[USN-8155-1] OpenSSL vulnerabilities
[USN-8156-1] GDK-PixBuf vulnerability
[USN-8157-1] Squid vulnerabilities
[USN-8148-5] Linux kernel vulnerabilities
[USN-8159-2] Linux kernel (FIPS) vulnerabilities
[USN-8159-3] Linux kernel (Real-time) vulnerabilities
[USN-8158-1] Dogtag PKI vulnerability
[USN-8155-1] OpenSSL vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8155-1
April 08, 2026
openssl vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in OpenSSL.
Software Description:
- openssl: Secure Socket Layer (SSL) cryptographic library and tools
Details:
Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected
preferred key exchange group when used as a TLS 1.3 server. This could
result in a less preferred key exchange being used, contrary to
expectations. This issue only affected Ubuntu 25.10. (CVE-2026-2673)
Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory
operations when used as a DANE client. A remote attacker could use this
issue to cause OpenSSL to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-28387)
Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory
operations when processing a delta CRL. A remote attacker could possibly
use this issue to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2026-28388)
Nathan Sportsman, Daniel Rhea, and Jaeho Nam discovered that OpenSSL
incorrectly handled certain memory operations when processing a crafted CMS
EnvelopedData message with KeyAgreeRecipientInfo. A remote attacker could
possibly use this issue to cause OpenSSL to crash, resulting in a denial
of service. (CVE-2026-28389)
Muhammad Daffa, Joshua Rogers, and Chanho Kim discovered that OpenSSL
incorrectly handled processing of a crafted CMS EnvelopedData message with
KeyTransportRecipientInfo. A remote attacker could possibly use this issue
to cause OpenSSL to crash, resulting in a denial of service.
(CVE-2026-28390)
Quoc Tran discovered that OpenSSL incorrectly handled hexadecimal
conversion on 32-bit platforms. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2026-31789)
Simo Sorce discovered that OpenSSL incorrectly handled failures in RSA KEM
RSASVE Encapsulation. A remote attacker could possibly use this issue to
obtain sensitive information. (CVE-2026-31790)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libssl3t64 3.5.3-1ubuntu3.3
openssl 3.5.3-1ubuntu3.3
Ubuntu 24.04 LTS
libssl3t64 3.0.13-0ubuntu3.9
openssl 3.0.13-0ubuntu3.9
Ubuntu 22.04 LTS
libssl3 3.0.2-0ubuntu1.23
openssl 3.0.2-0ubuntu1.23
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8155-1
CVE-2026-2673, CVE-2026-28387, CVE-2026-28388, CVE-2026-28389,
CVE-2026-28390, CVE-2026-31789, CVE-2026-31790
Package Information:
https://launchpad.net/ubuntu/+source/openssl/3.5.3-1ubuntu3.3
https://launchpad.net/ubuntu/+source/openssl/3.0.13-0ubuntu3.9
https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.23
[USN-8156-1] GDK-PixBuf vulnerability
==========================================================================
Ubuntu Security Notice USN-8156-1
April 08, 2026
gdk-pixbuf vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
GDK-PixBuf could be made to crash or run programs if it opened a specially
crafted file.
Software Description:
- gdk-pixbuf: GDK Pixbuf library
Details:
It was discovered that GDK-PixBuf incorrectly handled certain JPEG files.
An attacker could use this issue to cause GDK-PixBuf to crash, resulting in
a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libgdk-pixbuf-2.0-0 2.42.12+dfsg-5ubuntu0.1
Ubuntu 24.04 LTS
libgdk-pixbuf-2.0-0 2.42.10+dfsg-3ubuntu3.3
Ubuntu 22.04 LTS
libgdk-pixbuf-2.0-0 2.42.8+dfsg-1ubuntu0.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8156-1
CVE-2026-5201
Package Information:
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.42.12+dfsg-5ubuntu0.1
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.42.10+dfsg-3ubuntu3.3
https://launchpad.net/ubuntu/+source/gdk-pixbuf/2.42.8+dfsg-1ubuntu0.5
[USN-8157-1] Squid vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8157-1
April 08, 2026
squid vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Squid.
