[USN-8405-2] CUPS regression
[USN-8398-3] nginx vulnerability
[USN-8428-1] tmux vulnerability
[USN-8427-1] Mesa vulnerability
[USN-8429-1] FastNetMon vulnerabilities
[USN-8430-1] ADSys vulnerabilities
[USN-8405-2] CUPS regression
==========================================================================
Ubuntu Security Notice USN-8405-2
June 15, 2026
cups regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
USN-8405-1 introduced a regression in CUPS
Software Description:
- cups: Common UNIX Printing System(tm)
Details:
USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a
regression that cause CUPS to crash when parsing certain large printer PPD
files. This update fixes the problem.
Original advisory details:
Ariel Silver discovered that CUPS incorrectly handled username comparisons
during authorization checks. A local attacker could possibly use this issue
to gain unauthorized access to restricted operations. (CVE-2026-27447)
Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled
notify-recipient-uri values in the RSS notifier. A remote attacker could
possibly use this issue to overwrite lp-writable files and cause a denial
of service. (CVE-2026-34978)
Jacob Newman discovered that CUPS incorrectly handled filter option strings
when processing job attributes. An attacker could use this issue to cause
CUPS to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2026-34979)
Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled
page-border values in shared PostScript queues. A remote attacker could
possibly use this issue to execute arbitrary code. (CVE-2026-34980)
Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled
localhost authentication to attacker-controlled IPP services. A local
attacker could possibly use this issue to overwrite arbitrary files
and execute arbitrary code. (CVE-2026-34990)
Tomer Fichman discovered that CUPS incorrectly handled negative
job-password-supported values. A local attacker could possibly use this
issue to cause CUPS to crash, resulting in a denial of service.
(CVE-2026-39314)
Tomer Fichman discovered that CUPS incorrectly handled temporary printer
deletion. An attacker could possibly use this issue to cause CUPS to crash,
resulting in a denial of service, or to execute arbitrary code.
(CVE-2026-39316)
Tomer Fichman discovered that CUPS incorrectly handled certain malformed
SNMP responses. An attacker could possibly use this issue to obtain
sensitive information. (CVE-2026-41079)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
cups 2.4.16-1ubuntu1.3
cups-daemon 2.4.16-1ubuntu1.3
Ubuntu 25.10
cups 2.4.12-0ubuntu3.10
cups-daemon 2.4.12-0ubuntu3.10
Ubuntu 24.04 LTS
cups 2.4.7-1.2ubuntu7.14
cups-daemon 2.4.7-1.2ubuntu7.14
Ubuntu 22.04 LTS
cups 2.4.1op1-1ubuntu4.21
cups-daemon 2.4.1op1-1ubuntu4.21
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8405-2
https://ubuntu.com/security/notices/USN-8405-1
https://launchpad.net/bugs/2156339
Package Information:
https://launchpad.net/ubuntu/+source/cups/2.4.16-1ubuntu1.3
https://launchpad.net/ubuntu/+source/cups/2.4.12-0ubuntu3.10
https://launchpad.net/ubuntu/+source/cups/2.4.7-1.2ubuntu7.14
https://launchpad.net/ubuntu/+source/cups/2.4.1op1-1ubuntu4.21
[USN-8398-3] nginx vulnerability
==========================================================================
Ubuntu Security Notice USN-8398-3
June 15, 2026
nginx vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
nginx could be made to consume excessive resources if it received specially
crafted network traffic.
Software Description:
- nginx: small, powerful, scalable web/proxy server
Details:
USN-8398-1 fixed a vulnerability in nginx. The update caused a regression
and was temporarily reverted in USN-8398-2. This update introduces a
complete fix for CVE-2026-49975.
We apologize for the inconvenience.
