Ubuntu 7152 Published by

Ubuntu released a batch of security notices addressing numerous vulnerabilities across the Linux kernel and several core applications. These updates patch critical flaws in kernel configurations for AWS, GCP, Raspberry Pi, and standard hardware enablement systems, alongside fixes for LuaJIT, libslirp, python-idna, Sympa, Tomcat, and .NET. The corrected issues span privilege escalation risks, remote code execution vectors, authorization bypasses, and denial of service triggers tied to hundreds of identified CVE identifiers.

[USN-8548-1] Linux kernel vulnerabilities
[USN-8547-1] Linux kernel vulnerabilities
[USN-8546-1] Linux kernel (Raspberry Pi) vulnerabilities
[USN-8545-1] Linux kernel (HWE) vulnerabilities
[USN-8544-1] LuaJIT vulnerabilities
[USN-8550-1] libslirp vulnerability
[USN-8549-1] idna vulnerability
[USN-8552-1] Sympa vulnerability
[USN-8551-1] Tomcat vulnerabilities
[USN-8553-1] .NET vulnerabilities




[USN-8548-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8548-1
July 15, 2026

linux-aws, linux-fips, linux-lts-xenial vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-fips: Linux kernel with FIPS
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SCSI subsystem;
- Thermal drivers;
- USB over IP driver;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Tracing infrastructure;
- B.A.T.M.A.N. meshing protocol;
- Ceph Core library;
- DCCP (Datagram Congestion Control Protocol);
- IPv4 networking;
- IPv6 networking;
- Netfilter;
- RxRPC session sockets;
- X.25 network layer;
(CVE-2021-47117, CVE-2021-47202, CVE-2023-52646, CVE-2024-56643,
CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637,
CVE-2026-31659, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037,
CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414,
CVE-2026-45988, CVE-2026-46119, CVE-2026-46243)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
linux-image-4.4.0-1126-fips 4.4.0-1126.133
Available with Ubuntu Pro
linux-image-fips 4.4.0.1126.128
Available with Ubuntu Pro

Ubuntu 14.04 LTS
linux-image-4.4.0-1156-aws 4.4.0-1156.162
Available with Ubuntu Pro
linux-image-4.4.0-283-generic 4.4.0-283.317~14.04.1
Available with Ubuntu Pro
linux-image-4.4.0-283-lowlatency 4.4.0-283.317~14.04.1
Available with Ubuntu Pro
linux-image-aws 4.4.0.1156.153
Available with Ubuntu Pro
linux-image-generic-lts-xenial 4.4.0.283.317~14.04.1
Available with Ubuntu Pro
linux-image-lowlatency-lts-xenial 4.4.0.283.317~14.04.1
Available with Ubuntu Pro
linux-image-virtual-lts-xenial 4.4.0.283.317~14.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8548-1
CVE-2021-47117, CVE-2021-47202, CVE-2023-52646, CVE-2024-56643,
CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637,
CVE-2026-31659, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037,
CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414,
CVE-2026-43503, CVE-2026-45988, CVE-2026-46119, CVE-2026-46243

Package Information:
https://launchpad.net/ubuntu/+source/linux-fips/4.4.0-1126.133



[USN-8547-1] Linux kernel vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8547-1
July 15, 2026

