.NET, Linux Kernels, and OpenStack updates for Ubuntu

Ubuntu 7119 Published by

Ubuntu released a batch of security notices to address multiple critical vulnerabilities across its supported operating system versions. These patches cover a wide range of packages such as the .NET framework, OpenStack orchestration tools, cloud kernel drivers, lightweight network protocols, and password hashing libraries. Malicious users can leverage these design oversights to run unauthorized scripts or steal credentials by manipulating file paths and network packet handlers. System administrators should apply the recommended package upgrades immediately since a standard update routine will automatically resolve most of these issues without manual intervention.

[USN-8418-1] Crypt-SaltedHash vulnerability
[USN-8421-1] Ironic vulnerabilities
[USN-8426-1] Linux kernel (Azure) vulnerabilities
[USN-8423-1] lwIP vulnerabilities
[USN-8420-1] .NET vulnerabilities
[USN-8424-1] Ubuntu Kylin Software Center vulnerability
[USN-8422-1] Mistral vulnerability




[USN-8418-1] Crypt-SaltedHash vulnerability


==========================================================================
Ubuntu Security Notice USN-8418-1
June 10, 2026

libcrypt-saltedhash-perl vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Crypt-SaltedHash incorrectly generated random numbers.

Software Description:
- libcrypt-saltedhash-perl: module for handling salted hashes

Details:

It was discovered that Crypt-SaltedHash incorrectly generated salts using a
cryptographically weak pseudo-random number generator. An attacker could
possibly use this issue to predict generated salts, leading to a weakening
of cryptographic protections.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
libcrypt-saltedhash-perl 0.09-3ubuntu0.26.04.1~esm1
Available with Ubuntu Pro

Ubuntu 25.10
libcrypt-saltedhash-perl 0.09-3ubuntu0.25.10.1

Ubuntu 24.04 LTS
libcrypt-saltedhash-perl 0.09-3ubuntu0.24.04.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libcrypt-saltedhash-perl 0.09-1.1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libcrypt-saltedhash-perl 0.09-1ubuntu0.20.04.1~esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libcrypt-saltedhash-perl 0.09-1ubuntu0.18.04.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libcrypt-saltedhash-perl 0.09-1ubuntu0.16.04.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8418-1
CVE-2026-47372

Package Information:
https://launchpad.net/ubuntu/+source/libcrypt-saltedhash-perl/0.09-3ubuntu0.25.10.1



[USN-8421-1] Ironic vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8421-1
June 11, 2026

ironic vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Ironic.

Software Description:
- ironic: OpenStack service which provides the capability to orchestrate bare metal servers

Details:

Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not
properly validate file paths when handling ISO images. A privileged
authenticated remote user could use this issue to perform path
traversal via a crafted ISO image and overwrite arbitrary files on
the Ironic conductor. (CVE-2026-48681)

Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not
properly validate kernel command line parameters. A privileged
authenticated remote user could use this issue to inject
scripts during node boot and possibly execute arbitrary code.
(CVE-2026-46447)

Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic
incorrectly restricted access to custom PXE templates. A privileged
authenticated remote user could use this issue to read arbitrary
sensitive files on the Ironic conductor. (CVE-2026-44917)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
ironic-api 1:35.0.0-0ubuntu2.1
ironic-common 1:35.0.0-0ubuntu2.1
ironic-conductor 1:35.0.0-0ubuntu2.1
python3-ironic 1:35.0.0-0ubuntu2.1

Ubuntu 25.10
ironic-api 1:32.0.0-0ubuntu1.1
ironic-common 1:32.0.0-0ubuntu1.1
ironic-conductor 1:32.0.0-0ubuntu1.1
python3-ironic 1:32.0.0-0ubuntu1.1

Ubuntu 24.04 LTS
ironic-api 1:24.1.1-0ubuntu1.3
ironic-common 1:24.1.1-0ubuntu1.3
ironic-conductor 1:24.1.1-0ubuntu1.3
python3-ironic 1:24.1.1-0ubuntu1.3

Ubuntu 22.04 LTS
ironic-api 1:20.1.0-0ubuntu1.3
ironic-common 1:20.1.0-0ubuntu1.3
ironic-conductor 1:20.1.0-0ubuntu1.3
python3-ironic 1:20.1.0-0ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8421-1
CVE-2026-44917, CVE-2026-46447, CVE-2026-48681

