Rclone, Kernel, .NET, and more updates for Ubuntu Linux

Ubuntu 7120 Published by

Ubuntu published a series of security notices covering numerous vulnerabilities across popular applications and specialized Linux kernel builds. These patches address dangerous flaws in tools like rclone, .NET, Vim, and NLTK that could let malicious actors run unauthorized commands or access private information. Additional updates for low latency, NVIDIA Tegra, Intel IoT Realtime, and standard NVIDIA kernels also resolve deep subsystem issues capable of triggering privilege escalation or full system takeover. Users running any supported Ubuntu release should install the latest package versions right away to close these security gaps.

[USN-8299-1] Rclone vulnerabilities
[USN-8291-3] Linux kernel (Low Latency) vulnerabilities
[USN-8296-2] Linux kernel (NVIDIA Tegra) vulnerabilities
[USN-8301-1] SimpleEval vulnerability
[USN-8300-1] ngtcp2 vulnerability
[USN-8305-1] Linux kernel (Intel IoTG Real-time) vulnerabilities
[USN-8279-3] Linux kernel (NVIDIA Tegra IGX) vulnerabilities
[USN-8289-2] Linux kernel (NVIDIA) vulnerabilities
[USN-8298-1] .NET vulnerability
[USN-8302-1] NLTK vulnerabilities
[USN-8304-1] Vim vulnerabilities




[USN-8299-1] Rclone vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8299-1
May 25, 2026

rclone vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in Rclone.

Software Description:
- rclone: rsync for commercial cloud storage

Details:

It was discovered that Rclone incorrectly handled authorization in the remote
control API. An attacker could possibly use this issue to obtain sensitive
information. (CVE-2026-41176)

It was discovered that Rclone incorrectly handled backend instantiation via the
remote control API. An attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.10 and
Ubuntu 26.04 LTS. (CVE-2026-41179)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
rclone 1.60.1+dfsg-4ubuntu3.1

Ubuntu 25.10
rclone 1.60.1+dfsg-4ubuntu2.1

Ubuntu 24.04 LTS
rclone 1.60.1+dfsg-3ubuntu0.24.04.5

Ubuntu 22.04 LTS
rclone 1.53.3-4ubuntu1.22.04.4

Ubuntu 20.04 LTS
rclone 1.50.2-2ubuntu0.2+esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8299-1
CVE-2026-41176, CVE-2026-41179

Package Information:
https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4ubuntu3.1
https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-4ubuntu2.1
https://launchpad.net/ubuntu/+source/rclone/1.60.1+dfsg-3ubuntu0.24.04.5
https://launchpad.net/ubuntu/+source/rclone/1.53.3-4ubuntu1.22.04.4



[USN-8291-3] Linux kernel (Low Latency) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8291-3
May 25, 2026

linux-lowlatency vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-lowlatency: Linux low latency kernel

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
- Netfilter;
- io_uring subsystem;
(CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-178-lowlatency 5.15.0-178.188
linux-image-5.15.0-178-lowlatency-64k 5.15.0-178.188
linux-image-lowlatency 5.15.0.178.150
linux-image-lowlatency-5.15 5.15.0.178.150
linux-image-lowlatency-64k 5.15.0.178.150
linux-image-lowlatency-64k-5.15 5.15.0.178.150

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8291-3
https://ubuntu.com/security/notices/USN-8291-2
https://ubuntu.com/security/notices/USN-8291-1
CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351

Package Information:
https://launchpad.net/ubuntu/+source/linux-lowlatency/5.15.0-178.188



[USN-8296-2] Linux kernel (NVIDIA Tegra) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8296-2
May 25, 2026

linux-nvidia-tegra vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-nvidia-tegra: Linux kernel for NVIDIA Tegra systems

Details:

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Compute Acceleration Framework;
- Drivers core;
- Null block device driver;
- Ublk userspace block driver;
- Bluetooth drivers;
- Counter interface drivers;
- DMA engine subsystem;
- DPLL subsystem;
- GPU drivers;
- HID subsystem;
- Intel Trace Hub HW tracing drivers;
- IIO ADC drivers;
- IIO subsystem;
- On-Chip Interconnect management framework;
- IRQ chip drivers;
- Modular ISDN driver;
- LED subsystem;
- Multiple devices driver;
- UACCE accelerator framework;
- MMC subsystem;
- Ethernet bonding driver;
- Network drivers;
- Mellanox network drivers;
- NVME drivers;
- PHY drivers;
- x86 platform drivers;
- i.MX PM domains;
- SCSI subsystem;
- SLIMbus drivers;
- SPI subsystem;
- TCM subsystem;
- W1 Dallas's 1-wire bus driver;
- Xen hypervisor drivers;
- BTRFS file system;
- EFI Variable file system;
- exFAT file system;
- Ext4 file system;
- HFS+ file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Scheduler infrastructure;
- Netfilter;
- NFC subsystem;
- Tracing infrastructure;
- io_uring subsystem;
- BPF subsystem;
- Perf events;
- Floating proportions library;
- Memory management;
- Bluetooth subsystem;
- CAN network layer;
- Ceph Core library;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- L2TP protocol;
- MAC80211 subsystem;
- NET/ROM layer;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- Unix domain sockets;
- VMware vSockets driver;
- Wireless networking;
- ALSA AC97 driver;
- Generic PCM loopback sound driver;
- Creative Sound Blaster X-Fi driver;
- AMD SoC Alsa drivers;
- Texas InstrumentS Audio (ASoC/HDA) drivers;
- USB sound devices;
- KVM subsystem;
(CVE-2024-50004, CVE-2024-58096, CVE-2024-58097, CVE-2025-37926,
CVE-2025-38201, CVE-2025-38591, CVE-2025-40039, CVE-2025-40082,
CVE-2025-40149, CVE-2025-68351, CVE-2025-68358, CVE-2025-68365,
CVE-2025-68725, CVE-2025-68749, CVE-2025-68803, CVE-2025-68823,
CVE-2025-71160, CVE-2025-71162, CVE-2025-71163, CVE-2025-71180,
CVE-2025-71182, CVE-2025-71183, CVE-2025-71184, CVE-2025-71185,
CVE-2025-71186, CVE-2025-71188, CVE-2025-71189, CVE-2025-71190,
CVE-2025-71191, CVE-2025-71192, CVE-2025-71193, CVE-2025-71194,
CVE-2025-71195, CVE-2025-71196, CVE-2025-71197, CVE-2025-71198,
CVE-2025-71199, CVE-2025-71200, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2025-71225, CVE-2025-71268, CVE-2026-22976,
CVE-2026-22977, CVE-2026-22978, CVE-2026-22979, CVE-2026-22980,
CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991,
CVE-2026-22992, CVE-2026-22994, CVE-2026-22996, CVE-2026-22997,
CVE-2026-22998, CVE-2026-22999, CVE-2026-23000, CVE-2026-23001,
CVE-2026-23003, CVE-2026-23005, CVE-2026-23006, CVE-2026-23010,
CVE-2026-23011, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021,
CVE-2026-23025, CVE-2026-23026, CVE-2026-23030, CVE-2026-23031,
CVE-2026-23032, CVE-2026-23033, CVE-2026-23035, CVE-2026-23037,
CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23050,
CVE-2026-23053, CVE-2026-23054, CVE-2026-23056, CVE-2026-23057,
CVE-2026-23058, CVE-2026-23059, CVE-2026-23061, CVE-2026-23062,
CVE-2026-23063, CVE-2026-23064, CVE-2026-23065, CVE-2026-23068,
CVE-2026-23069, CVE-2026-23071, CVE-2026-23073, CVE-2026-23075,
CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083,
CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23087,
CVE-2026-23088, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091,
CVE-2026-23093, CVE-2026-23094, CVE-2026-23095, CVE-2026-23096,
CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101,
CVE-2026-23102, CVE-2026-23103, CVE-2026-23105, CVE-2026-23107,
CVE-2026-23108, CVE-2026-23110, CVE-2026-23113, CVE-2026-23116,
CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23123,
CVE-2026-23124, CVE-2026-23125, CVE-2026-23126, CVE-2026-23128,
CVE-2026-23129, CVE-2026-23131, CVE-2026-23133, CVE-2026-23135,
CVE-2026-23136, CVE-2026-23139, CVE-2026-23140, CVE-2026-23141,
CVE-2026-23142, CVE-2026-23144, CVE-2026-23145, CVE-2026-23146,
CVE-2026-23148, CVE-2026-23150, CVE-2026-23151, CVE-2026-23156,
CVE-2026-23159, CVE-2026-23160, CVE-2026-23163, CVE-2026-23164,
CVE-2026-23166, CVE-2026-23167, CVE-2026-23168, CVE-2026-23170,
CVE-2026-23172, CVE-2026-23173, CVE-2026-23176, CVE-2026-23178,
CVE-2026-23179, CVE-2026-23180, CVE-2026-23182, CVE-2026-23187,
CVE-2026-23190, CVE-2026-23191, CVE-2026-23193, CVE-2026-23198,
CVE-2026-23200, CVE-2026-23202, CVE-2026-23204, CVE-2026-23205,
CVE-2026-23206, CVE-2026-23212, CVE-2026-23213, CVE-2026-23214,
CVE-2026-23215, CVE-2026-23216, CVE-2026-23254, CVE-2026-23256,
CVE-2026-23257, CVE-2026-23258, CVE-2026-23260, CVE-2026-23261,
CVE-2026-23262, CVE-2026-23264, CVE-2026-23274, CVE-2026-23351,
CVE-2026-23394)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
linux-image-6.8.0-1024-nvidia-tegra 6.8.0-1024.24
linux-image-6.8.0-1024-nvidia-tegra-rt 6.8.0-1024.24
linux-image-nvidia-tegra 6.8.0-1024.24
linux-image-nvidia-tegra-6.8 6.8.0-1024.24
linux-image-nvidia-tegra-rt 6.8.0-1024.24
linux-image-nvidia-tegra-rt-6.8 6.8.0-1024.24