Original advisory details:
It was discovered that nginx incorrectly handled certain cookie headers in
the HTTP/2 implementation. A remote attacker could possibly use this issue
to cause nginx to consume excessive resources, resulting in a denial of
service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
nginx 1.28.3-2ubuntu1.5
nginx-core 1.28.3-2ubuntu1.5
nginx-extras 1.28.3-2ubuntu1.5
nginx-full 1.28.3-2ubuntu1.5
nginx-light 1.28.3-2ubuntu1.5
Ubuntu 25.10
nginx 1.28.0-6ubuntu1.7
nginx-core 1.28.0-6ubuntu1.7
nginx-extras 1.28.0-6ubuntu1.7
nginx-full 1.28.0-6ubuntu1.7
nginx-light 1.28.0-6ubuntu1.7
Ubuntu 24.04 LTS
nginx 1.24.0-2ubuntu7.12
nginx-core 1.24.0-2ubuntu7.12
nginx-extras 1.24.0-2ubuntu7.12
nginx-full 1.24.0-2ubuntu7.12
nginx-light 1.24.0-2ubuntu7.12
Ubuntu 22.04 LTS
nginx 1.18.0-6ubuntu14.15
nginx-core 1.18.0-6ubuntu14.15
nginx-extras 1.18.0-6ubuntu14.15
nginx-full 1.18.0-6ubuntu14.15
nginx-light 1.18.0-6ubuntu14.15
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8398-3
https://ubuntu.com/security/notices/USN-8398-2
https://ubuntu.com/security/notices/USN-8398-1
CVE-2026-49975
Package Information:
https://launchpad.net/ubuntu/+source/nginx/1.28.3-2ubuntu1.5
https://launchpad.net/ubuntu/+source/nginx/1.28.0-6ubuntu1.7
https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.12
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.15
[USN-8428-1] tmux vulnerability
==========================================================================
Ubuntu Security Notice USN-8428-1
June 15, 2026
tmux vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
Summary:
tmux could be made to crash if it received specially crafted
input.
Software Description:
- tmux: terminal multiplexer
Details:
It was discovered that tmux incorrectly handled image cleanup, leading to
a use-after-free vulnerability. A local attacker could possibly use this
issue to cause tmux to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
tmux 3.6a-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8428-1
CVE-2026-11623
Package Information:
https://launchpad.net/ubuntu/+source/tmux/3.6a-2ubuntu0.1
[USN-8427-1] Mesa vulnerability
==========================================================================
Ubuntu Security Notice USN-8427-1
June 15, 2026
mesa vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Mesa could be made to crash or run programs if it received specially
crafted input.
Software Description:
- mesa: free implementation of the EGL API
Details:
It was discovered that Mesa did not properly validate memory allocation
sizes in WebGPU under certain circumstances. An attacker could use this
issue to cause Mesa to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libegl-mesa0 25.2.8-0ubuntu0.25.10.2
libgbm1 25.2.8-0ubuntu0.25.10.2
libgl1-mesa-dri 25.2.8-0ubuntu0.25.10.2
libglx-mesa0 25.2.8-0ubuntu0.25.10.2
mesa-drm-shim 25.2.8-0ubuntu0.25.10.2
mesa-libgallium 25.2.8-0ubuntu0.25.10.2
mesa-opencl-icd 25.2.8-0ubuntu0.25.10.2
mesa-teflon-delegate 25.2.8-0ubuntu0.25.10.2
mesa-va-drivers 25.2.8-0ubuntu0.25.10.2
mesa-vdpau-drivers 25.2.8-0ubuntu0.25.10.2
mesa-vulkan-drivers 25.2.8-0ubuntu0.25.10.2
Ubuntu 24.04 LTS
libegl-mesa0 25.2.8-0ubuntu0.24.04.2
libgbm1 25.2.8-0ubuntu0.24.04.2
libgl1-mesa-dri 25.2.8-0ubuntu0.24.04.2
libglx-mesa0 25.2.8-0ubuntu0.24.04.2
mesa-drm-shim 25.2.8-0ubuntu0.24.04.2
mesa-libgallium 25.2.8-0ubuntu0.24.04.2
mesa-opencl-icd 25.2.8-0ubuntu0.24.04.2
mesa-teflon-delegate 25.2.8-0ubuntu0.24.04.2
mesa-va-drivers 25.2.8-0ubuntu0.24.04.2
mesa-vdpau-drivers 25.2.8-0ubuntu0.24.04.2
mesa-vulkan-drivers 25.2.8-0ubuntu0.24.04.2
Ubuntu 22.04 LTS
libd3dadapter9-mesa 23.2.1-1ubuntu3.1~22.04.4
libegl-mesa0 23.2.1-1ubuntu3.1~22.04.4
libgbm1 23.2.1-1ubuntu3.1~22.04.4
libgl1-mesa-dri 23.2.1-1ubuntu3.1~22.04.4
libglapi-mesa 23.2.1-1ubuntu3.1~22.04.4
