[USN-8054-1] DjVuLibre vulnerabilities
[USN-8056-1] U-Boot vulnerabilities
[USN-8055-1] Evolution Data Server vulnerability
[USN-8057-1] GIMP vulnerabilities
[USN-8051-2] libssh vulnerabilities
[USN-8054-1] DjVuLibre vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8054-1
February 23, 2026
djvulibre vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in DjVuLibre.
Software Description:
- djvulibre: DjVu image format library and tools
Details:
It was discovered that DjVuLibre could be forced to execute a division
by zero in certain instances. A remote attacker could possibly use
this issue to cause applications to stop responding or crash, resulting
in a denial of service. (CVE-2021-46312)
It was discovered that DjVuLibre incorrectly handled certain memory
operations. If a user or automated system were tricked into processing a
specially crafted DjVu file, a remote attacker could cause applications
to stop responding or crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu
18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2025-53367)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libdjvulibre21 3.5.28-2ubuntu0.24.04.2
Ubuntu 22.04 LTS
libdjvulibre21 3.5.28-2ubuntu0.22.04.2
Ubuntu 20.04 LTS
libdjvulibre21 3.5.27.1-14ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libdjvulibre21 3.5.27.1-8ubuntu0.4+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libdjvulibre21 3.5.27.1-5ubuntu0.1+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8054-1
CVE-2021-46312, CVE-2025-53367
Package Information:
https://launchpad.net/ubuntu/+source/djvulibre/3.5.28-2ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/djvulibre/3.5.28-2ubuntu0.22.04.2
[USN-8056-1] U-Boot vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8056-1
February 23, 2026
u-boot vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in U-Boot.
Software Description:
- u-boot: A boot loader for embedded systems
Details:
Simon Diepold discovered that U-Boot incorrectly handled certain DHCP
responses. An attacker on the local network could possibly use this issue
to obtain sensitive memory contents. (CVE-2024-42040)
It was discovered that U-Boot incorrectly handled symlink size calculations
in squashfs file systems. An attacker could use this issue with a specially
crafted squashfs file system to cause U-Boot to crash, resulting in a denial
of service, or execute arbitrary code. (CVE-2024-57254)
It was discovered that U-Boot incorrectly handled inode size calculations
in squashfs file systems. An attacker could use this issue with a specially
crafted squashfs file system to cause U-Boot to crash, resulting in a denial
of service, or execute arbitrary code. (CVE-2024-57255)
It was discovered that U-Boot incorrectly handled inode size calculations
in EXT4 file systems. An attacker could use this issue with a specially
crafted EXT4 file system to cause U-Boot to crash, resulting in a denial of
service, or execute arbitrary code. (CVE-2024-57256)
It was discovered that U-Boot incorrectly handled deep symlink nesting in
squashfs file systems. An attacker could possibly use this issue with a
specially crafted squashfs file system to cause U-Boot to crash, resulting
in a denial of service. (CVE-2024-57257)
It was discovered that U-Boot incorrectly handled memory allocation in
squashfs file systems. An attacker could use this issue with a specially
crafted squashfs file system to cause U-Boot to crash, resulting in a denial
of service, or execute arbitrary code. (CVE-2024-57258)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
u-boot-amlogic 2025.10-0ubuntu0.24.04.2
u-boot-asahi 2025.10-0ubuntu0.24.04.2
u-boot-exynos 2025.10-0ubuntu0.24.04.2
u-boot-imx 2025.10-0ubuntu0.24.04.2
u-boot-microchip 2025.10-0ubuntu0.24.04.2
u-boot-mvebu 2025.10-0ubuntu0.24.04.2
u-boot-omap 2025.10-0ubuntu0.24.04.2
u-boot-qcom 2025.10-0ubuntu0.24.04.2
