[USN-8000-1] OpenJDK 8 vulnerabilities
[USN-8003-1] CRaC JDK 21 vulnerabilities
[USN-8001-1] OpenJDK 11 vulnerabilities
[USN-8002-1] OpenJDK 21 vulnerabilities
[USN-7991-1] Thunderbird vulnerabilities
[USN-7993-1] libpng vulnerabilities
[USN-7992-1] Inetutils vulnerability
[USN-7994-1] MySQL vulnerabilities
[USN-8000-1] OpenJDK 8 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8000-1
February 02, 2026
openjdk-8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in OpenJDK 8.
Software Description:
- openjdk-8: Open Source Java implementation
Details:
It was discovered that the RMI component of OpenJDK 8 would establish
RMI TCP endpoint connections to a remote host without setting an
endpoint identification algorithm. An unauthenticated remote attacker
could possibly use this issue to steal sensitive information.
(CVE-2026-21925)
Mingijung discovered that the AWT and JavaFX componenets of OpenJDK 8
could run programs if Desktop.browse() was supplied a filename as a
URI. An unauthenticated remote attacker could possibly use this issue
to execute arbitrary code. (CVE-2026-21932)
Zhihui Chen discovered that the Networking component of OpenJDK 8
was suceptible to a CRLF injection vulnerability via the HttpServer
class. An unauthenticated remote attacker could possibly use this
issue to modify files or leak sensitive information. (CVE-2026-21933)
Ireneusz Pastusiak discovered that the Security component of OpenJDK 8
failed to verify provided URIs point to a legitimate source when
AIA is enabled. An unauthenticated remote attacker could possibly
use this issue to redirect users to malicious hosts.
(CVE-2026-21945)
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2026-01-20
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
openjdk-8-jdk 8u482-ga~us1-0ubuntu1~25.10
openjdk-8-jdk-headless 8u482-ga~us1-0ubuntu1~25.10
openjdk-8-jre 8u482-ga~us1-0ubuntu1~25.10
openjdk-8-jre-headless 8u482-ga~us1-0ubuntu1~25.10
openjdk-8-jre-zero 8u482-ga~us1-0ubuntu1~25.10
Ubuntu 24.04 LTS
openjdk-8-jdk 8u482-ga~us1-0ubuntu1~24.04
openjdk-8-jdk-headless 8u482-ga~us1-0ubuntu1~24.04
openjdk-8-jre 8u482-ga~us1-0ubuntu1~24.04
openjdk-8-jre-headless 8u482-ga~us1-0ubuntu1~24.04
openjdk-8-jre-zero 8u482-ga~us1-0ubuntu1~24.04
Ubuntu 22.04 LTS
openjdk-8-jdk 8u482-ga~us1-0ubuntu1~22.04
openjdk-8-jdk-headless 8u482-ga~us1-0ubuntu1~22.04
openjdk-8-jre 8u482-ga~us1-0ubuntu1~22.04
openjdk-8-jre-headless 8u482-ga~us1-0ubuntu1~22.04
openjdk-8-jre-zero 8u482-ga~us1-0ubuntu1~22.04
Ubuntu 20.04 LTS
openjdk-8-jdk 8u482-ga~us1-0ubuntu1~20.04
Available with Ubuntu Pro
openjdk-8-jdk-headless 8u482-ga~us1-0ubuntu1~20.04
Available with Ubuntu Pro
openjdk-8-jre 8u482-ga~us1-0ubuntu1~20.04
Available with Ubuntu Pro
openjdk-8-jre-headless 8u482-ga~us1-0ubuntu1~20.04
Available with Ubuntu Pro
openjdk-8-jre-zero 8u482-ga~us1-0ubuntu1~20.04
Available with Ubuntu Pro
Ubuntu 18.04 LTS
openjdk-8-jdk 8u482-ga~us1-0ubuntu1~18.04
Available with Ubuntu Pro
openjdk-8-jdk-headless 8u482-ga~us1-0ubuntu1~18.04
Available with Ubuntu Pro
openjdk-8-jre 8u482-ga~us1-0ubuntu1~18.04
Available with Ubuntu Pro
openjdk-8-jre-headless 8u482-ga~us1-0ubuntu1~18.04
Available with Ubuntu Pro
openjdk-8-jre-zero 8u482-ga~us1-0ubuntu1~18.04
Available with Ubuntu Pro
Ubuntu 16.04 LTS
openjdk-8-jdk 8u482-ga~us1-0ubuntu1~16.04
Available with Ubuntu Pro