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8296-2
https://ubuntu.com/security/notices/USN-8296-1
CVE-2024-50004, CVE-2024-58096, CVE-2024-58097, CVE-2025-37926,
CVE-2025-38201, CVE-2025-38591, CVE-2025-40039, CVE-2025-40082,
CVE-2025-40149, CVE-2025-68351, CVE-2025-68358, CVE-2025-68365,
CVE-2025-68725, CVE-2025-68749, CVE-2025-68803, CVE-2025-68823,
CVE-2025-71160, CVE-2025-71162, CVE-2025-71163, CVE-2025-71180,
CVE-2025-71182, CVE-2025-71183, CVE-2025-71184, CVE-2025-71185,
CVE-2025-71186, CVE-2025-71188, CVE-2025-71189, CVE-2025-71190,
CVE-2025-71191, CVE-2025-71192, CVE-2025-71193, CVE-2025-71194,
CVE-2025-71195, CVE-2025-71196, CVE-2025-71197, CVE-2025-71198,
CVE-2025-71199, CVE-2025-71200, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2025-71225, CVE-2025-71268, CVE-2026-22976,
CVE-2026-22977, CVE-2026-22978, CVE-2026-22979, CVE-2026-22980,
CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991,
CVE-2026-22992, CVE-2026-22994, CVE-2026-22996, CVE-2026-22997,
CVE-2026-22998, CVE-2026-22999, CVE-2026-23000, CVE-2026-23001,
CVE-2026-23003, CVE-2026-23005, CVE-2026-23006, CVE-2026-23010,
CVE-2026-23011, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021,
CVE-2026-23025, CVE-2026-23026, CVE-2026-23030, CVE-2026-23031,
CVE-2026-23032, CVE-2026-23033, CVE-2026-23035, CVE-2026-23037,
CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23050,
CVE-2026-23053, CVE-2026-23054, CVE-2026-23056, CVE-2026-23057,
CVE-2026-23058, CVE-2026-23059, CVE-2026-23061, CVE-2026-23062,
CVE-2026-23063, CVE-2026-23064, CVE-2026-23065, CVE-2026-23068,
CVE-2026-23069, CVE-2026-23071, CVE-2026-23073, CVE-2026-23075,
CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083,
CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23087,
CVE-2026-23088, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091,
CVE-2026-23093, CVE-2026-23094, CVE-2026-23095, CVE-2026-23096,
CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101,
CVE-2026-23102, CVE-2026-23103, CVE-2026-23105, CVE-2026-23107,
CVE-2026-23108, CVE-2026-23110, CVE-2026-23113, CVE-2026-23116,
CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23123,
CVE-2026-23124, CVE-2026-23125, CVE-2026-23126, CVE-2026-23128,
CVE-2026-23129, CVE-2026-23131, CVE-2026-23133, CVE-2026-23135,
CVE-2026-23136, CVE-2026-23139, CVE-2026-23140, CVE-2026-23141,
CVE-2026-23142, CVE-2026-23144, CVE-2026-23145, CVE-2026-23146,
CVE-2026-23148, CVE-2026-23150, CVE-2026-23151, CVE-2026-23156,
CVE-2026-23159, CVE-2026-23160, CVE-2026-23163, CVE-2026-23164,
CVE-2026-23166, CVE-2026-23167, CVE-2026-23168, CVE-2026-23170,
CVE-2026-23172, CVE-2026-23173, CVE-2026-23176, CVE-2026-23178,
CVE-2026-23179, CVE-2026-23180, CVE-2026-23182, CVE-2026-23187,
CVE-2026-23190, CVE-2026-23191, CVE-2026-23193, CVE-2026-23198,
CVE-2026-23200, CVE-2026-23202, CVE-2026-23204, CVE-2026-23205,
CVE-2026-23206, CVE-2026-23212, CVE-2026-23213, CVE-2026-23214,
CVE-2026-23215, CVE-2026-23216, CVE-2026-23254, CVE-2026-23256,
CVE-2026-23257, CVE-2026-23258, CVE-2026-23260, CVE-2026-23261,
CVE-2026-23262, CVE-2026-23264, CVE-2026-23274, CVE-2026-23351,
CVE-2026-23394