Software Description:
- squid: Web proxy cache server
Details:
It was discovered that Squid incorrectly handled certain ICP traffic. In
environments where ICP support is enabled, a remote attacker could use this
issue to cause Squid to crash, resulting in a denial of service, or obtain
small amounts of sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
squid 6.14-0ubuntu0.25.10.2
Ubuntu 24.04 LTS
squid 6.14-0ubuntu0.24.04.2
Ubuntu 22.04 LTS
squid 5.9-0ubuntu0.22.04.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8157-1
CVE-2026-32748, CVE-2026-33515, CVE-2026-33526
Package Information:
https://launchpad.net/ubuntu/+source/squid/6.14-0ubuntu0.25.10.2
https://launchpad.net/ubuntu/+source/squid/6.14-0ubuntu0.24.04.2
https://launchpad.net/ubuntu/+source/squid/5.9-0ubuntu0.22.04.5
[USN-8148-5] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8148-5
April 09, 2026
linux-aws-6.8, linux-gcp-6.8, linux-hwe-6.8, linux-ibm-6.8,
linux-lowlatency-hwe-6.8 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-6.8: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe-6.8: Linux hardware enablement (HWE) kernel
- linux-ibm-6.8: Linux kernel for IBM cloud systems
- linux-lowlatency-hwe-6.8: Linux low latency kernel
- linux-nvidia-6.8: Linux kernel for NVIDIA systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Netfilter;
- Network traffic control;
(CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-6.8.0-1050-ibm 6.8.0-1050.50~22.04.1
linux-image-6.8.0-1050-nvidia 6.8.0-1050.53~22.04.1
linux-image-6.8.0-1050-nvidia-64k 6.8.0-1050.53~22.04.1
linux-image-6.8.0-1051-aws 6.8.0-1051.54~22.04.1
linux-image-6.8.0-1051-aws-64k 6.8.0-1051.54~22.04.1
linux-image-6.8.0-1053-gcp 6.8.0-1053.56~22.04.1
linux-image-6.8.0-1053-gcp-64k 6.8.0-1053.56~22.04.1
linux-image-6.8.0-107-generic 6.8.0-107.107~22.04.1
linux-image-6.8.0-107-generic-64k 6.8.0-107.107~22.04.1
linux-image-6.8.0-107-lowlatency 6.8.0-107.107.1~22.04.1
linux-image-6.8.0-107-lowlatency-64k 6.8.0-107.107.1~22.04.1
linux-image-aws 6.8.0-1051.54~22.04.1
linux-image-aws-6.8 6.8.0-1051.54~22.04.1
linux-image-aws-64k 6.8.0-1051.54~22.04.1
linux-image-aws-64k-6.8 6.8.0-1051.54~22.04.1
linux-image-gcp 6.8.0-1053.56~22.04.1
linux-image-gcp-6.8 6.8.0-1053.56~22.04.1
linux-image-gcp-64k 6.8.0-1053.56~22.04.1
linux-image-gcp-64k-6.8 6.8.0-1053.56~22.04.1
linux-image-generic-6.8 6.8.0-107.107~22.04.1
linux-image-generic-64k-6.8 6.8.0-107.107~22.04.1
linux-image-generic-64k-hwe-22.04 6.8.0-107.107~22.04.1
linux-image-generic-hwe-22.04 6.8.0-107.107~22.04.1
linux-image-ibm-6.8 6.8.0-1050.50~22.04.1
linux-image-lowlatency-6.8 6.8.0-107.107.1~22.04.1
linux-image-lowlatency-64k-6.8 6.8.0-107.107.1~22.04.1
linux-image-lowlatency-64k-hwe-22.04 6.8.0-107.107.1~22.04.1
linux-image-lowlatency-hwe-22.04 6.8.0-107.107.1~22.04.1
linux-image-nvidia-6.8 6.8.0-1050.53~22.04.1
linux-image-nvidia-64k-6.8 6.8.0-1050.53~22.04.1
linux-image-nvidia-64k-hwe-22.04 6.8.0-1050.53~22.04.1
linux-image-nvidia-hwe-22.04 6.8.0-1050.53~22.04.1
linux-image-oem-22.04 6.8.0-107.107~22.04.1
linux-image-oem-22.04a 6.8.0-107.107~22.04.1
linux-image-oem-22.04b 6.8.0-107.107~22.04.1
linux-image-oem-22.04c 6.8.0-107.107~22.04.1
linux-image-oem-22.04d 6.8.0-107.107~22.04.1
linux-image-virtual-6.8 6.8.0-107.107~22.04.1
linux-image-virtual-hwe-22.04 6.8.0-107.107~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-8148-5
https://ubuntu.com/security/notices/USN-8148-4
https://ubuntu.com/security/notices/USN-8148-3
https://ubuntu.com/security/notices/USN-8148-2
https://ubuntu.com/security/notices/USN-8148-1
CVE-2026-23060, CVE-2026-23074, CVE-2026-23111
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1051.54~22.04.1
https://launchpad.net/ubuntu/+source/linux-gcp-6.8/6.8.0-1053.56~22.04.1
https://launchpad.net/ubuntu/+source/linux-hwe-6.8/6.8.0-107.107~22.04.1
https://launchpad.net/ubuntu/+source/linux-ibm-6.8/6.8.0-1050.50~22.04.1
https://launchpad.net/ubuntu/+source/linux-lowlatency-hwe-6.8/6.8.0-107.107.1~22.04.1
https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1050.53~22.04.1
[USN-8159-2] Linux kernel (FIPS) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8159-2
April 08, 2026
linux-fips, linux-aws-fips, linux-gcp-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with
FIPS
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Cryptographic API;
- Netfilter;
- Network traffic control;
(CVE-2025-37849, CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1104-aws-fips 5.15.0-1104.111+fips1
Available with Ubuntu Pro