linux-gcp-5.15, linux-intel-iotg-5.15 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-gcp-5.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- RISC-V architecture;
- Cryptographic API;
- InfiniBand drivers;
- IOMMU subsystem;
- Network drivers;
- STMicroelectronics network drivers;
- NVME drivers;
- x86 platform drivers;
- SCSI subsystem;
- SPI subsystem;
- TCM subsystem;
- USB over IP driver;
- File systems infrastructure;
- HFS+ file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- IPv6 networking;
- Tracing infrastructure;
- Timer subsystem;
- B.A.T.M.A.N. meshing protocol;
- Bluetooth subsystem;
- Ethernet bridge;
- Ceph Core library;
- IPv4 networking;
- MAC80211 subsystem;
- Multipath TCP;
- Netfilter;
- RxRPC session sockets;
- SMC sockets;
- Sun RPC protocol;
- X.25 network layer;
- AMD SoC Alsa drivers;
- KVM subsystem;
(CVE-2022-48816, CVE-2023-53673, CVE-2025-37778, CVE-2025-37822,
CVE-2025-37924, CVE-2025-38201, CVE-2025-40082, CVE-2025-68214,
CVE-2025-68263, CVE-2025-71089, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2026-23176, CVE-2026-23180, CVE-2026-23182,
CVE-2026-23190, CVE-2026-23193, CVE-2026-23198, CVE-2026-23202,
CVE-2026-23206, CVE-2026-23216, CVE-2026-23256, CVE-2026-23257,
CVE-2026-23258, CVE-2026-23262, CVE-2026-23272, CVE-2026-23278,
CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402,
CVE-2026-31418, CVE-2026-31478, CVE-2026-31607, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011,
CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43114,
CVE-2026-43117, CVE-2026-43185, CVE-2026-43186, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43383, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45988,
CVE-2026-46043, CVE-2026-46119, CVE-2026-46135, CVE-2026-46195,
CVE-2026-46243)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
linux-image-5.15.0-1106-intel-iotg 5.15.0-1106.112~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-1111-gcp 5.15.0-1111.121~20.04.1
Available with Ubuntu Pro
linux-image-gcp 5.15.0.1111.121~20.04.1
Available with Ubuntu Pro
linux-image-gcp-5.15 5.15.0.1111.121~20.04.1
Available with Ubuntu Pro
linux-image-intel 5.15.0.1106.112~20.04.1
Available with Ubuntu Pro
linux-image-intel-iotg 5.15.0.1106.112~20.04.1
Available with Ubuntu Pro
linux-image-intel-iotg-5.15 5.15.0.1106.112~20.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8547-1
CVE-2022-48816, CVE-2023-53673, CVE-2025-37778, CVE-2025-37822,
CVE-2025-37924, CVE-2025-38201, CVE-2025-40082, CVE-2025-68214,
CVE-2025-68263, CVE-2025-71089, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2026-23176, CVE-2026-23180, CVE-2026-23182,
CVE-2026-23190, CVE-2026-23193, CVE-2026-23198, CVE-2026-23202,
CVE-2026-23206, CVE-2026-23216, CVE-2026-23256, CVE-2026-23257,
CVE-2026-23258, CVE-2026-23262, CVE-2026-23272, CVE-2026-23278,
CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402,
CVE-2026-31418, CVE-2026-31478, CVE-2026-31607, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011,
CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43114,
CVE-2026-43117, CVE-2026-43185, CVE-2026-43186, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43383, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45988,
CVE-2026-46043, CVE-2026-46119, CVE-2026-46135, CVE-2026-46195,
CVE-2026-46243



[USN-8546-1] Linux kernel (Raspberry Pi) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8546-1
July 15, 2026

linux-raspi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-raspi: Linux kernel for Raspberry Pi systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- Cryptographic API;
- DMA engine subsystem;
- InfiniBand drivers;
- STMicroelectronics network drivers;
- Network drivers;
- NVME drivers;
- SCSI subsystem;
- USB over IP driver;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Kernel thread helper (kthread);
- IPv6 networking;
- Tracing infrastructure;
- Kernel exit() syscall;
- Scatterlist API;
- B.A.T.M.A.N. meshing protocol;
- Ethernet bridge;
- Ceph Core library;
- IPv4 networking;
- Multipath TCP;
- Netfilter;
- RxRPC session sockets;
- SMC sockets;
- X.25 network layer;
(CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392,
CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448,
CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718,
CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071,
CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125,
CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383,
CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898,
CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195,
CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289,
CVE-2026-46316, CVE-2026-46325)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
linux-image-6.17.0-1021-raspi 6.17.0-1021.21
linux-image-raspi 6.17.0-1021.21
linux-image-raspi-6.17 6.17.0-1021.21

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8546-1
CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392,
CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448,
CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718,
CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071,
CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125,
CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383,
CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898,
CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195,
CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289,
CVE-2026-46316, CVE-2026-46325

Package Information:
https://launchpad.net/ubuntu/+source/linux-raspi/6.17.0-1021.21



[USN-8545-1] Linux kernel (HWE) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8545-1
July 15, 2026

linux-hwe-6.17 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-hwe-6.17: Linux hardware enablement (HWE) kernel