openjdk-8-jdk-headless 8u482-ga~us1-0ubuntu1~16.04
Available with Ubuntu Pro
openjdk-8-jre 8u482-ga~us1-0ubuntu1~16.04
Available with Ubuntu Pro
openjdk-8-jre-headless 8u482-ga~us1-0ubuntu1~16.04
Available with Ubuntu Pro
openjdk-8-jre-jamvm 8u482-ga~us1-0ubuntu1~16.04
Available with Ubuntu Pro
openjdk-8-jre-zero 8u482-ga~us1-0ubuntu1~16.04
Available with Ubuntu Pro
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8000-1
CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-8/8u482-ga~us1-0ubuntu1~25.10
https://launchpad.net/ubuntu/+source/openjdk-8/8u482-ga~us1-0ubuntu1~24.04
https://launchpad.net/ubuntu/+source/openjdk-8/8u482-ga~us1-0ubuntu1~22.04
[USN-8003-1] CRaC JDK 21 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8003-1
February 02, 2026
openjdk-21-crac vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
Summary:
Several security issues were fixed in CRaC JDK 21.
Software Description:
- openjdk-21-crac: Open Source Java implementation with Coordinated Restore at Checkpoints
Details:
It was discovered that the RMI component of CRaC JDK 21 would establish
RMI TCP endpoint connections to a remote host without setting an
endpoint identification algorithm. An unauthenticated remote attacker
could possibly use this issue to steal sensitive information.
(CVE-2026-21925)
Mingijung discovered that the AWT and JavaFX componenets of CRaC JDK 21
could run programs if Desktop.browse() was supplied a filename as a
URI. An unauthenticated remote attacker could possibly use this issue
to execute arbitrary code. (CVE-2026-21932)
Zhihui Chen discovered that the Networking component of CRaC JDK 21
was suceptible to a CRLF injection vulnerability via the HttpServer
class. An unauthenticated remote attacker could possibly use this
issue to modify files or leak sensitive information. (CVE-2026-21933)
Ireneusz Pastusiak discovered that the Security component of CRaC JDK
21 failed to verify provided URIs point to a legitimate source when
AIA is enabled. An unauthenticated remote attacker could possibly
use this issue to redirect users to malicious hosts.
(CVE-2026-21945)
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2026-01-20
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
openjdk-21-crac-demo 21.0.10+7-0ubuntu1~25.10
openjdk-21-crac-doc 21.0.10+7-0ubuntu1~25.10
openjdk-21-crac-jdk 21.0.10+7-0ubuntu1~25.10
openjdk-21-crac-jdk-headless 21.0.10+7-0ubuntu1~25.10
openjdk-21-crac-jre 21.0.10+7-0ubuntu1~25.10
openjdk-21-crac-jre-headless 21.0.10+7-0ubuntu1~25.10
openjdk-21-crac-jre-zero 21.0.10+7-0ubuntu1~25.10
openjdk-21-crac-source 21.0.10+7-0ubuntu1~25.10
openjdk-21-crac-testsupport 21.0.10+7-0ubuntu1~25.10
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8003-1
CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-21-crac/21.0.10+7-0ubuntu1~25.10
[USN-8001-1] OpenJDK 11 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8001-1
February 02, 2026
openjdk-lts vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in OpenJDK 11.
Software Description:
- openjdk-lts: Open Source Java implementation
Details:
It was discovered that the RMI component of OpenJDK 11 would establish
RMI TCP endpoint connections to a remote host without setting an
endpoint identification algorithm. An unauthenticated remote attacker
could possibly use this issue to steal sensitive information.