Package Information:
https://launchpad.net/ubuntu/+source/ironic/1:35.0.0-0ubuntu2.1
https://launchpad.net/ubuntu/+source/ironic/1:32.0.0-0ubuntu1.1
https://launchpad.net/ubuntu/+source/ironic/1:24.1.1-0ubuntu1.3
https://launchpad.net/ubuntu/+source/ironic/1:20.1.0-0ubuntu1.3



[USN-8426-1] Linux kernel (Azure) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8426-1
June 11, 2026

linux-azure-5.15, linux-azure-fips vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS
- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems

Details:

It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)

It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503,
CVE-2026-46300)

Qualys discovered that a race condition existed in the ptrace subsystem of
the Linux kernel when privileged processes are exiting. An unprivileged
local attacker could use this issue to expose sensitive information.
(CVE-2026-46333)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Ethernet bonding driver;
- SMB network file system;
- Netfilter;
- io_uring subsystem;
- Packet sockets;
- RDS protocol;
- TLS protocol;
(CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351,
CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033,
CVE-2026-43077, CVE-2026-43078, CVE-2026-43494, CVE-2026-46028)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1114-azure-fips 5.15.0-1114.123+fips1
Available with Ubuntu Pro
linux-image-azure-fips 5.15.0.1114.99
Available with Ubuntu Pro
linux-image-azure-fips-5.15 5.15.0.1114.99
Available with Ubuntu Pro

Ubuntu 20.04 LTS
linux-image-5.15.0-1114-azure 5.15.0-1114.123~20.04.1
Available with Ubuntu Pro
linux-image-azure 5.15.0.1114.123~20.04.1
Available with Ubuntu Pro
linux-image-azure-5.15 5.15.0.1114.123~20.04.1
Available with Ubuntu Pro
linux-image-azure-cvm 5.15.0.1114.123~20.04.1
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8426-1
CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351,
CVE-2026-31419, CVE-2026-31431, CVE-2026-31504, CVE-2026-31533,
CVE-2026-43033, CVE-2026-43077, CVE-2026-43078, CVE-2026-43284,
CVE-2026-43494, CVE-2026-43500, CVE-2026-43503, CVE-2026-46028,
CVE-2026-46300, CVE-2026-46333

Package Information:
https://launchpad.net/ubuntu/+source/linux-azure-fips/5.15.0-1114.123+fips1



[USN-8423-1] lwIP vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8423-1
June 11, 2026

lwip vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in lwIP.

Software Description:
- lwip: Lightweight TCP/IP stack

Details:

It was discovered that lwIP contained a buffer overflow in the EAP
authentication handling code. An attacker could possibly use this issue
to trigger a buffer overflow, resulting in arbitrary code execution or a
denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-8597)

It was discovered that lwIP incorrectly handled certain ICMPv6 or
6LoWPAN packets. An attacker could possibly use this issue to trigger a
buffer overflow, resulting in information disclosure. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-22283, CVE-2020-22284)

It was discovered that lwIP did not properly validate certain SNMPv3
authentication parameters. An attacker could possibly use this issue to
trigger a stack-based buffer overflow, resulting in arbitrary code
execution or a denial of service. (CVE-2026-8836)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
liblwip-dev 2.2.1+dfsg1-4ubuntu0.1~esm1
Available with Ubuntu Pro
liblwip-doc 2.2.1+dfsg1-4ubuntu0.1~esm1
Available with Ubuntu Pro
liblwip0t64 2.2.1+dfsg1-4ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 24.04 LTS
liblwip-dev 2.2.0+dfsg1-6.1ubuntu0.1~esm1
Available with Ubuntu Pro
liblwip-doc 2.2.0+dfsg1-6.1ubuntu0.1~esm1
Available with Ubuntu Pro
liblwip0t64 2.2.0+dfsg1-6.1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
liblwip-dev 2.1.3+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
liblwip-doc 2.1.3+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
liblwip0 2.1.3+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
liblwip-dev 2.1.2+dfsg1-4ubuntu0.1~esm1
Available with Ubuntu Pro
liblwip-doc 2.1.2+dfsg1-4ubuntu0.1~esm1
Available with Ubuntu Pro
liblwip0 2.1.2+dfsg1-4ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8423-1
CVE-2020-22283, CVE-2020-22284, CVE-2020-8597, CVE-2026-8836



[USN-8420-1] .NET vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8420-1
June 11, 2026

dotnet8, dotnet9, dotnet10 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in .NET.

