[USN-8455-1] Netatalk vulnerabilities
[USN-8458-1] nginx vulnerabilities
[USN-8459-1] HAProxy vulnerabilities
[USN-8457-1] MySQL vulnerabilities
[USN-8447-3] Google Guest Agent vulnerabilities
[USN-8462-1] Linux kernel (Oracle) vulnerabilities
[USN-8388-2] Linux kernel vulnerabilities
[USN-8461-1] Linux kernel (Azure) vulnerabilities
[USN-8460-1] libxml2 vulnerabilities
[USN-8455-1] Netatalk vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8455-1
June 22, 2026
netatalk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Netatalk.
Software Description:
- netatalk: Apple Filing Protocol service
Details:
Arjun Basnet discovered that Netatalk improperly validated inputs when
unmarshalling Spotlight Remote Procedure Call. A remote authenticated
attacker could possibly use this issue to cause a denial of service or
obtain sensitive information. (CVE-2026-44066)
Arjun Basnet discovered that Netatalk improperly sanitized extended
attribute path components. A remote authenticated attacker could possibly
use this issue to perform path traversal attacks and write to arbitrary
files outside the intended metadata directory. (CVE-2026-44068)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
netatalk 4.2.3~ds-2.1ubuntu0.2
Ubuntu 24.04 LTS
netatalk 3.1.18~ds-1ubuntu0.1~esm3
Available with Ubuntu Pro
Ubuntu 22.04 LTS
netatalk 3.1.12~ds-9ubuntu0.22.04.4+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
netatalk 3.1.12~ds-4ubuntu0.20.04.4+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
netatalk 2.2.6-1ubuntu0.18.04.2+esm4
Available with Ubuntu Pro
Ubuntu 16.04 LTS
netatalk 2.2.5-1ubuntu0.2+esm4
Available with Ubuntu Pro
Ubuntu 14.04 LTS
netatalk 2.2.2-1ubuntu2.2+esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8455-1
CVE-2026-44066, CVE-2026-44068
Package Information:
https://launchpad.net/ubuntu/+source/netatalk/4.2.3~ds-2.1ubuntu0.2
[USN-8458-1] nginx vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8458-1
June 22, 2026
nginx vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description:
- nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that nginx incorrectly handled large headers when
proxying HTTP/2 traffic. A remote attacker could use this issue to cause
nginx to crash, resulting in a denial of service, or possibly execute
arbitrary code. The default compiler options for affected releases should
reduce the vulnerability to a denial of service. (CVE-2026-42055)
It was discovered that nginx incorrectly handled character set conversion
under certain circumstances. A remote attacker could possibly use this
issue to obtain sensitive information or cause nginx to crash, resulting in
a denial of service. (CVE-2026-48142)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
nginx 1.28.3-2ubuntu1.6
nginx-core 1.28.3-2ubuntu1.6
nginx-extras 1.28.3-2ubuntu1.6
nginx-full 1.28.3-2ubuntu1.6
nginx-light 1.28.3-2ubuntu1.6
Ubuntu 25.10
nginx 1.28.0-6ubuntu1.8
nginx-core 1.28.0-6ubuntu1.8
nginx-extras 1.28.0-6ubuntu1.8
nginx-full 1.28.0-6ubuntu1.8
nginx-light 1.28.0-6ubuntu1.8
Ubuntu 24.04 LTS
nginx 1.24.0-2ubuntu7.13
nginx-core 1.24.0-2ubuntu7.13
nginx-extras 1.24.0-2ubuntu7.13
nginx-full 1.24.0-2ubuntu7.13
nginx-light 1.24.0-2ubuntu7.13
Ubuntu 22.04 LTS
nginx 1.18.0-6ubuntu14.16
nginx-core 1.18.0-6ubuntu14.16
nginx-extras 1.18.0-6ubuntu14.16
nginx-full 1.18.0-6ubuntu14.16
nginx-light 1.18.0-6ubuntu14.16
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8458-1
CVE-2026-42055, CVE-2026-48142
Package Information:
https://launchpad.net/ubuntu/+source/nginx/1.28.3-2ubuntu1.6
https://launchpad.net/ubuntu/+source/nginx/1.28.0-6ubuntu1.8
https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.13
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.16
[USN-8459-1] HAProxy vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8459-1
June 22, 2026
haproxy vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in HAProxy.