(CVE-2026-21925)
Mingijung discovered that the AWT and JavaFX componenets of OpenJDK 11
could run programs if Desktop.browse() was supplied a filename as a
URI. An unauthenticated remote attacker could possibly use this issue
to execute arbitrary code. (CVE-2026-21932)
Zhihui Chen discovered that the Networking component of OpenJDK 11
was suceptible to a CRLF injection vulnerability via the HttpServer
class. An unauthenticated remote attacker could possibly use this
issue to modify files or leak sensitive information. (CVE-2026-21933)
Ireneusz Pastusiak discovered that the Security component of OpenJDK 11
failed to verify provided URIs point to a legitimate source when
AIA is enabled. An unauthenticated remote attacker could possibly
use this issue to redirect users to malicious hosts.
(CVE-2026-21945)
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2026-01-20
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
openjdk-11-jdk 11.0.30+7-1ubuntu1~25.10
openjdk-11-jdk-headless 11.0.30+7-1ubuntu1~25.10
openjdk-11-jre 11.0.30+7-1ubuntu1~25.10
openjdk-11-jre-headless 11.0.30+7-1ubuntu1~25.10
openjdk-11-jre-zero 11.0.30+7-1ubuntu1~25.10
Ubuntu 24.04 LTS
openjdk-11-jdk 11.0.30+7-1ubuntu1~24.04
openjdk-11-jdk-headless 11.0.30+7-1ubuntu1~24.04
openjdk-11-jre 11.0.30+7-1ubuntu1~24.04
openjdk-11-jre-headless 11.0.30+7-1ubuntu1~24.04
openjdk-11-jre-zero 11.0.30+7-1ubuntu1~24.04
Ubuntu 22.04 LTS
openjdk-11-jdk 11.0.30+7-1ubuntu1~22.04
openjdk-11-jdk-headless 11.0.30+7-1ubuntu1~22.04
openjdk-11-jre 11.0.30+7-1ubuntu1~22.04
openjdk-11-jre-headless 11.0.30+7-1ubuntu1~22.04
openjdk-11-jre-zero 11.0.30+7-1ubuntu1~22.04
Ubuntu 20.04 LTS
openjdk-11-jdk 11.0.30+7-1ubuntu1~20.04
Available with Ubuntu Pro
openjdk-11-jdk-headless 11.0.30+7-1ubuntu1~20.04
Available with Ubuntu Pro
openjdk-11-jre 11.0.30+7-1ubuntu1~20.04
Available with Ubuntu Pro
openjdk-11-jre-headless 11.0.30+7-1ubuntu1~20.04
Available with Ubuntu Pro
openjdk-11-jre-zero 11.0.30+7-1ubuntu1~20.04
Available with Ubuntu Pro
Ubuntu 18.04 LTS
openjdk-11-jdk 11.0.30+7-1ubuntu1~18.04
Available with Ubuntu Pro
openjdk-11-jdk-headless 11.0.30+7-1ubuntu1~18.04
Available with Ubuntu Pro
openjdk-11-jre 11.0.30+7-1ubuntu1~18.04
Available with Ubuntu Pro
openjdk-11-jre-headless 11.0.30+7-1ubuntu1~18.04
Available with Ubuntu Pro
openjdk-11-jre-zero 11.0.30+7-1ubuntu1~18.04
Available with Ubuntu Pro
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8001-1
CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.30+7-1ubuntu1~25.10
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.30+7-1ubuntu1~24.04
https://launchpad.net/ubuntu/+source/openjdk-lts/11.0.30+7-1ubuntu1~22.04
[USN-8002-1] OpenJDK 21 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8002-1
February 02, 2026
openjdk-21 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in OpenJDK 21.
Software Description:
- openjdk-21: Open Source Java implementation
Details:
It was discovered that the RMI component of OpenJDK 21 would establish
RMI TCP endpoint connections to a remote host without setting an
endpoint identification algorithm. An unauthenticated remote attacker
could possibly use this issue to steal sensitive information.