libglx-mesa0 23.2.1-1ubuntu3.1~22.04.4
libosmesa6 23.2.1-1ubuntu3.1~22.04.4
libxatracker2 23.2.1-1ubuntu3.1~22.04.4
mesa-drm-shim 23.2.1-1ubuntu3.1~22.04.4
mesa-opencl-icd 23.2.1-1ubuntu3.1~22.04.4
mesa-va-drivers 23.2.1-1ubuntu3.1~22.04.4
mesa-vdpau-drivers 23.2.1-1ubuntu3.1~22.04.4
mesa-vulkan-drivers 23.2.1-1ubuntu3.1~22.04.4
After a standard system update you need to restart your session to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8427-1
CVE-2026-40393
Package Information:
https://launchpad.net/ubuntu/+source/mesa/25.2.8-0ubuntu0.25.10.2
https://launchpad.net/ubuntu/+source/mesa/25.2.8-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/mesa/23.2.1-1ubuntu3.1~22.04.4
[USN-8429-1] FastNetMon vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8429-1
June 15, 2026
fastnetmon vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in FastNetMon.
Software Description:
- fastnetmon: High-performance DDoS detector
Details:
It was discovered that FastNetMon incorrectly validated prefix lengths when
decoding BGP NLRI data. A remote attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. This issue only
affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-48686)
It was discovered that FastNetMon incorrectly sanitized input in the
Juniper router integration plugin. An attacker could possibly use this
issue to execute arbitrary commands. (CVE-2026-48687)
It was discovered that FastNetMon incorrectly handled buffer bounds checks
when processing network traffic. A remote attacker could possibly use this
issue to cause a denial of service or execute arbitrary code. This issue
only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-48689)
It was discovered that FastNetMon incorrectly handled encoding the BGP
AS_PATH attribute. A remote attacker could possibly use this issue to cause
a denial of service or execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-48691)
It was discovered that FastNetMon incorrectly validated IP address input in
the Juniper router integration plugin. An attacker could possibly use this
issue to inject arbitrary router configuration commands. (CVE-2026-48694)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
fastnetmon 1.2.8+git20250911-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 24.04 LTS
fastnetmon 1.2.6-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
fastnetmon 1.1.4-1ubuntu0.1~esm1
Available with Ubuntu Pro
After a standard system update you need to restart fastnetmon to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8429-1
CVE-2026-48686, CVE-2026-48687, CVE-2026-48689, CVE-2026-48691,
CVE-2026-48694
[USN-8430-1] ADSys vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8430-1
June 15, 2026
adsys vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in ADSys.
Software Description:
- adsys: Active Directory Group Policy client
Details:
It was discovered that ADSys did not properly handle certain HTTP/2 frames.
A remote attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-27141)
It was discovered that ADSys did not properly handle certain HTTP/2
SETTINGS frames. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2026-33814)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
adsys 0.16.4ubuntu1.1
Ubuntu 25.10
adsys 0.16.3ubuntu0.25.10.2
Ubuntu 24.04 LTS
adsys 0.16.3~24.04.2ubuntu0.24.04.1
Ubuntu 22.04 LTS
adsys 0.16.3~22.04.2ubuntu0.22.04.1
Ubuntu 20.04 LTS
adsys 0.9.2~20.04.2ubuntu0.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8430-1
CVE-2026-27141, CVE-2026-33814
Package Information:
https://launchpad.net/ubuntu/+source/adsys/0.16.4ubuntu1.1
https://launchpad.net/ubuntu/+source/adsys/0.16.3ubuntu0.25.10.2
https://launchpad.net/ubuntu/+source/adsys/0.16.3~24.04.2ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/adsys/0.16.3~22.04.2ubuntu0.22.04.1