linux-image-5.15.0-1104-gcp-fips 5.15.0-1104.113+fips1
Available with Ubuntu Pro
linux-image-5.15.0-174-fips 5.15.0-174.184+fips1
Available with Ubuntu Pro
linux-image-aws-fips 5.15.0.1104.100
Available with Ubuntu Pro
linux-image-aws-fips-5.15 5.15.0.1104.100
Available with Ubuntu Pro
linux-image-fips 5.15.0.174.101
Available with Ubuntu Pro
linux-image-fips-5.15 5.15.0.174.101
Available with Ubuntu Pro
linux-image-gcp-fips 5.15.0.1104.94
Available with Ubuntu Pro
linux-image-gcp-fips-5.15 5.15.0.1104.94
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-8159-2
https://ubuntu.com/security/notices/USN-8159-1
CVE-2025-37849, CVE-2026-23060, CVE-2026-23074, CVE-2026-23111
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/5.15.0-1104.111+fips1
https://launchpad.net/ubuntu/+source/linux-fips/5.15.0-174.184+fips1
https://launchpad.net/ubuntu/+source/linux-gcp-fips/5.15.0-1104.113+fips1
[USN-8159-3] Linux kernel (Real-time) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8159-3
April 08, 2026
linux-realtime vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-realtime: Linux kernel for Real-time systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Cryptographic API;
- Netfilter;
- Network traffic control;
(CVE-2025-37849, CVE-2026-23060, CVE-2026-23074, CVE-2026-23111)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
linux-image-5.15.0-1103-realtime 5.15.0-1103.112
Available with Ubuntu Pro
linux-image-realtime 5.15.0.1103.107
Available with Ubuntu Pro
linux-image-realtime-5.15 5.15.0.1103.107
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-8159-3
https://ubuntu.com/security/notices/USN-8159-2
https://ubuntu.com/security/notices/USN-8159-1
CVE-2025-37849, CVE-2026-23060, CVE-2026-23074, CVE-2026-23111
Package Information:
https://launchpad.net/ubuntu/+source/linux-realtime/5.15.0-1103.112
[USN-8158-1] Dogtag PKI vulnerability
==========================================================================
Ubuntu Security Notice USN-8158-1
April 08, 2026
dogtag-pki vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Dogtag PKI could allow unintended access to network resources.
Software Description:
- dogtag-pki: Enterprise-class Certificate Authority
Details:
Fraser Tweedale and Geetika Kapoor discovered that Dogtag PKI could renew a
certificate without proper authentication. An attacker could possibly use
this to repeatedly renew a compromised certificate and maintain
unauthorized access to a system or resource.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
dogtag-pki 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
libsymkey-java 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
libsymkey-jni 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
pki-base 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
pki-base-java 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
pki-ca 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
pki-console 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
pki-kra 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
pki-ocsp 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
pki-server 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
pki-tks 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
pki-tools 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
pki-tps 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
pki-tps-client 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
python3-pki-base 10.8.3-1ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
dogtag-pki 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
libsymkey-java 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
libsymkey-jni 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
pki-base 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
pki-base-java 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
pki-ca 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
pki-console 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
pki-kra 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
pki-ocsp 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
pki-server 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
pki-tks 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
pki-tools 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
pki-tps 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
pki-tps-client 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
python3-pki-base 10.6.0-1ubuntu2+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8158-1
CVE-2021-20179