Package Information:
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra/6.8.0-1024.24



[USN-8301-1] SimpleEval vulnerability


==========================================================================
Ubuntu Security Notice USN-8301-1
May 25, 2026

simpleeval vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

SimpleEval could be made to run programs if it received specially crafted
input.

Software Description:
- simpleeval: Python library for evaluating expressions

Details:

Byambadalai Sumiya discovered that SimpleEval did not properly restrict
attribute access and callback handling inside a sandbox. An attacker could
possibly use this issue to execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
python3-simpleeval 1.0.3-1+deb13u1build0.26.04.1

Ubuntu 25.10
python3-simpleeval 1.0.3-1+deb13u1build0.25.10.1

Ubuntu 24.04 LTS
python3-simpleeval 0.9.12-1+deb12u1build0.24.04.1

Ubuntu 22.04 LTS
python3-simpleeval 0.9.11-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 20.04 LTS
python3-simpleeval 0.9.10-1+deb11u1build0.20.04.1
Available with Ubuntu Pro

Ubuntu 18.04 LTS
python-simpleeval 0.9.5-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-simpleeval 0.9.5-1ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 16.04 LTS
python-simpleeval 0.8.7-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-simpleeval 0.8.7-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8301-1
CVE-2026-32640

Package Information:
https://launchpad.net/ubuntu/+source/simpleeval/1.0.3-1+deb13u1build0.26.04.1
https://launchpad.net/ubuntu/+source/simpleeval/1.0.3-1+deb13u1build0.25.10.1
https://launchpad.net/ubuntu/+source/simpleeval/0.9.12-1+deb12u1build0.24.04.1



[USN-8300-1] ngtcp2 vulnerability


==========================================================================
Ubuntu Security Notice USN-8300-1
May 25, 2026

ngtcp2 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

ngtcp2 could be made to run programs as your login if it received specially
crafted network traffic when qlog was enabled.

Software Description:
- ngtcp2: RFC9000 QUIC protocol implementation

Details:

Zou Dikai discovered that ngtcp2 serialized peer transport parameters into
a fixed 1024-byte stack buffer without bounds checking. When qlog was
enabled, a remote attacker could possibly use this issue to execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
libngtcp2-16 1.16.0-1ubuntu0.1
libngtcp2-crypto-gnutls-dev 1.16.0-1ubuntu0.1
libngtcp2-crypto-gnutls8 1.16.0-1ubuntu0.1
libngtcp2-crypto-ossl-dev 1.16.0-1ubuntu0.1
libngtcp2-crypto-ossl0 1.16.0-1ubuntu0.1
libngtcp2-dev 1.16.0-1ubuntu0.1

Ubuntu 25.10
libngtcp2-16 1.11.0-1+deb13u1build0.25.10.1
libngtcp2-crypto-gnutls-dev 1.11.0-1+deb13u1build0.25.10.1
libngtcp2-crypto-gnutls8 1.11.0-1+deb13u1build0.25.10.1
libngtcp2-dev 1.11.0-1+deb13u1build0.25.10.1
ngtcp2-client 1.11.0-1+deb13u1build0.25.10.1
ngtcp2-server 1.11.0-1+deb13u1build0.25.10.1

Ubuntu 24.04 LTS
libngtcp2-9 0.12.1+dfsg-1+deb12u1build0.24.04.1
libngtcp2-crypto-gnutls-dev 0.12.1+dfsg-1+deb12u1build0.24.04.1
libngtcp2-crypto-gnutls2 0.12.1+dfsg-1+deb12u1build0.24.04.1
libngtcp2-dev 0.12.1+dfsg-1+deb12u1build0.24.04.1
ngtcp2-client 0.12.1+dfsg-1+deb12u1build0.24.04.1
ngtcp2-server 0.12.1+dfsg-1+deb12u1build0.24.04.1

Ubuntu 22.04 LTS
libngtcp2-0 0.1.0+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libngtcp2-crypto-gnutls-dev 0.1.0+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libngtcp2-crypto-gnutls0 0.1.0+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
libngtcp2-dev 0.1.0+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
ngtcp2-client 0.1.0+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro
ngtcp2-server 0.1.0+dfsg-1ubuntu0.1~esm1
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8300-1
CVE-2026-40170

