[USN-8192-2] NTFS-3G vulnerabilities
[USN-8211-1] Pillow vulnerability
[USN-8207-1] ClamAV vulnerability
[USN-8195-2] PackageKit vulnerability
[USN-8210-1] nginx vulnerabilities
[USN-8208-1] HAProxy vulnerability
[USN-8196-2] strongSwan vulnerabilities
[USN-8209-1] Little CMS vulnerability
[USN-8199-1] OpenStack Glance vulnerabilities
[USN-8212-1] authd vulnerability
[USN-8213-1] Vim vulnerabilities
[USN-8192-2] NTFS-3G vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8192-2
April 27, 2026
ntfs-3g vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
Summary:
Several security issues were fixed in NTFS-3G.
Software Description:
Details:
USN-8192-1 fixed vulnerabilities in NTFS-3G. This update provides the
corresponding update to Ubuntu 26.04 LTS.
Original advisory details:
Jeffrey Bencteux discovered that NTFS-3G incorrectly handled certain UTF-8
sequences. An attacker could use this issue to cause NTFS-3G to crash,
resulting in a denial of service, or to execute arbitrary code. This issue
only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2023-52890)
Andrea Bocchetti discovered that NTFS-3G incorrectly handled certain
security descriptors. An attacker could use this issue to cause NTFS-3G to
crash, resulting in a denial of service, or to execute arbitrary code.
(CVE-2026-40706)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8192-2
https://ubuntu.com/security/notices/USN-8192-1
CVE-2026-40706
[USN-8211-1] Pillow vulnerability
==========================================================================
Ubuntu Security Notice USN-8211-1
April 27, 2026
pillow vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
Summary:
Pillow could be made to crash if it opened a specially crafted file.
Software Description:
- pillow: Python Imaging Library
Details:
It was discovered that Pillow incorrectly handled certain FITS images. An
attacker could possibly use this issue to cause Pillow to consume
resources, leading to a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
python3-pil 11.3.0-1ubuntu1.2
python3-pil.imagetk 11.3.0-1ubuntu1.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8211-1
CVE-2026-40192
Package Information:
https://launchpad.net/ubuntu/+source/pillow/11.3.0-1ubuntu1.2
[USN-8207-1] ClamAV vulnerability
==========================================================================
Ubuntu Security Notice USN-8207-1
April 27, 2026
clamav vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
ClamAV could be made to crash if it opened a specially crafted HTML file.
Software Description:
- clamav: Anti-virus utility for Unix
Details:
It was discovered that ClamAV incorrectly handled certain HTML files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
clamav 1.4.4+dfsg-0ubuntu0.25.10.1
Ubuntu 24.04 LTS
clamav 1.4.4+dfsg-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
clamav 1.4.4+dfsg-0ubuntu0.22.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://ubuntu.com/security/notices/USN-8207-1
CVE-2026-20031
Package Information:
https://launchpad.net/ubuntu/+source/clamav/1.4.4+dfsg-0ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/clamav/1.4.4+dfsg-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/clamav/1.4.4+dfsg-0ubuntu0.22.04.1
[USN-8195-2] PackageKit vulnerability
==========================================================================
Ubuntu Security Notice USN-8195-2
April 27, 2026
packagekit vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
Summary:
PackageKit could be made to install packages as the administrator.
Software Description:
Details:
USN-8195-1 fixed a vulnerability in PackageKit. This update provides the
corresponding update to Ubuntu 26.04 LTS.
Original advisory details:
It was discovered that PackageKit incorrectly handled certain
transactions. A local attacker could use this issue to install arbitrary
packages as root, possibly resulting in privilege escalation.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8195-2
https://ubuntu.com/security/notices/USN-8195-1
https://launchpad.net/bugs/2149908
[USN-8210-1] nginx vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8210-1
April 27, 2026
nginx vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in nginx.
Software Description:
- nginx: small, powerful, scalable web/proxy server
Details:
It was discovered that the nginx ngx_mail_auth_http_module module
incorrectly handled certain requests. An attacker could possibly use this
issue to cause nginx to crash, resulting in a denial of service.
