Ubuntu released security updates on April 20 and 21 to address critical flaws across several widely used system libraries. RapidJSON contains an integer overflow vulnerability that could allow attackers to escalate privileges or crash the application when processing malicious files. Apache Commons IO risks crashing from excessive CPU usage while NTFS-3G contains parsing flaws that enable arbitrary code execution alongside a libcap2 vulnerability that permits local users to tamper with file permissions for unauthorized access. System administrators should apply the recommended package updates immediately to protect their Ubuntu environments from these exploits.

[USN-8189-1] RapidJSON vulnerability
[USN-8191-1] Apache Commons IO vulnerability
[USN-8192-1] NTFS-3G vulnerabilities
[USN-8193-1] libcap vulnerability

[USN-8189-1] RapidJSON vulnerability

==========================================================================
Ubuntu Security Notice USN-8189-1
April 20, 2026

rapidjson vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

RapidJSON could be made to crash or run programs as an administrator if it
opened a specially crafted file.

Software Description:
- rapidjson: A fast JSON parser/generator for C++

Details:

It was discovered that RapidJSON did not properly protect against integer
overflows in certain instances when parsing JSON text. A remote attacker
could possibly use this issue to craft a malicious JSON file, that when
read by RapidJSON, would lead to an elevation of privilege, resulting in
the potential disclosure of sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
rapidjson-dev 1.1.0+dfsg2-7.2ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 22.04 LTS
rapidjson-dev 1.1.0+dfsg2-7ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 20.04 LTS
rapidjson-dev 1.1.0+dfsg2-5ubuntu1+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
rapidjson-dev 1.1.0+dfsg2-3ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
rapidjson-dev 0.12~git20141031-3ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8189-1
CVE-2024-39684

[USN-8191-1] Apache Commons IO vulnerability

==========================================================================
Ubuntu Security Notice USN-8191-1
April 21, 2026

commons-io vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Apache Commons IO could be made to crash if it received specially
crafted input.

Software Description:
- commons-io: library of utilities to assist with developing IO functionality

Details:

It was discovered that Apache Commons IO's XmlStreamReader class
could excessively consume CPU resources under certain circumstances. An
attacker could possibly use this issue to cause Apache Commons IO
to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libcommons-io-java 2.11.0-2ubuntu0.24.04.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
libcommons-io-java 2.11.0-2ubuntu0.22.04.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libcommons-io-java 2.6-2ubuntu0.20.04.1+esm1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
libcommons-io-java 2.6-2ubuntu0.18.04.1+esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
libcommons-io-java 2.4-2ubuntu0.16.04.1~esm1
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libcommons-io-java 2.4-2ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8191-1
CVE-2024-47554

[USN-8192-1] NTFS-3G vulnerabilities

==========================================================================
Ubuntu Security Notice USN-8192-1
April 21, 2026

ntfs-3g vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in NTFS-3G.

Software Description:
- ntfs-3g: read/write NTFS driver for FUSE

Details:

Jeffrey Bencteux discovered that NTFS-3G incorrectly handled certain UTF-8
sequences. An attacker could use this issue to cause NTFS-3G to crash,
resulting in a denial of service, or to execute arbitrary code. This issue
only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2023-52890)

Andrea Bocchetti discovered that NTFS-3G incorrectly handled certain
security descriptors. An attacker could use this issue to cause NTFS-3G to
crash, resulting in a denial of service, or to execute arbitrary code.
(CVE-2026-40706)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
ntfs-3g 1:2022.10.3-5ubuntu0.25.10.1

Ubuntu 24.04 LTS
ntfs-3g 1:2022.10.3-1.2ubuntu3.1

Ubuntu 22.04 LTS
ntfs-3g 1:2021.8.22-3ubuntu1.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8192-1
CVE-2023-52890, CVE-2026-40706

Package Information:
https://launchpad.net/ubuntu/+source/ntfs-3g/1:2022.10.3-5ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/ntfs-3g/1:2022.10.3-1.2ubuntu3.1
https://launchpad.net/ubuntu/+source/ntfs-3g/1:2021.8.22-3ubuntu1.3

[USN-8193-1] libcap vulnerability

==========================================================================
Ubuntu Security Notice USN-8193-1
April 21, 2026

libcap2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

libcap could be made to modify capabilities on arbitrary files.

Software Description:
- libcap2: POSIX 1003.1e capabilities library

Details:

Ali Raza discovered that libcap incorrectly handled file capability
updates. A local attacker could possibly use this issue to inject or strip
capabilities into arbitrary executables and escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
libcap2 1:2.75-7ubuntu2.2
libcap2-bin 1:2.75-7ubuntu2.2

Ubuntu 24.04 LTS
libcap2 1:2.66-5ubuntu2.4
libcap2-bin 1:2.66-5ubuntu2.4

Ubuntu 22.04 LTS
libcap2 1:2.44-1ubuntu0.22.04.3
libcap2-bin 1:2.44-1ubuntu0.22.04.3

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8193-1
CVE-2026-4878

Package Information:
https://launchpad.net/ubuntu/+source/libcap2/1:2.75-7ubuntu2.2
https://launchpad.net/ubuntu/+source/libcap2/1:2.66-5ubuntu2.4
https://launchpad.net/ubuntu/+source/libcap2/1:2.44-1ubuntu0.22.04.3