Package Information:
https://launchpad.net/ubuntu/+source/ngtcp2/1.16.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/ngtcp2/1.11.0-1+deb13u1build0.25.10.1
https://launchpad.net/ubuntu/+source/ngtcp2/0.12.1+dfsg-1+deb12u1build0.24.04.1



[USN-8305-1] Linux kernel (Intel IoTG Real-time) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8305-1
May 25, 2026

linux-intel-iot-realtime vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-intel-iot-realtime: Linux kernel for Intel IoT Real-time platforms

Details:

It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Ethernet bonding driver;
- Packet sockets;
- TLS protocol;
(CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033,
CVE-2026-43077, CVE-2026-43078)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1100-intel-iot-realtime 5.15.0-1100.102
Available with Ubuntu Pro
linux-image-intel-iot-realtime 5.15.0.1100.104
Available with Ubuntu Pro
linux-image-intel-iot-realtime-5.15 5.15.0.1100.104
Available with Ubuntu Pro

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8305-1
CVE-2026-31419, CVE-2026-31431, CVE-2026-31504, CVE-2026-31533,
CVE-2026-43033, CVE-2026-43077, CVE-2026-43078

Package Information:

https://launchpad.net/ubuntu/+source/linux-intel-iot-realtime/5.15.0-1100.102



[USN-8279-3] Linux kernel (NVIDIA Tegra IGX) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8279-3
May 25, 2026

linux-nvidia-tegra-igx vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-nvidia-tegra-igx: Linux kernel for NVIDIA Tegra IGX systems

Details:

It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Ethernet bonding driver;
- SMB network file system;
- Netfilter;
- io_uring subsystem;
- Packet sockets;
- TLS protocol;
(CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351,
CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033,
CVE-2026-43077, CVE-2026-43078)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-5.15.0-1049-nvidia-tegra-igx 5.15.0-1049.49
linux-image-5.15.0-1049-nvidia-tegra-igx-rt 5.15.0-1049.49
linux-image-nvidia-tegra-igx 5.15.0.1049.51
linux-image-nvidia-tegra-igx-5.15 5.15.0.1049.51
linux-image-nvidia-tegra-igx-rt 5.15.0.1049.51
linux-image-nvidia-tegra-igx-rt-5.15 5.15.0.1049.51

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8279-3
https://ubuntu.com/security/notices/USN-8279-2
https://ubuntu.com/security/notices/USN-8279-1
CVE-2024-35862, CVE-2024-50060, CVE-2026-23274, CVE-2026-23351,
CVE-2026-31419, CVE-2026-31431, CVE-2026-31504, CVE-2026-31533,
CVE-2026-43033, CVE-2026-43077, CVE-2026-43078

Package Information:
https://launchpad.net/ubuntu/+source/linux-nvidia-tegra-igx/5.15.0-1049.49



[USN-8289-2] Linux kernel (NVIDIA) vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8289-2
May 25, 2026

linux-nvidia-6.8 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:
- linux-nvidia-6.8: Linux kernel for NVIDIA systems

Details:

It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- x86 architecture;
- Cryptographic API;
- Compute Acceleration Framework;
- Drivers core;
- Null block device driver;
- Ublk userspace block driver;
- Bluetooth drivers;
- Counter interface drivers;
- DMA engine subsystem;
- DPLL subsystem;
- GPU drivers;
- HID subsystem;
- Intel Trace Hub HW tracing drivers;
- IIO ADC drivers;
- IIO subsystem;
- On-Chip Interconnect management framework;
- IRQ chip drivers;
- Modular ISDN driver;
- LED subsystem;
- Multiple devices driver;
- UACCE accelerator framework;
- MMC subsystem;
- Ethernet bonding driver;
- Network drivers;
- Mellanox network drivers;
- NVME drivers;
- PHY drivers;
- x86 platform drivers;
- i.MX PM domains;
- SCSI subsystem;
- SLIMbus drivers;
- SPI subsystem;
- TCM subsystem;
- W1 Dallas's 1-wire bus driver;
- Xen hypervisor drivers;
- BTRFS file system;
- EFI Variable file system;
- exFAT file system;
- Ext4 file system;
- HFS+ file system;
- Network file system (NFS) client;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Scheduler infrastructure;
- Netfilter;
- NFC subsystem;
- Tracing infrastructure;
- io_uring subsystem;
- BPF subsystem;
- Perf events;
- Floating proportions library;
- Memory management;
- Bluetooth subsystem;
- CAN network layer;
- Ceph Core library;
- Networking core;
- IPv4 networking;
- IPv6 networking;
- L2TP protocol;
- MAC80211 subsystem;
- NET/ROM layer;
- Packet sockets;
- Network traffic control;
- SCTP protocol;
- TLS protocol;
- Unix domain sockets;
- VMware vSockets driver;
- Wireless networking;
- ALSA AC97 driver;
- Generic PCM loopback sound driver;
- Creative Sound Blaster X-Fi driver;
- AMD SoC Alsa drivers;
- Texas InstrumentS Audio (ASoC/HDA) drivers;
- USB sound devices;
- KVM subsystem;
(CVE-2024-50004, CVE-2024-58096, CVE-2024-58097, CVE-2025-37926,
CVE-2025-38201, CVE-2025-38591, CVE-2025-40039, CVE-2025-40082,
CVE-2025-40149, CVE-2025-68351, CVE-2025-68358, CVE-2025-68365,
CVE-2025-68725, CVE-2025-68749, CVE-2025-68803, CVE-2025-68823,
CVE-2025-71160, CVE-2025-71162, CVE-2025-71163, CVE-2025-71180,
CVE-2025-71182, CVE-2025-71183, CVE-2025-71184, CVE-2025-71185,
CVE-2025-71186, CVE-2025-71188, CVE-2025-71189, CVE-2025-71190,
CVE-2025-71191, CVE-2025-71192, CVE-2025-71193, CVE-2025-71194,
CVE-2025-71195, CVE-2025-71196, CVE-2025-71197, CVE-2025-71198,
CVE-2025-71199, CVE-2025-71200, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2025-71225, CVE-2025-71268, CVE-2026-22976,
CVE-2026-22977, CVE-2026-22978, CVE-2026-22979, CVE-2026-22980,
CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991,
CVE-2026-22992, CVE-2026-22994, CVE-2026-22996, CVE-2026-22997,
CVE-2026-22998, CVE-2026-22999, CVE-2026-23000, CVE-2026-23001,
CVE-2026-23003, CVE-2026-23005, CVE-2026-23006, CVE-2026-23010,
CVE-2026-23011, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021,
CVE-2026-23025, CVE-2026-23026, CVE-2026-23030, CVE-2026-23031,
CVE-2026-23032, CVE-2026-23033, CVE-2026-23035, CVE-2026-23037,
CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23050,
CVE-2026-23053, CVE-2026-23054, CVE-2026-23056, CVE-2026-23057,
CVE-2026-23058, CVE-2026-23059, CVE-2026-23061, CVE-2026-23062,
CVE-2026-23063, CVE-2026-23064, CVE-2026-23065, CVE-2026-23068,
CVE-2026-23069, CVE-2026-23071, CVE-2026-23073, CVE-2026-23075,
CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083,
CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23087,
CVE-2026-23088, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091,
CVE-2026-23093, CVE-2026-23094, CVE-2026-23095, CVE-2026-23096,
CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101,
CVE-2026-23102, CVE-2026-23103, CVE-2026-23105, CVE-2026-23107,
CVE-2026-23108, CVE-2026-23110, CVE-2026-23113, CVE-2026-23116,
CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23123,
CVE-2026-23124, CVE-2026-23125, CVE-2026-23126, CVE-2026-23128,
CVE-2026-23129, CVE-2026-23131, CVE-2026-23133, CVE-2026-23135,
CVE-2026-23136, CVE-2026-23139, CVE-2026-23140, CVE-2026-23141,
CVE-2026-23142, CVE-2026-23144, CVE-2026-23145, CVE-2026-23146,
CVE-2026-23148, CVE-2026-23150, CVE-2026-23151, CVE-2026-23156,
CVE-2026-23159, CVE-2026-23160, CVE-2026-23163, CVE-2026-23164,
CVE-2026-23166, CVE-2026-23167, CVE-2026-23168, CVE-2026-23170,
CVE-2026-23172, CVE-2026-23173, CVE-2026-23176, CVE-2026-23178,
CVE-2026-23179, CVE-2026-23180, CVE-2026-23182, CVE-2026-23187,
CVE-2026-23190, CVE-2026-23191, CVE-2026-23193, CVE-2026-23198,
CVE-2026-23200, CVE-2026-23204, CVE-2026-23205, CVE-2026-23206,
CVE-2026-23212, CVE-2026-23213, CVE-2026-23214, CVE-2026-23215,
CVE-2026-23216, CVE-2026-23254, CVE-2026-23256, CVE-2026-23257,
CVE-2026-23258, CVE-2026-23260, CVE-2026-23261, CVE-2026-23262,
CVE-2026-23264, CVE-2026-23274, CVE-2026-23351, CVE-2026-23394,
CVE-2026-31419, CVE-2026-31504, CVE-2026-31533, CVE-2026-43033,
CVE-2026-43077, CVE-2026-43078)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
linux-image-6.8.0-1054-nvidia 6.8.0-1054.57~22.04.1
linux-image-6.8.0-1054-nvidia-64k 6.8.0-1054.57~22.04.1
linux-image-nvidia-6.8 6.8.0-1054.57~22.04.1
linux-image-nvidia-64k-6.8 6.8.0-1054.57~22.04.1
linux-image-nvidia-64k-hwe-22.04 6.8.0-1054.57~22.04.1
linux-image-nvidia-hwe-22.04 6.8.0-1054.57~22.04.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.