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Block layer subsystem;
- Cryptographic API;
- DMA engine subsystem;
- InfiniBand drivers;
- STMicroelectronics network drivers;
- Network drivers;
- NVME drivers;
- SCSI subsystem;
- USB over IP driver;
- File systems infrastructure;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Kernel thread helper (kthread);
- IPv6 networking;
- Tracing infrastructure;
- Kernel exit() syscall;
- Scatterlist API;
- B.A.T.M.A.N. meshing protocol;
- Ethernet bridge;
- Ceph Core library;
- IPv4 networking;
- Multipath TCP;
- Netfilter;
- RxRPC session sockets;
- SMC sockets;
- X.25 network layer;
(CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392,
CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448,
CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718,
CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071,
CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125,
CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383,
CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898,
CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195,
CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289,
CVE-2026-46316, CVE-2026-46325)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.17.0-40-generic 6.17.0-40.40~24.04.1
linux-image-6.17.0-40-generic-64k 6.17.0-40.40~24.04.1
linux-image-generic-6.17 6.17.0-40.40~24.04.1
linux-image-generic-64k-6.17 6.17.0-40.40~24.04.1
linux-image-generic-64k-hwe-24.04 6.17.0-40.40~24.04.1
linux-image-generic-hwe-24.04 6.17.0-40.40~24.04.1
linux-image-virtual-6.17 6.17.0-40.40~24.04.1
linux-image-virtual-hwe-24.04 6.17.0-40.40~24.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8545-1
CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392,
CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448,
CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718,
CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071,
CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125,
CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383,
CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898,
CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195,
CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289,
CVE-2026-46316, CVE-2026-46325

Package Information:
https://launchpad.net/ubuntu/+source/linux-hwe-6.17/6.17.0-40.40~24.04.1



[USN-8544-1] LuaJIT vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8544-1
July 14, 2026

luajit vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in LuaJIT.

Software Description:
- luajit: Just-In-Time Compiler for Lua

Details:

It was discovered that LuaJIT incorrectly handled certain inputs. An attacker
could possibly use these issues to cause a crash, resulting in a denial of
service, or execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libluajit-5.1-2 2.1.0+git20231223.c525bcb+dfsg-1ubuntu0.1
libluajit-5.1-common 2.1.0+git20231223.c525bcb+dfsg-1ubuntu0.1
luajit 2.1.0+git20231223.c525bcb+dfsg-1ubuntu0.1

Ubuntu 22.04 LTS
libluajit-5.1-2 2.1.0~beta3+dfsg-6ubuntu0.1
libluajit-5.1-common 2.1.0~beta3+dfsg-6ubuntu0.1
luajit 2.1.0~beta3+dfsg-6ubuntu0.1

Ubuntu 20.04 LTS
libluajit-5.1-2 2.1.0~beta3+dfsg-5.1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
libluajit-5.1-common 2.1.0~beta3+dfsg-5.1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro
luajit 2.1.0~beta3+dfsg-5.1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libluajit-5.1-2 2.1.0~beta3+dfsg-5.1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
libluajit-5.1-common 2.1.0~beta3+dfsg-5.1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro
luajit 2.1.0~beta3+dfsg-5.1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libluajit-5.1-2 2.0.4+dfsg-1+deb9u1ubuntu0.1~esm1
Available with Ubuntu Pro
libluajit-5.1-common 2.0.4+dfsg-1+deb9u1ubuntu0.1~esm1
Available with Ubuntu Pro
luajit 2.0.4+dfsg-1+deb9u1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libluajit-5.1-2 2.0.2+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libluajit-5.1-common 2.0.2+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
luajit 2.0.2+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8544-1
CVE-2024-25176, CVE-2024-25177, CVE-2024-25178

Package Information:
https://launchpad.net/ubuntu/+source/luajit/2.1.0+git20231223.c525bcb+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/luajit/2.1.0~beta3+dfsg-6ubuntu0.1



[USN-8550-1] libslirp vulnerability


==========================================================================
Ubuntu Security Notice USN-8550-1
July 15, 2026

libslirp vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

libslirp could be made to expose sensitive information over the network.

Software Description:
- libslirp: General purpose TCP-IP emulator library

Details:

It was discovered that libslirp incorrectly handled TCP urgent data. A
privileged attacker inside a guest VM could possibly use this issue to
obtain sensitive information from the host process memory.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
libslirp0 4.9.1-1ubuntu1.1

Ubuntu 24.04 LTS
libslirp0 4.7.0-1ubuntu3.1

Ubuntu 22.04 LTS
libslirp0 4.6.1-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8550-1
CVE-2026-9539

Package Information:
https://launchpad.net/ubuntu/+source/libslirp/4.9.1-1ubuntu1.1
https://launchpad.net/ubuntu/+source/libslirp/4.7.0-1ubuntu3.1
https://launchpad.net/ubuntu/+source/libslirp/4.6.1-1ubuntu0.2



[USN-8549-1] idna vulnerability


==========================================================================
Ubuntu Security Notice USN-8549-1
July 15, 2026

python-idna vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

idna could be made to consume resources if it received specially crafted
input.