Software Description:
- haproxy: fast and reliable load balancing reverse proxy
Details:
It was discovered that HAProxy incorrectly handled the FCGI demultiplexer
record length field. A remote attacker could possibly use this issue to
cause incorrect request routing, response smuggling, or other memory safety
issues. (CVE-2026-55203)
It was discovered that HAProxy failed to validate the return value of the
HPACK dynamic table defragmentation function when memory was exhausted. A
remote attacker could possibly use this issue to cause HAProxy to crash,
resulting in a denial of service. (CVE-2026-55204)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
haproxy 3.2.9-1ubuntu2.2
Ubuntu 25.10
haproxy 3.0.12-0ubuntu0.25.10.5
Ubuntu 24.04 LTS
haproxy 2.8.16-0ubuntu0.24.04.3
Ubuntu 22.04 LTS
haproxy 2.4.30-0ubuntu0.22.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8459-1
CVE-2026-55203, CVE-2026-55204
Package Information:
https://launchpad.net/ubuntu/+source/haproxy/3.2.9-1ubuntu2.2
https://launchpad.net/ubuntu/+source/haproxy/3.0.12-0ubuntu0.25.10.5
https://launchpad.net/ubuntu/+source/haproxy/2.8.16-0ubuntu0.24.04.3
https://launchpad.net/ubuntu/+source/haproxy/2.4.30-0ubuntu0.22.04.2
[USN-8457-1] MySQL vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8457-1
June 22, 2026
mysql-8.0, mysql-8.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-8.4: MySQL database
- mysql-8.0: MySQL database
Details:
It was discovered that MySQL Router incorrectly handled repeated TLS
protocol upgrade requests. An unauthenticated remote attacker could
possibly use this issue to cause MySQL Router to crash, resulting in a
denial of service. (CVE-2026-46862)
It was discovered that MySQL Server incorrectly handled connection
authentication. An unauthenticated remote attacker could possibly use this
issue to cause MySQL to crash, resulting in a denial of service.
(CVE-2026-46863)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
mysql-server 8.4.10-0ubuntu0.26.04.1
Ubuntu 25.10
mysql-server 8.4.10-0ubuntu0.25.10.1
Ubuntu 24.04 LTS
mysql-server-8.0 8.0.46-0ubuntu0.24.04.3
Ubuntu 22.04 LTS
mysql-server-8.0 8.0.46-0ubuntu0.22.04.3
This update may use a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-8457-1
CVE-2026-46862, CVE-2026-46863
Package Information:
https://launchpad.net/ubuntu/+source/mysql-8.4/8.4.10-0ubuntu0.26.04.1
https://launchpad.net/ubuntu/+source/mysql-8.4/8.4.10-0ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.46-0ubuntu0.24.04.3
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.46-0ubuntu0.22.04.3
[USN-8447-3] Google Guest Agent vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8447-3
June 22, 2026
google-guest-agent vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Google Guest Agent.
Software Description:
- google-guest-agent: Google Compute Engine Guest Agent
Details:
USN-8447-1 fixed vulnerabilities in Go Cryptography. This update provides
the corresponding updates for Go Cryptography code embedded in Google
Guest Agent.
Original advisory details:
It was discovered that Go Cryptography did not properly handle SSH global
request responses. A remote attacker could possibly use this issue to cause
a denial of service. (CVE-2026-39830)
It was discovered that Go Cryptography did not properly verify user
presence when using FIDO/U2F security keys. An attacker could possibly use
this issue to bypass user presence verification for hardware security keys.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04
LTS, and Ubuntu 26.04 LTS. (CVE-2026-39831)
It was discovered that Go Cryptography did not properly serialize SSH agent
key constraint extensions. An attacker could possibly use this issue to
bypass intended key usage restrictions. This issue only affected Ubuntu
20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS.