References:
https://ubuntu.com/security/notices/USN-8289-2
https://ubuntu.com/security/notices/USN-8289-1
CVE-2024-50004, CVE-2024-58096, CVE-2024-58097, CVE-2025-37926,
CVE-2025-38201, CVE-2025-38591, CVE-2025-40039, CVE-2025-40082,
CVE-2025-40149, CVE-2025-68351, CVE-2025-68358, CVE-2025-68365,
CVE-2025-68725, CVE-2025-68749, CVE-2025-68803, CVE-2025-68823,
CVE-2025-71160, CVE-2025-71162, CVE-2025-71163, CVE-2025-71180,
CVE-2025-71182, CVE-2025-71183, CVE-2025-71184, CVE-2025-71185,
CVE-2025-71186, CVE-2025-71188, CVE-2025-71189, CVE-2025-71190,
CVE-2025-71191, CVE-2025-71192, CVE-2025-71193, CVE-2025-71194,
CVE-2025-71195, CVE-2025-71196, CVE-2025-71197, CVE-2025-71198,
CVE-2025-71199, CVE-2025-71200, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2025-71225, CVE-2025-71268, CVE-2026-22976,
CVE-2026-22977, CVE-2026-22978, CVE-2026-22979, CVE-2026-22980,
CVE-2026-22982, CVE-2026-22984, CVE-2026-22990, CVE-2026-22991,
CVE-2026-22992, CVE-2026-22994, CVE-2026-22996, CVE-2026-22997,
CVE-2026-22998, CVE-2026-22999, CVE-2026-23000, CVE-2026-23001,
CVE-2026-23003, CVE-2026-23005, CVE-2026-23006, CVE-2026-23010,
CVE-2026-23011, CVE-2026-23019, CVE-2026-23020, CVE-2026-23021,
CVE-2026-23025, CVE-2026-23026, CVE-2026-23030, CVE-2026-23031,
CVE-2026-23032, CVE-2026-23033, CVE-2026-23035, CVE-2026-23037,
CVE-2026-23038, CVE-2026-23047, CVE-2026-23049, CVE-2026-23050,
CVE-2026-23053, CVE-2026-23054, CVE-2026-23056, CVE-2026-23057,
CVE-2026-23058, CVE-2026-23059, CVE-2026-23061, CVE-2026-23062,
CVE-2026-23063, CVE-2026-23064, CVE-2026-23065, CVE-2026-23068,
CVE-2026-23069, CVE-2026-23071, CVE-2026-23073, CVE-2026-23075,
CVE-2026-23076, CVE-2026-23078, CVE-2026-23080, CVE-2026-23083,
CVE-2026-23084, CVE-2026-23085, CVE-2026-23086, CVE-2026-23087,
CVE-2026-23088, CVE-2026-23089, CVE-2026-23090, CVE-2026-23091,
CVE-2026-23093, CVE-2026-23094, CVE-2026-23095, CVE-2026-23096,
CVE-2026-23097, CVE-2026-23098, CVE-2026-23099, CVE-2026-23101,
CVE-2026-23102, CVE-2026-23103, CVE-2026-23105, CVE-2026-23107,
CVE-2026-23108, CVE-2026-23110, CVE-2026-23113, CVE-2026-23116,
CVE-2026-23119, CVE-2026-23120, CVE-2026-23121, CVE-2026-23123,
CVE-2026-23124, CVE-2026-23125, CVE-2026-23126, CVE-2026-23128,
CVE-2026-23129, CVE-2026-23131, CVE-2026-23133, CVE-2026-23135,
CVE-2026-23136, CVE-2026-23139, CVE-2026-23140, CVE-2026-23141,
CVE-2026-23142, CVE-2026-23144, CVE-2026-23145, CVE-2026-23146,
CVE-2026-23148, CVE-2026-23150, CVE-2026-23151, CVE-2026-23156,
CVE-2026-23159, CVE-2026-23160, CVE-2026-23163, CVE-2026-23164,
CVE-2026-23166, CVE-2026-23167, CVE-2026-23168, CVE-2026-23170,
CVE-2026-23172, CVE-2026-23173, CVE-2026-23176, CVE-2026-23178,
CVE-2026-23179, CVE-2026-23180, CVE-2026-23182, CVE-2026-23187,
CVE-2026-23190, CVE-2026-23191, CVE-2026-23193, CVE-2026-23198,
CVE-2026-23200, CVE-2026-23204, CVE-2026-23205, CVE-2026-23206,
CVE-2026-23212, CVE-2026-23213, CVE-2026-23214, CVE-2026-23215,
CVE-2026-23216, CVE-2026-23254, CVE-2026-23256, CVE-2026-23257,
CVE-2026-23258, CVE-2026-23260, CVE-2026-23261, CVE-2026-23262,
CVE-2026-23264, CVE-2026-23274, CVE-2026-23351, CVE-2026-23394,
CVE-2026-31419, CVE-2026-31431, CVE-2026-31504, CVE-2026-31533,
CVE-2026-43033, CVE-2026-43077, CVE-2026-43078

