[USN-8348-1] GoBGP vulnerabilities
[USN-8344-3] pip vulnerability
[USN-8130-2] GStreamer Base Plugins vulnerability
[USN-8375-1] nginx vulnerabilities
[USN-8363-2] MySQL vulnerabilities
[USN-8376-1] FRR vulnerabilities
[USN-8377-1] Template-Toolkit vulnerability
[USN-8379-1] urllib3 vulnerabilities
[USN-8380-1] Twisted vulnerability
[USN-8378-1] libwww-perl vulnerability
[USN-8382-1] Exim vulnerabilities
[USN-8348-1] GoBGP vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8348-1
June 03, 2026
gobgp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in GoBGP.
Software Description:
- gobgp: BGP implementation in Go
Details:
It was discovered that GoBGP incorrectly handled certain specially crafted
BGP UPDATE messages. A remote attacker could possibly use this issue to
cause GoBGP to crash, resulting in a denial of service. (CVE-2026-37461)
Yanlei Wang discovered that GoBGP incorrectly handled certain malformed BGP
UPDATE messages containing 4-byte AS attributes. A remote attacker could
possibly use this issue to cause GoBGP to crash, resulting in a denial of
service. (CVE-2026-41643)
It was discovered that GoBGP incorrectly handled certain malformed BGP
UPDATE messages containing SRv6 L3 Service attributes. A remote attacker
could possibly use this issue to cause GoBGP to crash, resulting in a
denial of service. (CVE-2026-7734)
It was discovered that GoBGP incorrectly handled certain malformed BGP
UPDATE messages containing Accumulated IGP (AIGP) attributes. A remote
attacker could possibly use this issue to cause GoBGP to crash, resulting
in a denial of service. (CVE-2026-7735)
It was discovered that GoBGP incorrectly handled certain malformed Multi-
threaded Routing Toolkit (MRT) routing information entries. A remote
attacker could possibly use this issue to cause GoBGP to crash, resulting
in a denial of service. (CVE-2026-7736)
It was discovered that GoBGP incorrectly handled certain malformed Multi-
threaded Routing Toolkit (MRT) headers. A remote attacker could possibly
use this issue to cause GoBGP to crash, resulting in a denial of service.
(CVE-2026-7737)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
gobgpd 3.36.0-2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 24.04 LTS
gobgpd 3.23.0-1ubuntu0.3+esm4
Available with Ubuntu Pro
Ubuntu 22.04 LTS
gobgpd 2.25.0-3ubuntu0.1+esm4
Available with Ubuntu Pro
Ubuntu 20.04 LTS
gobgpd 2.12.0-1ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
gobgpd 1.29-1ubuntu0.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8348-1
CVE-2026-37461, CVE-2026-41643, CVE-2026-7734, CVE-2026-7735,
CVE-2026-7736, CVE-2026-7737
[USN-8344-3] pip vulnerability
==========================================================================
Ubuntu Security Notice USN-8344-3
June 03, 2026
python-pip vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
A regression was fixed in pip.
Software Description:
- python-pip: Python package installer
Details:
USN-8344-1 introduced a regression in pip. This update provides a complete fix for this issue..
We apologize for the inconvenience.
Original advisory details:
It was discovered that pip's bundled urllib3 library improperly
handled streaming decompression of highly compressed data. A remote
attacker could possibly use this issue to cause pip to consume excessive resources,
leading to a denial of service. (CVE-2025-66471)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
python3-pip 25.1.1+dfsg-1ubuntu2+esm3
Available with Ubuntu Pro
python3-pip-whl 25.1.1+dfsg-1ubuntu2+esm3
Available with Ubuntu Pro
Ubuntu 24.04 LTS
python3-pip 24.0+dfsg-1ubuntu1.3+esm3
Available with Ubuntu Pro
python3-pip-whl 24.0+dfsg-1ubuntu1.3+esm3
Available with Ubuntu Pro
Ubuntu 22.04 LTS
python3-pip 22.0.2+dfsg-1ubuntu0.7+esm3
Available with Ubuntu Pro
python3-pip-whl 22.0.2+dfsg-1ubuntu0.7+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8344-3
https://ubuntu.com/security/notices/USN-8344-2
https://ubuntu.com/security/notices/USN-8344-1
CVE-2025-66471
[USN-8130-2] GStreamer Base Plugins vulnerability
==========================================================================
Ubuntu Security Notice USN-8130-2
June 02, 2026
gst-plugins-base1.0 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
GStreamer Base Plugins could be made to crash or run programs if it opened
a specially crafted file.