(CVE-2026-39832)
It was discovered that Go Cryptography did not properly enforce the
confirm-before-use constraint in the SSH agent keyring. An attacker could
possibly use this issue to use SSH keys without the required user
confirmation. (CVE-2026-39833)
It was discovered that Go Cryptography had an integer overflow when
handling large SSH channel writes. A remote attacker could possibly use
this issue to cause a denial of service. (CVE-2026-39834)
It was discovered that Go Cryptography did not properly check certificate
authority key revocation. An attacker could possibly use this issue to
bypass certificate authority revocation checks. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and
Ubuntu 26.04 LTS. (CVE-2026-42508)
It was discovered that Go Cryptography did not properly enforce the source-
address critical option for all SSH server callback types. An attacker
could possibly use this issue to bypass source address authorization
restrictions. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-46595)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
google-guest-agent 20250506.01-0ubuntu2.1
Ubuntu 25.10
google-guest-agent 20250506.01-0ubuntu1.2
Ubuntu 24.04 LTS
google-guest-agent 20250116.00-0ubuntu1~24.04.4
Ubuntu 22.04 LTS
google-guest-agent 20250116.00-0ubuntu1~22.04.3
Ubuntu 20.04 LTS
google-guest-agent 20250116.00-0ubuntu1~20.04.0+esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
google-guest-agent 20241011.01-0ubuntu1~18.04.0+esm3
Available with Ubuntu Pro
Ubuntu 16.04 LTS
google-guest-agent 20240716.00-0ubuntu1~16.04.0+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8447-3
https://ubuntu.com/security/notices/USN-8447-2
https://ubuntu.com/security/notices/USN-8447-1
CVE-2026-39830, CVE-2026-39831, CVE-2026-39834, CVE-2026-46595
Package Information:
https://launchpad.net/ubuntu/+source/google-guest-agent/20250506.01-0ubuntu2.1
https://launchpad.net/ubuntu/+source/google-guest-agent/20250506.01-0ubuntu1.2
https://launchpad.net/ubuntu/+source/google-guest-agent/20250116.00-0ubuntu1~24.04.4
https://launchpad.net/ubuntu/+source/google-guest-agent/20250116.00-0ubuntu1~22.04.3
[USN-8462-1] Linux kernel (Oracle) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8462-1
June 22, 2026
linux-oracle-5.15 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-oracle-5.15: Linux kernel for Oracle Cloud systems
Details:
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503,
CVE-2026-46300)
Qualys discovered that a race condition existed in the ptrace subsystem of
the Linux kernel when privileged processes are exiting. An unprivileged
local attacker could use this issue to expose sensitive information.
(CVE-2026-46333)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Ethernet bonding driver;
- Packet sockets;
- RDS protocol;
- TLS protocol;
(CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033,
CVE-2026-43077, CVE-2026-43078, CVE-2026-43494, CVE-2026-46028)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
linux-image-5.15.0-1106-oracle 5.15.0-1106.112~20.04.1
Available with Ubuntu Pro
linux-image-oracle 5.15.0.1106.112~20.04.1
Available with Ubuntu Pro
linux-image-oracle-5.15 5.15.0.1106.112~20.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-8462-1
CVE-2026-31419, CVE-2026-31431, CVE-2026-31504, CVE-2026-31533,
CVE-2026-43033, CVE-2026-43077, CVE-2026-43078, CVE-2026-43284,
CVE-2026-43494, CVE-2026-43500, CVE-2026-43503, CVE-2026-46028,
CVE-2026-46300, CVE-2026-46333
[USN-8388-2] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8388-2
June 22, 2026
linux-intel-iotg-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-lowlatency: Linux low latency kernel
- linux-intel-iotg-5.15: Linux kernel for Intel IoT platforms
- linux-lowlatency-hwe-5.15: Linux low latency kernel
Details:
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503,
CVE-2026-46300)
Qualys discovered that a race condition existed in the ptrace subsystem of
the Linux kernel when privileged processes are exiting. An unprivileged
local attacker could use this issue to expose sensitive information.
(CVE-2026-46333)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- RDS protocol;
(CVE-2026-43494)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-181-lowlatency 5.15.0-181.191
linux-image-5.15.0-181-lowlatency-64k 5.15.0-181.191
linux-image-lowlatency 5.15.0.181.152
linux-image-lowlatency-5.15 5.15.0.181.152
linux-image-lowlatency-64k 5.15.0.181.152
linux-image-lowlatency-64k-5.15 5.15.0.181.152
Ubuntu 20.04 LTS
linux-image-5.15.0-1104-intel-iotg 5.15.0-1104.110~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-181-lowlatency 5.15.0-181.191~20.04.1
Available with Ubuntu Pro
linux-image-5.15.0-181-lowlatency-64k 5.15.0-181.191~20.04.1
Available with Ubuntu Pro
linux-image-intel 5.15.0.1104.110~20.04.1
Available with Ubuntu Pro
linux-image-intel-iotg 5.15.0.1104.110~20.04.1
Available with Ubuntu Pro
linux-image-intel-iotg-5.15 5.15.0.1104.110~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-5.15 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-64k-5.15 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-64k-hwe-20.04 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-20.04 5.15.0.181.191~20.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-8388-2
https://ubuntu.com/security/notices/USN-8388-1
CVE-2026-43284, CVE-2026-43494, CVE-2026-43500, CVE-2026-43503,
CVE-2026-46300, CVE-2026-46333
Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-181.191
[USN-8461-1] Linux kernel (Azure) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8461-1
June 22, 2026
linux-azure vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-azure: Linux kernel for Microsoft Azure Cloud systems
Details:
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000)
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503,
CVE-2026-46300)
Qualys discovered that a race condition existed in the ptrace subsystem of
the Linux kernel when privileged processes are exiting. An unprivileged
local attacker could use this issue to expose sensitive information.