Software Description:
- dotnet10: .NET CLI tools and runtime
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime

Details:

It was discovered that .NET did not properly handle link resolution before
file access. A local attacker could use this issue to perform unauthorized
file tampering and write arbitrary files outside of the intended extraction
directory. (CVE-2026-45491)

It was discovered that .NET did not properly handle deeply-nested
MessagePack arrays. An attacker could use this to cause .NET to consume
excessive resources, resulting in a denial of service. (CVE-2026-45591)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
aspnetcore-runtime-10.0 10.0.9-0ubuntu1~26.04.1
dotnet-host-10.0 10.0.9-0ubuntu1~26.04.1
dotnet-hostfxr-10.0 10.0.9-0ubuntu1~26.04.1
dotnet-runtime-10.0 10.0.9-0ubuntu1~26.04.1
dotnet-sdk-10.0 10.0.109-0ubuntu1~26.04.1
dotnet-sdk-aot-10.0 10.0.109-0ubuntu1~26.04.1
dotnet-sdk-dbg-10.0 10.0.109-0ubuntu1~26.04.1
dotnet10 10.0.109-10.0.9-0ubuntu1~26.04.1

Ubuntu 25.10
aspnetcore-runtime-10.0 10.0.9-0ubuntu1~25.10.1
aspnetcore-runtime-8.0 8.0.28-0ubuntu1~25.10.1
aspnetcore-runtime-9.0 9.0.17-0ubuntu1~25.10.1
dotnet-host-10.0 10.0.9-0ubuntu1~25.10.1
dotnet-host-8.0 8.0.28-0ubuntu1~25.10.1
dotnet-host-9.0 9.0.17-0ubuntu1~25.10.1
dotnet-hostfxr-10.0 10.0.9-0ubuntu1~25.10.1
dotnet-hostfxr-8.0 8.0.28-0ubuntu1~25.10.1
dotnet-hostfxr-9.0 9.0.17-0ubuntu1~25.10.1
dotnet-runtime-10.0 10.0.9-0ubuntu1~25.10.1
dotnet-runtime-8.0 8.0.28-0ubuntu1~25.10.1
dotnet-runtime-9.0 9.0.17-0ubuntu1~25.10.1
dotnet-sdk-10.0 10.0.109-0ubuntu1~25.10.1
dotnet-sdk-8.0 8.0.128-0ubuntu1~25.10.1
dotnet-sdk-9.0 9.0.118-0ubuntu1~25.10.1
dotnet-sdk-aot-10.0 10.0.109-0ubuntu1~25.10.1
dotnet-sdk-aot-9.0 9.0.118-0ubuntu1~25.10.1
dotnet-sdk-dbg-10.0 10.0.109-0ubuntu1~25.10.1
dotnet-sdk-dbg-9.0 9.0.118-0ubuntu1~25.10.1
dotnet10 10.0.109-10.0.9-0ubuntu1~25.10.1
dotnet8 8.0.128-8.0.28-0ubuntu1~25.10.1
dotnet9 9.0.118-9.0.17-0ubuntu1~25.10.1

Ubuntu 24.04 LTS
aspnetcore-runtime-10.0 10.0.9-0ubuntu1~24.04.1
aspnetcore-runtime-8.0 8.0.28-0ubuntu1~24.04.1
dotnet-host-10.0 10.0.9-0ubuntu1~24.04.1
dotnet-host-8.0 8.0.28-0ubuntu1~24.04.1
dotnet-hostfxr-10.0 10.0.9-0ubuntu1~24.04.1
dotnet-hostfxr-8.0 8.0.28-0ubuntu1~24.04.1
dotnet-runtime-10.0 10.0.9-0ubuntu1~24.04.1
dotnet-runtime-8.0 8.0.28-0ubuntu1~24.04.1
dotnet-sdk-10.0 10.0.109-0ubuntu1~24.04.1
dotnet-sdk-8.0 8.0.128-0ubuntu1~24.04.1
dotnet-sdk-aot-10.0 10.0.109-0ubuntu1~24.04.1
dotnet-sdk-dbg-10.0 10.0.109-0ubuntu1~24.04.1
dotnet10 10.0.109-10.0.9-0ubuntu1~24.04.1
dotnet8 8.0.128-8.0.28-0ubuntu1~24.04.1

