robert Prast discovered that containerd incorrectly
validated image references when importing container checkpoints. An
attacker could possibly use this issue to poison the local image cache and
execute arbitrary code in other pods. This issue only affected Ubuntu
22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10 and Ubuntu 26.04 LTS.
(CVE-2026-50195)

Robert Prast discovered that containerd incorrectly propagated labels
from image configurations to containers. An attacker could possibly use
this issue to execute arbitrary code on the host. (CVE-2026-53488)

Yuming Zhang, Song Li, Sangwon Ryu, Henry Beberman, Robert Prast, Kyle
Elliott and Zhenchen Wang discovered that containerd incorrectly validated
symlinked paths when restoring container checkpoints. An attacker could
possibly use this issue to read arbitrary files on the host, resulting in
information disclosure. This issue only affected Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-53489)

Robert Prast discovered that containerd incorrectly trusted device
interface annotations when restoring container checkpoints. An attacker
could possibly use this issue to bypass resource allocation restrictions
and inject devices or host mounts into a container. This issue only
affected Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10 and Ubuntu
26.04 LTS. (CVE-2026-53492)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
containerd 2.2.2-0ubuntu1.1

Ubuntu 25.10
containerd 2.2.1-0ubuntu1~25.10.2

Ubuntu 24.04 LTS
containerd 2.2.1-0ubuntu1~24.04.3

Ubuntu 22.04 LTS
containerd 2.2.1-0ubuntu1~22.04.2

Ubuntu 20.04 LTS
containerd 1.7.24-0ubuntu1~20.04.2+esm2
Available with Ubuntu Pro

After a standard system update you need to restart containerd to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8472-1
CVE-2026-33814, CVE-2026-47262, CVE-2026-50195, CVE-2026-53488,
CVE-2026-53489, CVE-2026-53492

Package Information:
https://launchpad.net/ubuntu/+source/containerd-app/2.2.2-0ubuntu1.1
https://launchpad.net/ubuntu/+source/containerd-app/2.2.1-0ubuntu1~25.10.2
https://launchpad.net/ubuntu/+source/containerd-app/2.2.1-0ubuntu1~24.04.3
https://launchpad.net/ubuntu/+source/containerd-app/2.2.1-0ubuntu1~22.04.2



[USN-8465-1] Apache MINA vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8465-1
June 23, 2026

mina2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Apache MINA could be made to run programs if it received specially crafted
network traffic.

Software Description:
- mina2: Apache MINA is a network application framework which helps users develop high performance and high scalability network applications easily

Details:

It was discovered that Apache MINA lacked an acceptMatchers allowlist
mechanism to restrict which classes could be deserialized. An attacker
could use this to execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-52046)

It was discovered that Apache MINA's deserialization filter could be
bypassed via multiple code paths. An attacker could use this to execute
arbitrary code by sending a specially crafted serialized object over the
network. (CVE-2026-42778, CVE-2026-42779, CVE-2026-47065)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
libmina2-java 2.2.1-4ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 24.04 LTS
libmina2-java 2.2.1-3ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libmina2-java 2.1.5-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8465-1
CVE-2024-52046, CVE-2026-42778, CVE-2026-42779, CVE-2026-47065



[USN-8473-1] containerd-stable vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8473-1
June 25, 2026

containerd-stable vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10

Summary:

Several security issues were fixed in containerd.

Software Description:
- containerd-stable: open and reliable container runtime

Details:

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS
frames. A remote attacker could possibly use this issue to cause containerd
to enter an infinite loop, resulting in a denial of service. (CVE-2026-33814)

Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly
handled group parsing when creating containers from images. An attacker
could possibly use this issue to cause containerd to consume excessive
memory, resulting in a denial of service. (CVE-2026-47262)

Henry Beberman and Robert Prast discovered that containerd incorrectly
validated image references when importing container checkpoints. An
attacker could possibly use this issue to poison the local image cache and
execute arbitrary code in other pods. (CVE-2026-50195)

Robert Prast discovered that containerd incorrectly propagated labels
from image configurations to containers. An attacker could possibly use
this issue to execute arbitrary code on the host. (CVE-2026-53488)

Yuming Zhang, Song Li, Sangwon Ryu, Henry Beberman, Robert Prast, Kyle
Elliott and Zhenchen Wang discovered that containerd incorrectly validated
symlinked paths when restoring container checkpoints. An attacker could
possibly use this issue to read arbitrary files on the host, resulting in
information disclosure. (CVE-2026-53489)

Robert Prast discovered that containerd incorrectly trusted device
interface annotations when restoring container checkpoints. An attacker
could possibly use this issue to bypass resource allocation restrictions
and inject devices or host mounts into a container. (CVE-2026-53492)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
containerd-stable 2.2.2-0ubuntu1.1

Ubuntu 25.10
containerd-stable 2.1.6-0ubuntu1~25.10.2

After a standard system update you need to restart containerd to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8473-1
CVE-2026-33814, CVE-2026-47262, CVE-2026-50195, CVE-2026-53488,
CVE-2026-53489, CVE-2026-53492

Package Information:
https://launchpad.net/ubuntu/+source/containerd-stable/2.2.2-0ubuntu1.1
https://launchpad.net/ubuntu/+source/containerd-stable/2.1.6-0ubuntu1~25.10.2



[USN-8471-1] containerd vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8471-1
June 25, 2026

containerd vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in containerd.