(CVE-2026-27651)
It was discovered that the nginx ngx_http_dav_module module incorrectly
handled certain destination URIs. An attacker could use this issue to cause
nginx to crash, resulting in a denial of service, or possibly modify source
or destination names outside of the document root. (CVE-2026-27654)
It was discovered that the nginx ngx_http_mp4_module module incorrectly
handled certain MP4 files. An attacker could use this issue to cause nginx
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2026-27784, CVE-2026-32647)
It was discovered that the nginx ngx_mail_smtp_module module incorrectly
handled certain CRLF sequences. An attacker could possibly use this issue
to inject arbitrary SMTP headers. (CVE-2026-28753)
It was discovered that the nginx ngx_stream_ssl_module module incorrectly
handled revoked certificates. This could result in successful TLS
handshakes even after an OCSP check identifies a certificate as revoked,
contrary to expectations. This issue only affected Ubuntu 24.04 LTS and
Ubuntu 25.10. (CVE-2026-28755)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
nginx 1.28.0-6ubuntu1.2
nginx-core 1.28.0-6ubuntu1.2
nginx-extras 1.28.0-6ubuntu1.2
nginx-full 1.28.0-6ubuntu1.2
nginx-light 1.28.0-6ubuntu1.2
Ubuntu 24.04 LTS
nginx 1.24.0-2ubuntu7.7
nginx-core 1.24.0-2ubuntu7.7
nginx-extras 1.24.0-2ubuntu7.7
nginx-full 1.24.0-2ubuntu7.7
nginx-light 1.24.0-2ubuntu7.7
Ubuntu 22.04 LTS
nginx 1.18.0-6ubuntu14.10
nginx-core 1.18.0-6ubuntu14.10
nginx-extras 1.18.0-6ubuntu14.10
nginx-full 1.18.0-6ubuntu14.10
nginx-light 1.18.0-6ubuntu14.10
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8210-1
CVE-2026-27651, CVE-2026-27654, CVE-2026-27784, CVE-2026-28753,
CVE-2026-28755, CVE-2026-32647
Package Information:
https://launchpad.net/ubuntu/+source/nginx/1.28.0-6ubuntu1.2
https://launchpad.net/ubuntu/+source/nginx/1.24.0-2ubuntu7.7
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.10
[USN-8208-1] HAProxy vulnerability
==========================================================================
Ubuntu Security Notice USN-8208-1
April 27, 2026
haproxy vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
Summary:
HAProxy could be made to expose sensitive information over the network.
Software Description:
- haproxy: fast and reliable load balancing reverse proxy
Details:
Martino Spagnuolo discovered that HAProxy did not check received body
lengths in the HTTP/3 parser. A remote attacker could possibly use this
issue to perform a request smuggling attack and obtain sensitive
information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
haproxy 3.0.12-0ubuntu0.25.10.4
Ubuntu 24.04 LTS
haproxy 2.8.16-0ubuntu0.24.04.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8208-1
CVE-2026-33555
Package Information:
https://launchpad.net/ubuntu/+source/haproxy/3.0.12-0ubuntu0.25.10.4
https://launchpad.net/ubuntu/+source/haproxy/2.8.16-0ubuntu0.24.04.2
[USN-8196-2] strongSwan vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8196-2
April 27, 2026
strongswan vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
Summary:
Several security issues were fixed in strongSwan.
Software Description:
Details:
USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the
corresponding update to Ubuntu 26.04 LTS.
Original advisory details:
Haruto Kimura discovered that strongSwan incorrectly handled the
supported_versions extension in TLS. A remote attacker could possibly use
this issue to cause strongSwan to stop responding, resulting in a denial
of service. (CVE-2026-35328)
Haruto Kimura discovered that strongSwan incorrectly handled certain
encrypted PKCS#7 containers. A remote attacker could possibly use this
issue to cause strongSwan to crash, resulting in a denial of service.
(CVE-2026-35329)
Lukas Johannes Moeller discovered that strongSwan incorrectly handled
certain EAP-SIM/AKA attributes. A remote attacker could use this issue to
cause strongSwan to stop responding, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-35330)
Haruto Kimura discovered that strongSwan incorrectly handled processing of
X.509 name constraints. A remote attacker could possibly use this issue to
bypass excluded name constraints. (CVE-2026-35331)
Haruto Kimura discovered that strongSwan incorrectly processed ECDH public
values. A remote attacker could possibly use this issue to cause
strongSwan to crash, resulting in a denial of service. (CVE-2026-35332)
Lukas Johannes Moeller discovered that strongSwan incorrectly handled
certain RADIUS attributes. A remote attacker could possibly use this issue
to cause strongSwan to crash, resulting in a denial of service.
(CVE-2026-35333)
Ryo Shimada discovered that strongSwan incorrectly handled RSA decryption.
A remote attacker could possibly use this issue to cause strongSwan to
crash, resulting in a denial of service. (CVE-2026-35334)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8196-2
https://ubuntu.com/security/notices/USN-8196-1
CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331,
CVE-2026-35332, CVE-2026-35333, CVE-2026-35334
[USN-8209-1] Little CMS vulnerability
==========================================================================
Ubuntu Security Notice USN-8209-1
April 27, 2026
lcms2 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Little CMS could be made to crash or run programs if it opened a
specially crafted ICC profile.