Software Description:
- python-idna: Python IDNA2008 (RFC 5891) handling

Details:

It was discovered that idna did not properly reject oversized inputs before
performing expensive processing. An attacker could possibly use this issue
to cause idna to consume significant resources, leading to a denial of
service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
python3-idna 3.11-1ubuntu0.1

Ubuntu 24.04 LTS
python3-idna 3.6-2ubuntu0.2

Ubuntu 22.04 LTS
python3-idna 3.3-1ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8549-1
CVE-2026-45409

Package Information:
https://launchpad.net/ubuntu/+source/python-idna/3.11-1ubuntu0.1
https://launchpad.net/ubuntu/+source/python-idna/3.6-2ubuntu0.2
https://launchpad.net/ubuntu/+source/python-idna/3.3-1ubuntu0.2



[USN-8552-1] Sympa vulnerability


==========================================================================
Ubuntu Security Notice USN-8552-1
July 15, 2026

sympa vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Sympa could allow unintended access to network services.

Software Description:
- sympa: mailing list management software

Details:

It was discovered that Sympa did not properly validate input on the
generic SSO login. A remote attacker could possibly use this issue to
perform a path traversal attack and gain unintended access.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
sympa 6.2.70~dfsg-2+deb12u1build0.24.04.1

Ubuntu 22.04 LTS
sympa 6.2.66~dfsg-2ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
sympa 6.2.40~dfsg-4ubuntu0.20.04.1~esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
sympa 6.2.24~dfsg-1ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
sympa 6.1.24~dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro

After a standard system update you need to restart sympa to make
all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8552-1
CVE-2024-55919

Package Information:
https://launchpad.net/ubuntu/+source/sympa/6.2.70~dfsg-2+deb12u1build0.24.04.1



[USN-8551-1] Tomcat vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8551-1
July 15, 2026

tomcat8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Several security issues were fixed in Tomcat.

Software Description:
- tomcat8: Servlet and JSP engine

Details:

It was discovered that Tomcat incorrectly handled authorization when
multiple method constraints defined the same HTTP method. A remote
attacker could possibly use this issue to bypass authorization
restrictions. (CVE-2026-43515)

It was discovered that the Tomcat number guess example application did
not properly sanitize user-supplied input. An attacker could possibly
use this issue to inject malicious scripts, resulting in cross-site
scripting. (CVE-2026-50229)

It was discovered that Tomcat incorrectly evaluated rewrite valve
conditions in certain configurations. An attacker could possibly use
this issue to bypass rewrite rules, resulting in unauthorized access.
(CVE-2026-53404)

It was discovered that Tomcat incorrectly omitted certain authorization
information when logging the effective web.xml configuration. An
attacker could possibly use this issue to hide authorization
constraints, resulting in reduced auditability. (CVE-2026-55276)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
libtomcat8-embed-java 8.5.39-1ubuntu1~18.04.3+esm6
Available with Ubuntu Pro
libtomcat8-java 8.5.39-1ubuntu1~18.04.3+esm6
Available with Ubuntu Pro
tomcat8-examples 8.5.39-1ubuntu1~18.04.3+esm6
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libtomcat8-java 8.0.32-1ubuntu1.13+esm2
Available with Ubuntu Pro
tomcat8-examples 8.0.32-1ubuntu1.13+esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8551-1
CVE-2026-43515, CVE-2026-50229, CVE-2026-53404, CVE-2026-55276



[USN-8553-1] .NET vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8553-1
July 15, 2026

dotnet8, dotnet10 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in .NET.

Software Description:
- dotnet10: .NET CLI tools and runtime
- dotnet8: .NET CLI tools and runtime

Details:

Artur Stetsko discovered that the .NET did not properly validate
authentication data. An attacker could possibly use this issue to elevate
privileges. (CVE-2026-47300)

Levi Broderick discovered that .NET did not properly handle XML encryption
during parsing. An attacker could possibly use this issue to consume
excessive resources, resulting in a denial of service. (CVE-2026-47302)

Pham Quang Minh discovered that .NET did not properly parse
authentication data. An attacker could possibly use this issue to bypass
authentication and elevate privileges. (CVE-2026-47303)

Levi Broderick discovered that .NET did not properly verify cryptographic
signatures during XML encryption. An attacker could possibly use this issue
to bypass security features over a network and access encrypted data.
(CVE-2026-47304)

It was discovered that .NET did not properly validate input during TLS
handshakes. An attacker could possibly use this issue to cause .NET to
crash, resulting in a denial of service. (CVE-2026-50524)