(CVE-2026-21925)
Mingijung discovered that the AWT and JavaFX componenets of OpenJDK 21
could run programs if Desktop.browse() was supplied a filename as a
URI. An unauthenticated remote attacker could possibly use this issue
to execute arbitrary code. (CVE-2026-21932)
Zhihui Chen discovered that the Networking component of OpenJDK 21
was suceptible to a CRLF injection vulnerability via the HttpServer
class. An unauthenticated remote attacker could possibly use this
issue to modify files or leak sensitive information. (CVE-2026-21933)
Ireneusz Pastusiak discovered that the Security component of OpenJDK 21
failed to verify provided URIs point to a legitimate source when
AIA is enabled. An unauthenticated remote attacker could possibly
use this issue to redirect users to malicious hosts.
(CVE-2026-21945)
In addition to security fixes, the updated packages contain bug fixes,
new features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2026-01-20
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
openjdk-21-jdk 21.0.10+7-1~25.10
openjdk-21-jdk-headless 21.0.10+7-1~25.10
openjdk-21-jre 21.0.10+7-1~25.10
openjdk-21-jre-headless 21.0.10+7-1~25.10
openjdk-21-jre-zero 21.0.10+7-1~25.10
Ubuntu 24.04 LTS
openjdk-21-jdk 21.0.10+7-1~24.04
openjdk-21-jdk-headless 21.0.10+7-1~24.04
openjdk-21-jre 21.0.10+7-1~24.04
openjdk-21-jre-headless 21.0.10+7-1~24.04
openjdk-21-jre-zero 21.0.10+7-1~24.04
Ubuntu 22.04 LTS
openjdk-21-jdk 21.0.10+7-1~22.04
openjdk-21-jdk-headless 21.0.10+7-1~22.04
openjdk-21-jre 21.0.10+7-1~22.04
openjdk-21-jre-headless 21.0.10+7-1~22.04
openjdk-21-jre-zero 21.0.10+7-1~22.04
Ubuntu 20.04 LTS
openjdk-21-jdk 21.0.10+7-1~20.04
Available with Ubuntu Pro
openjdk-21-jdk-headless 21.0.10+7-1~20.04
Available with Ubuntu Pro
openjdk-21-jre 21.0.10+7-1~20.04
Available with Ubuntu Pro
openjdk-21-jre-headless 21.0.10+7-1~20.04
Available with Ubuntu Pro
openjdk-21-jre-zero 21.0.10+7-1~20.04
Available with Ubuntu Pro
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart Java
applications to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8002-1
CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945
Package Information:
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.10+7-1~25.10
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.10+7-1~24.04
https://launchpad.net/ubuntu/+source/openjdk-21/21.0.10+7-1~22.04
[USN-7991-1] Thunderbird vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7991-1
February 02, 2026
thunderbird vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, cross-site
tracing, or execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
thunderbird 1:140.7.1+build1-0ubuntu0.22.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7991-1
CVE-2024-10460, CVE-2024-10461, CVE-2024-10462, CVE-2024-10464,
CVE-2024-10465, CVE-2024-10466, CVE-2024-10467, CVE-2024-10468,
CVE-2024-50336, CVE-2024-9396, CVE-2024-9397, CVE-2024-9398,
CVE-2024-9399, CVE-2024-9400, CVE-2024-9402, CVE-2024-9403,
CVE-2025-0237, CVE-2025-0239, CVE-2025-0240, CVE-2025-0241,
CVE-2025-0243, CVE-2025-0247, CVE-2025-1018, CVE-2025-1019,
CVE-2025-1020, CVE-2025-10527, CVE-2025-10528, CVE-2025-10529,
CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537,
CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711,
CVE-2025-11712, CVE-2025-11713, CVE-2025-11714, CVE-2025-11715,
CVE-2025-13012, CVE-2025-13013, CVE-2025-13014, CVE-2025-13015,
CVE-2025-13016, CVE-2025-13017, CVE-2025-13018, CVE-2025-13019,
CVE-2025-13020, CVE-2025-14321, CVE-2025-14322, CVE-2025-14323,
CVE-2025-14324, CVE-2025-14325, CVE-2025-14327, CVE-2025-14328,
CVE-2025-14329, CVE-2025-14330, CVE-2025-14331, CVE-2025-1942,
CVE-2025-1943, CVE-2025-3031, CVE-2025-3032, CVE-2025-3034,
CVE-2025-4085, CVE-2025-4088, CVE-2025-4089, CVE-2025-4092,
CVE-2025-5270, CVE-2025-5271, CVE-2025-5272, CVE-2025-5283,
