Ubuntu users must apply an update for nginx after discovering that malformed network requests can crash the web server or allow unauthorized code execution through its rewrite module. A separate patch addresses two input processing flaws in Avahi, which previously allowed attackers to force denial of service crashes on nearly all supported distributions. Running a standard system upgrade will automatically pull these fixes for machines running versions from 14.04 up to 26.04.

[USN-8271-1] nginx vulnerability
[USN-8269-1] Avahi vulnerabilities

[USN-8271-1] nginx vulnerability

==========================================================================
Ubuntu Security Notice USN-8271-1
May 14, 2026

nginx vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

nginx could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- nginx: small, powerful, scalable web/proxy server

Details:

It was discovered that the nginx ngx_http_rewrite_module component
incorrectly handled certain rewrite directives. A remote attacker could use
this issue to cause nginx to crash, resulting in a denial of service, or
possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
nginx 1.28.3-2ubuntu1.1
nginx-core 1.28.3-2ubuntu1.1
nginx-extras 1.28.3-2ubuntu1.1
nginx-full 1.28.3-2ubuntu1.1
nginx-light 1.28.3-2ubuntu1.1

Ubuntu 25.10
nginx 1.28.0-6ubuntu1.3
nginx-core 1.28.0-6ubuntu1.3
nginx-extras 1.28.0-6ubuntu1.3
nginx-full 1.28.0-6ubuntu1.3
nginx-light 1.28.0-6ubuntu1.3

Ubuntu 24.04 LTS
nginx 1.24.0-2ubuntu7.8
nginx-core 1.24.0-2ubuntu7.8
nginx-extras 1.24.0-2ubuntu7.8
nginx-full 1.24.0-2ubuntu7.8
nginx-light 1.24.0-2ubuntu7.8

Ubuntu 22.04 LTS
nginx 1.18.0-6ubuntu14.11
nginx-core 1.18.0-6ubuntu14.11
nginx-extras 1.18.0-6ubuntu14.11
nginx-full 1.18.0-6ubuntu14.11
nginx-light 1.18.0-6ubuntu14.11

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8271-1
CVE-2026-42945

Package Information:
https://launchpad.net/ubuntu/+source/nginx/1.28.3-2ubuntu1.1
https://launchpad.net/ubuntu/+source/nginx/1.28.0-6ubuntu1.3
https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.8
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.11

[USN-8269-1] Avahi vulnerabilities

==========================================================================
Ubuntu Security Notice USN-8269-1
May 12, 2026

avahi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Avahi.

Software Description:
- avahi: IPv4LL network address configuration daemon

Details:

It is discovered that Avahi incorrectly handled crafted input. A
remote attacker could possibly use this issue to crash the program,
resulting in a denial of service. This issue only affected Ubuntu
14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2026-24401)

Guillaume Meunier discovered that Avahi incorrectly handled crafted
input. An attacker could possibly use this issue to crash the
program, resulting in a denial of service. (CVE-2026-34933)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
avahi-daemon 0.8-18ubuntu1.1

Ubuntu 25.10
avahi-daemon 0.8-16ubuntu3.2

Ubuntu 24.04 LTS
avahi-daemon 0.8-13ubuntu6.2

Ubuntu 22.04 LTS
avahi-daemon 0.8-5ubuntu5.5

Ubuntu 20.04 LTS
avahi-daemon 0.7-4ubuntu7.3+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
avahi-daemon 0.7-3.1ubuntu1.3+esm4
Available with Ubuntu Pro

Ubuntu 16.04 LTS
avahi-daemon 0.6.32~rc+dfsg-1ubuntu2.3+esm5
Available with Ubuntu Pro

Ubuntu 14.04 LTS
avahi-daemon 0.6.31-4ubuntu1.3+esm5
Available with Ubuntu Pro

References:
https://ubuntu.com/security/notices/USN-8269-1
CVE-2026-24401, CVE-2026-34933

Package Information:
https://launchpad.net/ubuntu/+source/avahi/0.8-18ubuntu1.1
https://launchpad.net/ubuntu/+source/avahi/0.8-16ubuntu3.2
https://launchpad.net/ubuntu/+source/avahi/0.8-13ubuntu6.2
https://launchpad.net/ubuntu/+source/avahi/0.8-5ubuntu5.5