Levi Broderick discovered that .NET did not properly handle resource
allocation during XML encryption. An attacker could possibly use this issue
to consume excessive resources, resulting in a denial of service.
(CVE-2026-50525)

Siwei Li discovered that .NET did not properly handle link resolution
before file access during the container image build process. A local
attacker could possibly use this issue to inject resources that could be
incorporated into container images built by other users on the same
machine. (CVE-2026-50526)

Levi Broderick discovered that .NET did not properly handle memory while
performing XML encryption. An attacker could possibly use this issue to
cause .NET to crash, resulting in a denial of service. (CVE-2026-50527)

Henrique Pereira discovered that .NET did not properly handle
authorization checks during TLS/SSL connections. An attacker could
possibly use this issue to bypass authorization checks during secure
communications. (CVE-2026-50528)

It was discovered that .NET did not properly handle resource allocation
during XML encryption. An attacker could possibly use this issue to
consume excessive resources, resulting in a denial of service.
(CVE-2026-50648)

Miha Zupan discovered that .NET did not properly limit resource
allocation when handling HTTP/2 requests. An attacker could possibly use
this issue to consume excessive resources, resulting in a denial of
service. (CVE-2026-50651)

It was discovered that the .NET SMTP client did not properly handle the
encoding or escaping of output. An attacker could possibly use this issue
to spoof messages during message routing. (CVE-2026-50659)

It was discovered that .NET did not properly validate resource types when
parsing X.509 certificates. An attacker could possibly use this issue to
cause .NET to crash, resulting in a denial of service. (CVE-2026-57108)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
aspnetcore-runtime-10.0 10.0.10-0ubuntu1~26.04.1
dotnet-host-10.0 10.0.10-0ubuntu1~26.04.1
dotnet-hostfxr-10.0 10.0.10-0ubuntu1~26.04.1
dotnet-runtime-10.0 10.0.10-0ubuntu1~26.04.1
dotnet-sdk-10.0 10.0.110-0ubuntu1~26.04.1
dotnet-sdk-aot-10.0 10.0.110-0ubuntu1~26.04.1
dotnet10 10.0.110-10.0.10-0ubuntu1~26.04.1

Ubuntu 24.04 LTS
aspnetcore-runtime-10.0 10.0.10-0ubuntu1~24.04.1
aspnetcore-runtime-8.0 8.0.29-0ubuntu1~24.04.1
dotnet-host-10.0 10.0.10-0ubuntu1~24.04.1
dotnet-host-8.0 8.0.29-0ubuntu1~24.04.1
dotnet-hostfxr-10.0 10.0.10-0ubuntu1~24.04.1
dotnet-hostfxr-8.0 8.0.29-0ubuntu1~24.04.1
dotnet-runtime-10.0 10.0.10-0ubuntu1~24.04.1
dotnet-runtime-8.0 8.0.29-0ubuntu1~24.04.1
dotnet-sdk-10.0 10.0.110-0ubuntu1~24.04.1
dotnet-sdk-8.0 8.0.129-0ubuntu1~24.04.1
dotnet-sdk-aot-10.0 10.0.110-0ubuntu1~24.04.1
dotnet10 10.0.110-10.0.10-0ubuntu1~24.04.1
dotnet8 8.0.129-8.0.29-0ubuntu1~24.04.1

Ubuntu 22.04 LTS
aspnetcore-runtime-8.0 8.0.29-0ubuntu1~22.04.1
dotnet-host-8.0 8.0.29-0ubuntu1~22.04.1
dotnet-hostfxr-8.0 8.0.29-0ubuntu1~22.04.1
dotnet-runtime-8.0 8.0.29-0ubuntu1~22.04.1
dotnet-sdk-8.0 8.0.129-0ubuntu1~22.04.1
dotnet8 8.0.129-8.0.29-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8553-1
CVE-2026-47300, CVE-2026-47302, CVE-2026-47303, CVE-2026-47304,
CVE-2026-50524, CVE-2026-50525, CVE-2026-50526, CVE-2026-50527,
CVE-2026-50528, CVE-2026-50648, CVE-2026-50651, CVE-2026-50659,
CVE-2026-57108

Package Information:
https://launchpad.net/ubuntu/+source/dotnet10/10.0.110-10.0.10-0ubuntu1~26.04.1
https://launchpad.net/ubuntu/+source/dotnet10/10.0.110-10.0.10-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.129-8.0.29-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.129-8.0.29-0ubuntu1~22.04.1