u-boot-qemu 2025.10-0ubuntu0.24.04.2
u-boot-rockchip 2025.10-0ubuntu0.24.04.2
u-boot-rpi 2025.10-0ubuntu0.24.04.2
u-boot-sifive 2025.10-0ubuntu0.24.04.2
u-boot-sitara-binaries 2025.10-0ubuntu0.24.04.2
u-boot-starfive 2025.10-0ubuntu0.24.04.2
u-boot-stm32 2025.10-0ubuntu0.24.04.2
u-boot-sunxi 2025.10-0ubuntu0.24.04.2
u-boot-tegra 2025.10-0ubuntu0.24.04.2
u-boot-tools 2025.10-0ubuntu0.24.04.2
Ubuntu 22.04 LTS
u-boot 2022.01+dfsg-2ubuntu2.7
u-boot-amlogic 2022.01+dfsg-2ubuntu2.7
u-boot-exynos 2022.01+dfsg-2ubuntu2.7
u-boot-imx 2022.01+dfsg-2ubuntu2.7
u-boot-microchip 2022.01+dfsg-2ubuntu2.7
u-boot-mvebu 2022.01+dfsg-2ubuntu2.7
u-boot-omap 2022.01+dfsg-2ubuntu2.7
u-boot-qcom 2022.01+dfsg-2ubuntu2.7
u-boot-qemu 2022.01+dfsg-2ubuntu2.7
u-boot-rockchip 2022.01+dfsg-2ubuntu2.7
u-boot-rpi 2022.01+dfsg-2ubuntu2.7
u-boot-sifive 2022.01+dfsg-2ubuntu2.7
u-boot-sunxi 2022.01+dfsg-2ubuntu2.7
u-boot-tegra 2022.01+dfsg-2ubuntu2.7
u-boot-tools 2022.01+dfsg-2ubuntu2.7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8056-1
CVE-2024-57254, CVE-2024-57255, CVE-2024-57256, CVE-2024-57257,
CVE-2024-57258, CVE-2024-57259
Package Information:
https://launchpad.net/ubuntu/+source/u-boot/2025.10-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/u-boot/2022.01+dfsg-2ubuntu2.7
[USN-8055-1] Evolution Data Server vulnerability
==========================================================================
Ubuntu Security Notice USN-8055-1
February 23, 2026
evolution-data-server vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Evolution Data Server could be made to remove files.
Software Description:
- evolution-data-server: Evolution suite data server
Details:
It was discovered that Evolution Data Server incorrectly handled removing
local cache files. An attacker could possibly use this issue to cause
Evolution Data Server to remove arbitrary files.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
evolution-data-server 3.56.2-3ubuntu0.1
evolution-data-server-common 3.56.2-3ubuntu0.1
libcamel-1.2-64t64 3.56.2-3ubuntu0.1
libebackend-1.2-11t64 3.56.2-3ubuntu0.1
libebook-1.2-21t64 3.56.2-3ubuntu0.1
libebook-contacts-1.2-4t64 3.56.2-3ubuntu0.1
libecal-2.0-3 3.56.2-3ubuntu0.1
libedata-book-1.2-27t64 3.56.2-3ubuntu0.1
libedata-cal-2.0-2t64 3.56.2-3ubuntu0.1
libedataserver-1.2-27t64 3.56.2-3ubuntu0.1
libedataserverui-1.2-4t64 3.56.2-3ubuntu0.1
libedataserverui4-1.0-0t64 3.56.2-3ubuntu0.1
Ubuntu 24.04 LTS
evolution-data-server 3.52.3-0ubuntu1.2
evolution-data-server-common 3.52.3-0ubuntu1.2
libcamel-1.2-64t64 3.52.3-0ubuntu1.2
libebackend-1.2-11t64 3.52.3-0ubuntu1.2
libebook-1.2-21t64 3.52.3-0ubuntu1.2
libebook-contacts-1.2-4t64 3.52.3-0ubuntu1.2
libecal-2.0-3 3.52.3-0ubuntu1.2
libedata-book-1.2-27t64 3.52.3-0ubuntu1.2
libedata-cal-2.0-2t64 3.52.3-0ubuntu1.2
libedataserver-1.2-27t64 3.52.3-0ubuntu1.2
libedataserverui-1.2-4t64 3.52.3-0ubuntu1.2
libedataserverui4-1.0-0t64 3.52.3-0ubuntu1.2
Ubuntu 22.04 LTS
evolution-data-server 3.44.4-0ubuntu1.2
evolution-data-server-common 3.44.4-0ubuntu1.2
libcamel-1.2-63 3.44.4-0ubuntu1.2
libebackend-1.2-10 3.44.4-0ubuntu1.2
libebook-1.2-20 3.44.4-0ubuntu1.2
libebook-contacts-1.2-3 3.44.4-0ubuntu1.2
libecal-2.0-1 3.44.4-0ubuntu1.2
libedata-book-1.2-26 3.44.4-0ubuntu1.2
libedata-cal-2.0-1 3.44.4-0ubuntu1.2
libedataserver-1.2-26 3.44.4-0ubuntu1.2
libedataserverui-1.2-3 3.44.4-0ubuntu1.2
After a standard system update you need to restart your session to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8055-1
CVE-2026-2604
Package Information:
https://launchpad.net/ubuntu/+source/evolution-data-server/3.56.2-3ubuntu0.1
https://launchpad.net/ubuntu/+source/evolution-data-server/3.52.3-0ubuntu1.2
https://launchpad.net/ubuntu/+source/evolution-data-server/3.44.4-0ubuntu1.2
[USN-8057-1] GIMP vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8057-1
February 23, 2026
gimp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in GIMP.