Software Description:
- gst-plugins-base1.0: GStreamer plugins
Details:
USN-8130-1 fixed a vulnerability in GStreamer Base Plugins. This update
provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu
20.04 LTS.
Original advisory details:
It was discovered that GStreamer Base Plugins incorrectly handled certain
AVI media files. A remote attacker could use this issue to cause GStreamer
Base Plugins to crash, resulting in a denial of service, or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
gstreamer1.0-plugins-base 1.16.3-0ubuntu1.4+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
gstreamer1.0-plugins-base 1.14.5-0ubuntu1~18.04.3+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8130-2
https://ubuntu.com/security/notices/USN-8130-1
CVE-2026-2921
[USN-8375-1] nginx vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8375-1
June 03, 2026
nginx vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description:
- nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that the nginx ngx_mail_smtp_module module incorrectly
handled certain memory operations when doing SMTP authentication. This
could possibly result in sensitive information being sent to the
authentication server. (CVE-2025-53859)
It was discovered that nginx incorrectly handled proxying to upstream TLS
servers. An attacker could possibly use this issue to insert plain text
data into the response from an upstream proxied server. (CVE-2026-1642)
It was discovered that the nginx ngx_mail_auth_http_module module
incorrectly handled certain requests. An attacker could possibly use this
issue to cause nginx to crash, resulting in a denial of service.
(CVE-2026-27651)
It was discovered that the nginx ngx_http_dav_module module incorrectly
handled certain destination URIs. An attacker could use this issue to cause
nginx to crash, resulting in a denial of service, or possibly modify source
or destination names outside of the document root. (CVE-2026-27654)
It was discovered that the nginx ngx_http_mp4_module module incorrectly
handled certain MP4 files. An attacker could use this issue to cause nginx
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2026-27784, CVE-2026-32647)
It was discovered that the nginx ngx_mail_smtp_module module incorrectly
handled certain CRLF sequences. An attacker could possibly use this issue
to inject arbitrary SMTP headers. (CVE-2026-28753)
It was discovered that nginx contained a use-after-free vulnerability in
the ngx_http_ssl_module module when client certificate verification and
OCSP validation were enabled. A remote attacker could use this issue to
cause nginx to crash, resulting in a denial of service, or possibly modify
data in memory. (CVE-2026-40701)
It was discovered that nginx did not properly handle certain proxied
responses in the ngx_http_charset_module module. A remote attacker could
possibly use this issue to obtain sensitive information or cause nginx to
crash, resulting in a denial of service. (CVE-2026-42934)
It was discovered that the nginx ngx_http_rewrite_module component
incorrectly handled certain rewrite directives. A remote attacker could use
this issue to cause nginx to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-42945)
It was discovered that nginx did not properly process certain SCGI and
uWSGI responses. An attacker able to perform a machine-in-the-middle attack
could possibly use this issue to obtain sensitive information or cause
nginx to crash, resulting in a denial of service. (CVE-2026-42946)
It was discovered that nginx incorrectly handled certain rewrite rules in
the ngx_http_rewrite_module module. A remote attacker could use this issue
to cause nginx to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2026-9256)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libnginx-mod-http-headers-more-filter 1.18.0-0ubuntu1.7+esm1
Available with Ubuntu Pro
libnginx-mod-http-lua 1.18.0-0ubuntu1.7+esm1
Available with Ubuntu Pro
libnginx-mod-mail 1.18.0-0ubuntu1.7+esm1
Available with Ubuntu Pro
libnginx-mod-nchan 1.18.0-0ubuntu1.7+esm1
Available with Ubuntu Pro
libnginx-mod-rtmp 1.18.0-0ubuntu1.7+esm1
Available with Ubuntu Pro
nginx 1.18.0-0ubuntu1.7+esm1
Available with Ubuntu Pro
nginx-core 1.18.0-0ubuntu1.7+esm1
Available with Ubuntu Pro
nginx-extras 1.18.0-0ubuntu1.7+esm1
Available with Ubuntu Pro
nginx-full 1.18.0-0ubuntu1.7+esm1
Available with Ubuntu Pro