Ubuntu 22.04 LTS
aspnetcore-runtime-8.0 8.0.28-0ubuntu1~22.04.1
dotnet-host-8.0 8.0.28-0ubuntu1~22.04.1
dotnet-hostfxr-8.0 8.0.28-0ubuntu1~22.04.1
dotnet-runtime-8.0 8.0.28-0ubuntu1~22.04.1
dotnet-sdk-8.0 8.0.128-0ubuntu1~22.04.1
dotnet8 8.0.128-8.0.28-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8420-1
CVE-2026-45491, CVE-2026-45591

Package Information:
https://launchpad.net/ubuntu/+source/dotnet10/10.0.109-10.0.9-0ubuntu1~26.04.1
https://launchpad.net/ubuntu/+source/dotnet10/10.0.109-10.0.9-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.128-8.0.28-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet9/9.0.118-9.0.17-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet10/10.0.109-10.0.9-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.128-8.0.28-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.128-8.0.28-0ubuntu1~22.04.1



[USN-8424-1] Ubuntu Kylin Software Center vulnerability


==========================================================================
Ubuntu Security Notice USN-8424-1
June 11, 2026

ubuntu-kylin-software-center vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS

Summary:

Ubuntu Kylin Software Center could be made to run programs as an
administrator if it received specially crafted input via its D-Bus service.

Software Description:
- ubuntu-kylin-software-center: Software maintenance management tools

Details:

It was discovered that Ubuntu Kylin Software Center incorrectly
handled user-supplied input in its D-Bus service. A local attacker
could possibly use this issue to gain administrative privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
ubuntu-kylin-software-center 4.5.77.1ubuntu0.1

In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-8424-1
https://launchpad.net/bugs/2154543

Package Information:
https://launchpad.net/ubuntu/+source/ubuntu-kylin-software-center/4.5.77.1ubuntu0.1



[USN-8422-1] Mistral vulnerability


==========================================================================
Ubuntu Security Notice USN-8422-1
June 11, 2026

mistral vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Mistral could be made to expose sensitive information or run code.

Software Description:
- mistral: OpenStack Workflow Service

Details:

Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral
did not properly enforce access policies on some API endpoints. An
attacker could possibly execute arbitrary code on a Mistral worker and
possibly extract sensitive data including service credentials from it.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
mistral-api 22.0.0-0ubuntu1.1
mistral-common 22.0.0-0ubuntu1.1
mistral-engine 22.0.0-0ubuntu1.1
mistral-event-engine 22.0.0-0ubuntu1.1
mistral-executor 22.0.0-0ubuntu1.1
python3-mistral 22.0.0-0ubuntu1.1

Ubuntu 25.10
mistral-api 21.0.0-0ubuntu1.1
mistral-common 21.0.0-0ubuntu1.1
mistral-engine 21.0.0-0ubuntu1.1
mistral-event-engine 21.0.0-0ubuntu1.1
mistral-executor 21.0.0-0ubuntu1.1
python3-mistral 21.0.0-0ubuntu1.1

Ubuntu 24.04 LTS
mistral-api 18.0.1-0ubuntu1.1
mistral-common 18.0.1-0ubuntu1.1
mistral-engine 18.0.1-0ubuntu1.1
mistral-event-engine 18.0.1-0ubuntu1.1
mistral-executor 18.0.1-0ubuntu1.1
python3-mistral 18.0.1-0ubuntu1.1

Ubuntu 22.04 LTS
mistral-api 14.0.0-0ubuntu1.1
mistral-common 14.0.0-0ubuntu1.1
mistral-engine 14.0.0-0ubuntu1.1
mistral-event-engine 14.0.0-0ubuntu1.1
mistral-executor 14.0.0-0ubuntu1.1
python3-mistral 14.0.0-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8422-1
CVE-2026-41283

Package Information:
https://launchpad.net/ubuntu/+source/mistral/22.0.0-0ubuntu1.1
https://launchpad.net/ubuntu/+source/mistral/21.0.0-0ubuntu1.1
https://launchpad.net/ubuntu/+source/mistral/18.0.1-0ubuntu1.1
https://launchpad.net/ubuntu/+source/mistral/14.0.0-0ubuntu1.1


Chromium, Nginx, OpenSSH, WebKit2GTK3, and more updates for SUSE

Qubes OS 4.3.1 Released: Secure Updates, Template Fixes, and Upgrade Steps

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...