Software Description:
- lcms2: Little CMS color management library
Details:
It was discovered that Little CMS incorrectly handled certain malformed ICC
profiles. An attacker could use this issue to cause Little CMS to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
liblcms2-2 2.16-2ubuntu0.1
liblcms2-utils 2.16-2ubuntu0.1
Ubuntu 24.04 LTS
liblcms2-2 2.14-2ubuntu0.1
liblcms2-utils 2.14-2ubuntu0.1
Ubuntu 22.04 LTS
liblcms2-2 2.12~rc1-2ubuntu0.1
liblcms2-utils 2.12~rc1-2ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8209-1
CVE-2026-41254
Package Information:
https://launchpad.net/ubuntu/+source/lcms2/2.16-2ubuntu0.1
https://launchpad.net/ubuntu/+source/lcms2/2.14-2ubuntu0.1
https://launchpad.net/ubuntu/+source/lcms2/2.12~rc1-2ubuntu0.1
[USN-8199-1] OpenStack Glance vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8199-1
April 22, 2026
glance vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenStack Glance.
Software Description:
- glance: OpenStack Image Registry and Delivery Service
Details:
Martin Kaesberger discovered that OpenStack Glance's image processing could
return the contents of arbitrary files. An attacker could possibly use this
issue to exfiltrate sensitive data. This issue only affected Ubuntu 16.04
LTS and Ubuntu 18.04 LTS. (CVE-2024-32498)
Hyeongeun Ji and Abhishek Kekane discovered several server-side request
forgery vulnerabilities in OpenStack Glance's image import. An attacker
could possibly use this issue to bypass URL validation checks and redirect
to internal services. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2026-34881)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
glance 2:20.2.0-0ubuntu1.2+esm2
Available with Ubuntu Pro
glance-api 2:20.2.0-0ubuntu1.2+esm2
Available with Ubuntu Pro
glance-common 2:20.2.0-0ubuntu1.2+esm2
Available with Ubuntu Pro
python3-glance 2:20.2.0-0ubuntu1.2+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
glance 2:16.0.1-0ubuntu1.1+esm2
Available with Ubuntu Pro
glance-api 2:16.0.1-0ubuntu1.1+esm2
Available with Ubuntu Pro
glance-common 2:16.0.1-0ubuntu1.1+esm2
Available with Ubuntu Pro
glance-registry 2:16.0.1-0ubuntu1.1+esm2
Available with Ubuntu Pro
python-glance 2:16.0.1-0ubuntu1.1+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
glance 2:12.0.0-0ubuntu2+esm1
Available with Ubuntu Pro
glance-api 2:12.0.0-0ubuntu2+esm1
Available with Ubuntu Pro
glance-common 2:12.0.0-0ubuntu2+esm1
Available with Ubuntu Pro
glance-glare 2:12.0.0-0ubuntu2+esm1
Available with Ubuntu Pro
glance-registry 2:12.0.0-0ubuntu2+esm1
Available with Ubuntu Pro
python-glance 2:12.0.0-0ubuntu2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8199-1
CVE-2024-32498, CVE-2026-34881
[USN-8212-1] authd vulnerability
==========================================================================
Ubuntu Security Notice USN-8212-1
April 27, 2026
authd vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
Summary:
authd could be made to escalate privileges.
Software Description:
Details:
It was discovered that authd incorrectly assigned the primary group ID to
users under certain conditions. A local attacker could possibly use this
issue to achieve privilege escalation, or gain unauthorized access to files
belonging to other users.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
After a standard system update you need to restart authd to make all the
necessary changes.