nginx-light 1.18.0-0ubuntu1.7+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libnginx-mod-http-auth-pam 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-cache-purge 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-dav-ext 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-echo 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-fancyindex 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-geoip 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-headers-more-filter 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-image-filter 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-lua 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-ndk 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-perl 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-subs-filter 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-uploadprogress 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-upstream-fair 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-http-xslt-filter 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-mail 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-nchan 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-rtmp 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
libnginx-mod-stream 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
nginx 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
nginx-core 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
nginx-extras 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
nginx-full 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
nginx-light 1.14.0-0ubuntu1.11+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
nginx 1.10.3-0ubuntu0.16.04.5+esm7
Available with Ubuntu Pro
nginx-core 1.10.3-0ubuntu0.16.04.5+esm7
Available with Ubuntu Pro
nginx-extras 1.10.3-0ubuntu0.16.04.5+esm7
Available with Ubuntu Pro
nginx-full 1.10.3-0ubuntu0.16.04.5+esm7
Available with Ubuntu Pro
nginx-light 1.10.3-0ubuntu0.16.04.5+esm7
Available with Ubuntu Pro
Ubuntu 14.04 LTS
nginx 1.4.6-1ubuntu3.9+esm6
Available with Ubuntu Pro
nginx-common 1.4.6-1ubuntu3.9+esm6
Available with Ubuntu Pro
nginx-core 1.4.6-1ubuntu3.9+esm6
Available with Ubuntu Pro
nginx-extras 1.4.6-1ubuntu3.9+esm6
Available with Ubuntu Pro
nginx-full 1.4.6-1ubuntu3.9+esm6
Available with Ubuntu Pro
nginx-light 1.4.6-1ubuntu3.9+esm6
Available with Ubuntu Pro
nginx-naxsi 1.4.6-1ubuntu3.9+esm6
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8375-1
CVE-2025-53859, CVE-2026-1642, CVE-2026-27651, CVE-2026-27654,
CVE-2026-27784, CVE-2026-28753, CVE-2026-32647, CVE-2026-40701,
CVE-2026-42934, CVE-2026-42945, CVE-2026-42946, CVE-2026-9256
[USN-8363-2] MySQL vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8363-2
June 03, 2026
mysql-8.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-8.0: MySQL database
Details:
USN-8363-1 fixed several vulnerabilities in MySQL. This update
provides the corresponding fixes for MySQL on Ubuntu 20.04 LTS.
Original advisory details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.46 in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
Ubuntu 25.10 and Ubuntu 26.04 LTS have been updated to MySQL 8.4.9.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-46.html
https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-9.html
https://www.oracle.com/security-alerts/cpuapr2026.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
mysql-server-8.0 8.0.46-0ubuntu0.20.04.1+esm2
Available with Ubuntu Pro
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-8363-2
https://ubuntu.com/security/notices/USN-8363-1
CVE-2026-21998, CVE-2026-22001, CVE-2026-22002, CVE-2026-22004,
CVE-2026-22005, CVE-2026-22009, CVE-2026-22015, CVE-2026-22017,
CVE-2026-34267, CVE-2026-34270, CVE-2026-34271, CVE-2026-34276,
CVE-2026-34278, CVE-2026-34293, CVE-2026-34303, CVE-2026-34304,
CVE-2026-34308, CVE-2026-34317, CVE-2026-34318, CVE-2026-34319,
CVE-2026-35236, CVE-2026-35237, CVE-2026-35238, CVE-2026-35239,
CVE-2026-35240
[USN-8376-1] FRR vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8376-1
June 03, 2026
frr vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in FRR.
Software Description:
- frr: FRRouting suite of internet protocols
Details:
It was discovered that FRR incorrectly handled certain OSPF Traffic
Engineering and Segment Routing TLVs. An attacker could possibly use this
issue to cause FRR to crash, resulting in a denial of service.