Software Description:
- gimp: GNU Image Manipulation Program
Details:
Hanno Böck discovered that GIMP allocated FLI images using only the
information present in the file header, which allowed for a maliciously-
crafted file to cause out-of-bounds writes. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code. This
issue only affected Ubuntu 16.04 LTS. (CVE-2017-17785)
Michael Randrianantenaina discovered that that opening a maliciously
crafted FLI file could cause GIMP to index out-of-bounds. An attacker could
possibly use this issue to cause a denial or service or execute arbitrary
code. (CVE-2025-2761)
It was discovered that opening a maliciously-crafted DCM file could cause
GIMP to index out-of-bounds. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2025-10922)
It was discovered that GIMP's JP2 parser did not account for precision when
allocating an image buffer. An attacker could possibly use this to cause a
denial of service or execute arbitrary code when a maliciously crafted file
is opened. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 24.04 LTS. (CVE-2025-14425)
It was discovered that GIMP's PSP parser erroneously queried the color
channels of a greyscale image, which resulted in an invalid memory pointer.
An attacker could possibly use this to cause a denial of service or execute
arbitrary code when a maliciously-crafted file is opened. This issue only
affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-15059)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
gimp 2.10.36-3ubuntu0.24.04.1+esm1
Available with Ubuntu Pro
libgimp2.0t64 2.10.36-3ubuntu0.24.04.1+esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
gimp 2.10.30-1ubuntu0.1+esm1
Available with Ubuntu Pro
libgimp2.0 2.10.30-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
gimp 2.10.18-1ubuntu0.1+esm1
Available with Ubuntu Pro
libgimp2.0 2.10.18-1ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
gimp 2.8.22-1ubuntu0.1~esm1
Available with Ubuntu Pro
libgimp2.0 2.8.22-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
gimp 2.8.16-1ubuntu1.1+esm1
Available with Ubuntu Pro
libgimp2.0 2.8.16-1ubuntu1.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8057-1
CVE-2017-17785, CVE-2025-10922, CVE-2025-14425, CVE-2025-15059,
CVE-2025-2761
[USN-8051-2] libssh vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8051-2
February 23, 2026
libssh vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in libssh.
Software Description:
- libssh: A tiny C SSH library
Details:
USN-8051-1 fixed vulnerabilities in libssh. This update provides the
corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu
20.04 LTS.
Original advisory details:
It was discovered that libssh clients incorrectly handled the key exchange
process. A remote attacker could possibly use this issue to cause libssh
clients to crash, resulting in a denial of service. (CVE-2025-8277)
It was discovered that the libssh SCP client incorrectly sanitized paths
received from servers. A remote attacker could use this issue to cause
libssh SCP clients to overwrite files outside of the working directory and
possibly execute arbitrary code. (CVE-2026-0964)
It was discovered that libssh incorrectly handled parsing configuration
files. A local attacker could possibly use this issue to cause libssh to
access non-regular files, resulting in a denial of service. (CVE-2026-0965)
It was discovered that libssh incorrectly handled the ssh_get_hexa()
function. A remote attacker could possibly use this issue to cause libssh
to crash, resulting in a denial of service. (CVE-2026-0966)
It was discovered that libssh incorrectly handled certain regular
expressions. A local attacker could possibly use this issue to cause
libssh to consume resources, resulting in a denial of service.
(CVE-2026-0967)
It was discovered that the libssh SFTP client incorrectly handled certain
malformed longname fields. A remote attacker could use this issue to cause
libssh SFTP clients to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-0968)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libssh-4 0.9.3-2ubuntu2.5+esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libssh-4 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libssh-4 0.6.3-4.3ubuntu0.6+esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8051-2
https://ubuntu.com/security/notices/USN-8051-1
CVE-2025-8277, CVE-2026-0964, CVE-2026-0965, CVE-2026-0966,
CVE-2026-0967, CVE-2026-0968