References:
https://ubuntu.com/security/notices/USN-8212-1
CVE-2026-6970
[USN-8213-1] Vim vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8213-1
April 27, 2026
vim vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Vim.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
MichaĆ Majchrowicz discovered that Vim's zip plugin could overwrite
arbitrary files. An attacker could possibly use this issue to delete
sensitive data or execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-35177)
It was discovered that Vim's netbeans interface did not properly
sanitize certain strings. An attacker could possibly use this issue to
execute arbitrary commands. (CVE-2026-39881)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
vim 2:9.1.0967-1ubuntu6.3
vim-athena 2:9.1.0967-1ubuntu6.3
vim-common 2:9.1.0967-1ubuntu6.3
vim-gtk3 2:9.1.0967-1ubuntu6.3
vim-gui-common 2:9.1.0967-1ubuntu6.3
vim-motif 2:9.1.0967-1ubuntu6.3
vim-nox 2:9.1.0967-1ubuntu6.3
vim-runtime 2:9.1.0967-1ubuntu6.3
vim-tiny 2:9.1.0967-1ubuntu6.3
Ubuntu 24.04 LTS
vim 2:9.1.0016-1ubuntu7.12
vim-athena 2:9.1.0016-1ubuntu7.12
vim-common 2:9.1.0016-1ubuntu7.12
vim-gtk3 2:9.1.0016-1ubuntu7.12
vim-gui-common 2:9.1.0016-1ubuntu7.12
vim-motif 2:9.1.0016-1ubuntu7.12
vim-nox 2:9.1.0016-1ubuntu7.12
vim-runtime 2:9.1.0016-1ubuntu7.12
vim-tiny 2:9.1.0016-1ubuntu7.12
Ubuntu 22.04 LTS
vim 2:8.2.3995-1ubuntu2.28
vim-athena 2:8.2.3995-1ubuntu2.28
vim-common 2:8.2.3995-1ubuntu2.28
vim-gtk 2:8.2.3995-1ubuntu2.28
vim-gtk3 2:8.2.3995-1ubuntu2.28
vim-gui-common 2:8.2.3995-1ubuntu2.28
vim-nox 2:8.2.3995-1ubuntu2.28
vim-runtime 2:8.2.3995-1ubuntu2.28
vim-tiny 2:8.2.3995-1ubuntu2.28
Ubuntu 20.04 LTS
vim 2:8.1.2269-1ubuntu5.32+esm4
Available with Ubuntu Pro
vim-athena 2:8.1.2269-1ubuntu5.32+esm4
Available with Ubuntu Pro
vim-common 2:8.1.2269-1ubuntu5.32+esm4
Available with Ubuntu Pro
vim-gtk 2:8.1.2269-1ubuntu5.32+esm4
Available with Ubuntu Pro
vim-gtk3 2:8.1.2269-1ubuntu5.32+esm4
Available with Ubuntu Pro
vim-gui-common 2:8.1.2269-1ubuntu5.32+esm4
Available with Ubuntu Pro
vim-nox 2:8.1.2269-1ubuntu5.32+esm4
Available with Ubuntu Pro
vim-runtime 2:8.1.2269-1ubuntu5.32+esm4
Available with Ubuntu Pro
vim-tiny 2:8.1.2269-1ubuntu5.32+esm4
Available with Ubuntu Pro
Ubuntu 18.04 LTS
vim 2:8.0.1453-1ubuntu1.13+esm16
Available with Ubuntu Pro
vim-athena 2:8.0.1453-1ubuntu1.13+esm16
Available with Ubuntu Pro
vim-common 2:8.0.1453-1ubuntu1.13+esm16
Available with Ubuntu Pro
vim-gnome 2:8.0.1453-1ubuntu1.13+esm16
Available with Ubuntu Pro
vim-gtk 2:8.0.1453-1ubuntu1.13+esm16
Available with Ubuntu Pro
vim-gtk3 2:8.0.1453-1ubuntu1.13+esm16
Available with Ubuntu Pro
vim-gui-common 2:8.0.1453-1ubuntu1.13+esm16
Available with Ubuntu Pro
vim-nox 2:8.0.1453-1ubuntu1.13+esm16
Available with Ubuntu Pro
vim-runtime 2:8.0.1453-1ubuntu1.13+esm16
Available with Ubuntu Pro
vim-tiny 2:8.0.1453-1ubuntu1.13+esm16
Available with Ubuntu Pro
Ubuntu 16.04 LTS
vim 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-athena 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-common 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-gnome 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-gtk 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-gtk3 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-gui-common 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-nox 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-runtime 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
vim-tiny 2:7.4.1689-3ubuntu1.5+esm31
Available with Ubuntu Pro
Ubuntu 14.04 LTS
vim 2:7.4.052-1ubuntu3.1+esm25
Available with Ubuntu Pro
vim-athena 2:7.4.052-1ubuntu3.1+esm25
Available with Ubuntu Pro
vim-common 2:7.4.052-1ubuntu3.1+esm25
Available with Ubuntu Pro
vim-gnome 2:7.4.052-1ubuntu3.1+esm25
Available with Ubuntu Pro
vim-gtk 2:7.4.052-1ubuntu3.1+esm25
Available with Ubuntu Pro
vim-gui-common 2:7.4.052-1ubuntu3.1+esm25
Available with Ubuntu Pro
vim-lesstif 2:7.4.052-1ubuntu3.1+esm25
Available with Ubuntu Pro
vim-nox 2:7.4.052-1ubuntu3.1+esm25
Available with Ubuntu Pro
vim-runtime 2:7.4.052-1ubuntu3.1+esm25
Available with Ubuntu Pro
vim-tiny 2:7.4.052-1ubuntu3.1+esm25
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8213-1
CVE-2026-35177, CVE-2026-39881
Package Information:
https://launchpad.net/ubuntu/+source/vim/2:9.1.0967-1ubuntu6.3
https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubuntu7.12
https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.28