(CVE-2026-28532)
It was discovered that FRR incorrectly handled certain BGP FlowSpec
components. An attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service. (CVE-2026-37457)
It was discovered that FRR did not properly validate certain MP_REACH_NLRI
messages. An authenticated user could possibly use this issue to cause FRR
to crash, resulting in a denial of service. (CVE-2026-37458)
It was discovered that FRR incorrectly handled processing certain BGP
UPDATE messages. An attacker could possibly use this issue to cause FRR to
crash, resulting in a denial of service. This issue only affected Ubuntu
25.04 and Ubuntu 25.10. (CVE-2026-37459)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
frr 10.5.1-1ubuntu4.1
Ubuntu 25.10
frr 10.4.1-3ubuntu1.4
Ubuntu 24.04 LTS
frr 8.4.4-1.1ubuntu6.7
Ubuntu 22.04 LTS
frr 8.1-1ubuntu1.16
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8376-1
CVE-2026-28532, CVE-2026-37457, CVE-2026-37458, CVE-2026-37459
Package Information:
https://launchpad.net/ubuntu/+source/frr/10.5.1-1ubuntu4.1
https://launchpad.net/ubuntu/+source/frr/10.4.1-3ubuntu1.4
https://launchpad.net/ubuntu/+source/frr/8.4.4-1.1ubuntu6.7
https://launchpad.net/ubuntu/+source/frr/8.1-1ubuntu1.16
[USN-8377-1] Template-Toolkit vulnerability
==========================================================================
Ubuntu Security Notice USN-8377-1
June 03, 2026
libtemplate-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Template-Toolkit could allow arbitrary HTML and JavaScript to be injected
into generated output.
Software Description:
- libtemplate-perl: template processing system in Perl
Details:
It was discovered that Template-Toolkit did not properly escape single
quotes in the html_filter function of Template::Plugin::HTML. An attacker
could possibly use this issue to inject arbitrary HTML and JavaScript into
generated output.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
libtemplate-perl 3.102-1ubuntu0.1
Ubuntu 25.10
libtemplate-perl 2.27-1ubuntu0.25.10.1
Ubuntu 24.04 LTS
libtemplate-perl 2.27-1ubuntu0.24.04.1
Ubuntu 22.04 LTS
libtemplate-perl 2.27-1ubuntu0.22.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8377-1
CVE-2026-5090
Package Information:
https://launchpad.net/ubuntu/+source/libtemplate-perl/3.102-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.22.04.1
[USN-8379-1] urllib3 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8379-1
June 03, 2026
python-urllib3 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in urllib3.
Software Description:
- python-urllib3: HTTP library with thread-safe connection pooling
Details:
It was discovered that urllib3 incorrectly handled cross-origin redirects
in ProxyManager. A remote attacker could possibly use this issue to obtain
sensitive information. (CVE-2026-44431)
It was discovered that urllib3 incorrectly handled decompression of
specially crafted responses. A remote attacker could possibly use this
issue to cause urllib3 to consume resources, leading to a denial of
service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-44432)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
python3-urllib3 2.6.3-1ubuntu1.1
Ubuntu 25.10
python3-urllib3 2.3.0-3ubuntu0.6
Ubuntu 24.04 LTS
python3-urllib3 2.0.7-1ubuntu0.7
Ubuntu 22.04 LTS
python3-urllib3 1.26.5-1~exp1ubuntu0.7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8379-1
CVE-2026-44431, CVE-2026-44432
Package Information:
https://launchpad.net/ubuntu/+source/python-urllib3/2.6.3-1ubuntu1.1
https://launchpad.net/ubuntu/+source/python-urllib3/2.3.0-3ubuntu0.6
https://launchpad.net/ubuntu/+source/python-urllib3/2.0.7-1ubuntu0.7
https://launchpad.net/ubuntu/+source/python-urllib3/1.26.5-1~exp1ubuntu0.7
[USN-8380-1] Twisted vulnerability
==========================================================================
Ubuntu Security Notice USN-8380-1
June 03, 2026
twisted vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Twisted could be made to crash if it received specially crafted network
traffic.
Software Description:
- twisted: Event-based framework for internet applications
Details:
It was discovered that Twisted incorrectly handled DNS name decompression.