Software Description:
- containerd: open and reliable container runtime library

Details:

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS
frames. A remote attacker could possibly use this issue to cause containerd
to enter an infinite loop, resulting in a denial of service. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2026-33814)

Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly
handled group parsing when creating containers from images. An attacker
could possibly use this issue to cause containerd to consume excessive
memory, resulting in a denial of service. (CVE-2026-47262)

Robert Prast discovered that containerd incorrectly propagated labels
from image configurations to containers. An attacker could possibly use
this issue to execute arbitrary code on the host. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS
and Ubuntu 26.04 LTS. (CVE-2026-53488)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
golang-github-containerd-containerd-api-dev 1.7.24~ds1-10ubuntu1+esm1
Available with Ubuntu Pro
golang-github-containerd-containerd-dev 1.7.24~ds1-10ubuntu1+esm1
Available with Ubuntu Pro

Ubuntu 24.04 LTS
golang-github-containerd-containerd-dev 1.6.24~ds1-1ubuntu1.3+esm3
Available with Ubuntu Pro

Ubuntu 22.04 LTS
golang-github-containerd-containerd-dev 1.6.12-0ubuntu1~22.04.11

Ubuntu 20.04 LTS
golang-github-containerd-containerd-dev 1.6.12-0ubuntu1~20.04.8+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
containerd 1.6.12-0ubuntu1~18.04.1+esm4
Available with Ubuntu Pro
golang-github-containerd-containerd-dev 1.6.12-0ubuntu1~18.04.1+esm4
Available with Ubuntu Pro

Ubuntu 16.04 LTS
containerd 1.2.6-0ubuntu1~16.04.6+esm7
Available with Ubuntu Pro
golang-github-docker-containerd-dev 1.2.6-0ubuntu1~16.04.6+esm7
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8471-1
CVE-2026-33814, CVE-2026-47262, CVE-2026-53488

Package Information:
https://launchpad.net/ubuntu/+source/containerd/1.6.12-0ubuntu1~22.04.11



[USN-8476-1] xrdp vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8476-1
June 25, 2026

xrdp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in xrdp.

Software Description:
- xrdp: an open source RDP server

Details:

It was discovered that xrdp incorrectly handled bounds checking when
processing user domain information during the connection sequence. An
unauthenticated remote attacker could use this issue to cause xrdp to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2025-68670)

It was discovered that xrdp did not correctly enforce the maximum number of
login attempts configured by the MaxLoginRetry parameter. A remote attacker
could use this issue to perform an unlimited number of login attempts.
(CVE-2024-39917)

It was discovered that xrdp did not perform bounds checking when accessing
font glyphs. Since some of this data is controllable by the user, a remote
attacker could use this issue to cause xrdp to read out of bounds. This
issue only affected Ubuntu 24.04 LTS. (CVE-2023-42822)

It was discovered that xrdp did not properly handle session establishment
errors. A remote attacker could use this issue to bypass OS-level session
restrictions enforced by PAM, such as the maximum number of concurrent
sessions per user. This issue only affected Ubuntu 24.04 LTS.
(CVE-2023-40184)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
xrdp 0.10.1-3.1+deb13u1build0.25.10.1

Ubuntu 24.04 LTS
xrdp 0.9.24-4ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
xrdp 0.9.17-2ubuntu3+esm2
Available with Ubuntu Pro

Ubuntu 20.04 LTS
xrdp 0.9.12-1ubuntu0.1+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
xorgxrdp 0.9.5-2ubuntu0.1~esm3
Available with Ubuntu Pro
xrdp 0.9.5-2ubuntu0.1~esm3
Available with Ubuntu Pro
xrdp-pulseaudio-installer 0.9.5-2ubuntu0.1~esm3
Available with Ubuntu Pro

After a standard system update you need to restart xrdp to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-8476-1
CVE-2023-40184, CVE-2023-42822, CVE-2024-39917, CVE-2025-68670

Package Information:
https://launchpad.net/ubuntu/+source/xrdp/0.10.1-3.1+deb13u1build0.25.10.1



[USN-8475-1] AMD Microcode vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8475-1
June 25, 2026

amd64-microcode vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in AMD Microcode.

Software Description:
- amd64-microcode: Platform firmware and microcode for AMD CPUs and SoCs

Details:

Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive information. (CVE-2024-36350, CVE-2024-36357)

It was discovered that some AMD Zen 5 processors supporting RDSEED
instruction did not properly handle entropy, potentially resulting in the
consumption of insufficiently random values. A local attacker could
possibly use this issue to influence the values returned by the RDSEED
instruction causing loss of confidentiality and integrity. (CVE-2025-62626)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
amd64-microcode 3.20251202.1ubuntu0.25.10.1

Ubuntu 24.04 LTS
amd64-microcode 3.20251202.1ubuntu0.24.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: For the most comprehensive protection, users should update
their system BIOS/UEFI to the latest version provided by their hardware
vendor. If the BIOS has not been updated, this microcode update will
apply the latest available mitigations that can be delivered via the
operating system. For more information, please see:
https://ubuntu.com/security/vulnerabilities/entrysign

References:
https://ubuntu.com/security/notices/USN-8475-1
CVE-2024-36350, CVE-2024-36357, CVE-2025-62626

Package Information:
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20251202.1ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/amd64-microcode/3.20251202.1ubuntu0.24.04.1


Linux Kernel, mbedtls, Python Tools, and Podman updates for SUSE

LACT 0.9.1 Released: AMD RDNA3 Fixes, Nvidia VF Curve and Faster Linux GPU Monitoring

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...