CVE-2025-6427, CVE-2025-6432, CVE-2025-6433, CVE-2025-6434,
CVE-2025-6435, CVE-2025-6436, CVE-2025-8027, CVE-2025-8028,
CVE-2025-8029, CVE-2025-8030, CVE-2025-8031, CVE-2025-8032,
CVE-2025-8033, CVE-2025-8034, CVE-2025-8035, CVE-2025-8036,
CVE-2025-8037, CVE-2025-8038, CVE-2025-8039, CVE-2025-8040,
CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9182,
CVE-2025-9184, CVE-2025-9185, CVE-2026-0818, CVE-2026-0877,
CVE-2026-0878, CVE-2026-0879, CVE-2026-0880, CVE-2026-0882,
CVE-2026-0883, CVE-2026-0884, CVE-2026-0885, CVE-2026-0886,
CVE-2026-0887, CVE-2026-0890, CVE-2026-0891
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/1:140.7.1+build1-0ubuntu0.22.04.1
[USN-7993-1] libpng vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7993-1
February 02, 2026
libpng1.6 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
libpng could be made to crash if it opened a specially crafted file.
Software Description:
- libpng1.6: PNG (Portable Network Graphics) file library
Details:
It was discovered that libpng incorrectly handled memory when processing
certain malformed PNG files. If a user or automated system were tricked
into opening a specially crafted PNG file, an attacker could use this issue
to cause libpng to crash, resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libpng16-16t64 1.6.43-5ubuntu0.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7993-1
CVE-2025-28162, CVE-2025-28164
Package Information:
https://launchpad.net/ubuntu/+source/libpng1.6/1.6.43-5ubuntu0.4
[USN-7992-1] Inetutils vulnerability
==========================================================================
Ubuntu Security Notice USN-7992-1
February 02, 2026
inetutils vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Inetutils could allow unintended access to network services.
Software Description:
- inetutils: Collection of common network programs
Details:
Kyu Neushwaistein discovered that telnetd in Inetutils incorrectly handled
certain environment variables. A remote attacker could use this issue to
bypass authentication and open a session as an administrator.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
inetutils-telnetd 2:2.6-1ubuntu3.1
Ubuntu 24.04 LTS
inetutils-telnetd 2:2.5-3ubuntu4.1
Ubuntu 22.04 LTS
inetutils-telnetd 2:2.2-2ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7992-1
CVE-2026-24061
Package Information:
https://launchpad.net/ubuntu/+source/inetutils/2:2.6-1ubuntu3.1
https://launchpad.net/ubuntu/+source/inetutils/2:2.5-3ubuntu4.1
https://launchpad.net/ubuntu/+source/inetutils/2:2.2-2ubuntu0.2
[USN-7994-1] MySQL vulnerabilities
==========================================================================
Ubuntu Security Notice USN-7994-1
February 02, 2026
mysql-8.0, mysql-8.4 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-8.4: MySQL database
- mysql-8.0: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes
new upstream MySQL versions to fix these issues.
MySQL has been updated to 8.0.45 in Ubuntu 22.04 LTS and Ubuntu 24.04 LTS.
Ubuntu 25.10 has been updated to MySQL 8.4.8.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-45.html
https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-8.html
https://www.oracle.com/security-alerts/cpujan2026.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
mysql-server 8.4.8-0ubuntu0.25.10.1
Ubuntu 24.04 LTS
mysql-server-8.0 8.0.45-0ubuntu0.24.04.1
Ubuntu 22.04 LTS
mysql-server-8.0 8.0.45-0ubuntu0.22.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7994-1
CVE-2026-21936, CVE-2026-21937, CVE-2026-21941, CVE-2026-21948,
CVE-2026-21964, CVE-2026-21968
Package Information:
https://launchpad.net/ubuntu/+source/mysql-8.4/8.4.8-0ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.45-0ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/mysql-8.0/8.0.45-0ubuntu0.22.04.1