A remote attacker could possibly use this issue to cause Twisted to consume
excessive resources, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
python3-twisted 25.5.0-5ubuntu0.1
Ubuntu 25.10
python3-twisted 24.11.0-1ubuntu0.1
Ubuntu 24.04 LTS
python3-twisted 24.3.0-1ubuntu0.2
Ubuntu 22.04 LTS
python3-twisted 22.1.0-2ubuntu2.7
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8380-1
CVE-2026-42304
Package Information:
https://launchpad.net/ubuntu/+source/twisted/25.5.0-5ubuntu0.1
https://launchpad.net/ubuntu/+source/twisted/24.11.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/twisted/24.3.0-1ubuntu0.2
https://launchpad.net/ubuntu/+source/twisted/22.1.0-2ubuntu2.7
[USN-8378-1] libwww-perl vulnerability
==========================================================================
Ubuntu Security Notice USN-8378-1
June 03, 2026
libwww-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
libwww-perl could be made to expose sensitive information over the network.
Software Description:
- libwww-perl: simple and consistent interface to the world-wide web
Details:
It was discovered that libwww-perl incorrectly handled redirects. A remote
attacker could possibly use this issue to obtain sensitive information by
causing Authorization headers to be sent to a different host.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
libwww-perl 6.81-1ubuntu0.1
Ubuntu 25.10
libwww-perl 6.78-1ubuntu0.1
Ubuntu 24.04 LTS
libwww-perl 6.76-1ubuntu0.1
Ubuntu 22.04 LTS
libwww-perl 6.61-1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8378-1
CVE-2026-8368
Package Information:
https://launchpad.net/ubuntu/+source/libwww-perl/6.81-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libwww-perl/6.78-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libwww-perl/6.76-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libwww-perl/6.61-1ubuntu0.1
[USN-8382-1] Exim vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8382-1
June 03, 2026
exim4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Exim.
Software Description:
- exim4: Exim is a mail transport agent
Details:
Timo Longin discovered that Exim incorrectly handled certain SMTP messages
in PIPELINING/CHUNKING configurations. A remote attacker could possibly use
this issue to perform SMTP smuggling. This issue only affected Ubuntu
14.04 LTS. (CVE-2023-51766)
It was discovered that Exim incorrectly handled certain malformed JSON
data in headers. A remote attacker could possibly use this issue to crash
Exim, resulting in a denial of service, or execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS. (CVE-2026-40685)
It was discovered that Exim incorrectly handled certain malformed UTF-8
headers. A remote attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 20.04 LTS.
(CVE-2026-40686)
It was discovered that Exim incorrectly handled certain SPA resources.
A remote attacker could possibly use this issue to crash Exim, resulting in
a denial of service, or obtain sensitive information. This issue only
affected Ubuntu 20.04 LTS. (CVE-2026-40687)
It was discovered that Exim incorrectly handled certain CHUNKING
transfers in some GnuTLS configurations. A remote attacker could possibly
use this issue to crash Exim, resulting in a denial of service, or execute
arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-45185)
Warisjeet Singh discovered that Exim incorrectly handled certain proxy
connections in builds with proxy support enabled. A remote attacker could
possibly use this issue to obtain sensitive information. This issue only
affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2026-48840)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
exim4 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
exim4-base 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
exim4-daemon-heavy 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
exim4-daemon-light 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
exim4-dev 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
eximon4 4.93-13ubuntu1.12+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
exim4 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
exim4-base 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
exim4-daemon-heavy 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
exim4-daemon-light 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
exim4-dev 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
eximon4 4.90.1-1ubuntu1.10+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
exim4 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
exim4-base 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
exim4-daemon-heavy 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
exim4-daemon-light 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
exim4-dev 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
eximon4 4.86.2-2ubuntu2.6+esm9
Available with Ubuntu Pro
Ubuntu 14.04 LTS
exim4 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
exim4-base 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
exim4-daemon-heavy 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
exim4-daemon-light 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
exim4-dev 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
eximon4 4.82-3ubuntu2.4+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8382-1
CVE-2023-51766, CVE-2026-40685, CVE-2026-40686, CVE-2026-40687,
CVE-2026-45185, CVE-2026-48840