(CVE-2026-46333)
Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contain a memory leak when handling AppArmor notifications. A local
attacker could use this to cause resource exhaustion. (CVE-2026-47326)
Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contain a NULL pointer dereference when handling AppArmor notifications. A
local attacker could use this to cause a kernel oops. (CVE-2026-47327)
Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained an invalid free when handling AppArmor notifications. A local
attacker could use this to corrupt kernel memory. (CVE-2026-47328)
Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained insufficient validation of AppArmor notification responses. A
local attacker could use this to allow crafted responses to be processed.
(CVE-2026-47329)
Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 used
an uninitialized variable when handling AppArmor notifications. A local
attacker could use this to cause incorrect caching of data.
(CVE-2026-47330)
Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained an out-of-bounds (OOB) read when handling AppArmor notifications.
A local attacker could use this to cause information disclosure of kernel
memory. (CVE-2026-47332)
Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained a out-of-bounds (OOB) read when handling AppArmor notifications.
A local attacker could use this to cause kernel memory corruption and,
theoretically, influence processing of AppArmor policies. (CVE-2026-47333)
Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0
contained incorrect holding of locks when handling AppArmor notifications.
A local attacker could use this to cause a kernel panic or deadlock.
(CVE-2026-47334)
Tristan Madani and Trevor Lawrence have each independently discovered that
Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a NULL pointer dereference
when handling AppArmor network socket mediation. A local attacker could use
this to cause a kernel oops. (CVE-2026-47337)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Networking core;
- RDS protocol;
(CVE-2026-43494, CVE-2026-46323)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
linux-image-7.0.0-1007-azure 7.0.0-1007.7
linux-image-azure 7.0.0-1007.7
linux-image-azure-7.0 7.0.0-1007.7
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-8461-1
CVE-2026-43284, CVE-2026-43494, CVE-2026-43500, CVE-2026-43503,
CVE-2026-45998, CVE-2026-46000, CVE-2026-46300, CVE-2026-46323,
CVE-2026-46333, CVE-2026-47326, CVE-2026-47327, CVE-2026-47328,
CVE-2026-47329, CVE-2026-47330, CVE-2026-47332, CVE-2026-47333,
CVE-2026-47334, CVE-2026-47337
Package Information:
https://launchpad.net/ubuntu/+source/linux-azure/7.0.0-1007.7
[USN-8460-1] libxml2 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8460-1
June 22, 2026
libxml2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
Summary:
Several security issues were fixed in libxml2.
Software Description:
- libxml2: GNOME XML library
Details:
It was discovered that libxml2 did not properly release memory allocated in
the xmllint utility. An attacker could possibly use this issue to cause a
denial of service. (CVE-2026-1757)
A type confusion vulnerability was found in libxml2 when processing a
specially crafted XML document. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2026-6732)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
libxml2-16 2.15.2+dfsg-0.1ubuntu0.1
libxml2-dev 2.15.2+dfsg-0.1ubuntu0.1
libxml2-source 2.15.2+dfsg-0.1ubuntu0.1
libxml2-utils 2.15.2+dfsg-0.1ubuntu0.1
python3-libxml2 2.15.2+dfsg-0.1ubuntu0.1
Ubuntu 25.10
libxml2-16 2.14.5+dfsg-0.2ubuntu0.2
libxml2-dev 2.14.5+dfsg-0.2ubuntu0.2
libxml2-utils 2.14.5+dfsg-0.2ubuntu0.2
python3-libxml2 2.14.5+dfsg-0.2ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8460-1
CVE-2026-1757, CVE-2026-6732
Package Information:
https://launchpad.net/ubuntu/+source/libxml2/2.15.2+dfsg-0.1ubuntu0.1
https://launchpad.net/ubuntu/+source/libxml2/2.14.5+dfsg-0.2ubuntu0.2