Package Information:
https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1054.57~22.04.1



[USN-8298-1] .NET vulnerability


==========================================================================
Ubuntu Security Notice USN-8298-1
May 25, 2026

dotnet8, dotnet9, dotnet10 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

.NET could be made to consume excessive resources if it received specially
crafted network traffic.

Software Description:
- dotnet10: .NET CLI tools and runtime
- dotnet8: .NET CLI tools and runtime
- dotnet9: .NET CLI tools and runtime

Details:

Muhammad Abdul Rehman discovered that .NET incorrectly handled certain
network requests, leading to a loop with an unreachable exit condition. A
remote attacker could possibly use this issue to consume excessive
resources, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
aspnetcore-runtime-10.0 10.0.8-0ubuntu1~26.04.1
dotnet-host-10.0 10.0.8-0ubuntu1~26.04.1
dotnet-hostfxr-10.0 10.0.8-0ubuntu1~26.04.1
dotnet-runtime-10.0 10.0.8-0ubuntu1~26.04.1
dotnet-sdk-10.0 10.0.108-0ubuntu1~26.04.1
dotnet-sdk-aot-10.0 10.0.108-0ubuntu1~26.04.1
dotnet-sdk-dbg-10.0 10.0.108-0ubuntu1~26.04.1
dotnet10 10.0.108-10.0.8-0ubuntu1~26.04.1

Ubuntu 25.10
aspnetcore-runtime-10.0 10.0.8-0ubuntu1~25.10.1
aspnetcore-runtime-8.0 8.0.27-0ubuntu1~25.10.1
aspnetcore-runtime-9.0 9.0.16-0ubuntu1~25.10.1
dotnet-host-10.0 10.0.8-0ubuntu1~25.10.1
dotnet-host-8.0 8.0.27-0ubuntu1~25.10.1
dotnet-host-9.0 9.0.16-0ubuntu1~25.10.1
dotnet-hostfxr-10.0 10.0.8-0ubuntu1~25.10.1
dotnet-hostfxr-8.0 8.0.27-0ubuntu1~25.10.1
dotnet-hostfxr-9.0 9.0.16-0ubuntu1~25.10.1
dotnet-runtime-10.0 10.0.8-0ubuntu1~25.10.1
dotnet-runtime-8.0 8.0.27-0ubuntu1~25.10.1
dotnet-runtime-9.0 9.0.16-0ubuntu1~25.10.1
dotnet-sdk-10.0 10.0.108-0ubuntu1~25.10.1
dotnet-sdk-8.0 8.0.127-0ubuntu1~25.10.1
dotnet-sdk-9.0 9.0.117-0ubuntu1~25.10.1
dotnet-sdk-aot-10.0 10.0.108-0ubuntu1~25.10.1
dotnet-sdk-aot-9.0 9.0.117-0ubuntu1~25.10.1
dotnet-sdk-dbg-10.0 10.0.108-0ubuntu1~25.10.1
dotnet-sdk-dbg-8.0 8.0.127-0ubuntu1~25.10.1
dotnet-sdk-dbg-9.0 9.0.117-0ubuntu1~25.10.1
dotnet10 10.0.108-10.0.8-0ubuntu1~25.10.1
dotnet8 8.0.127-8.0.27-0ubuntu1~25.10.1
dotnet9 9.0.117-9.0.16-0ubuntu1~25.10.1

Ubuntu 24.04 LTS
aspnetcore-runtime-10.0 10.0.8-0ubuntu1~24.04.1
aspnetcore-runtime-8.0 8.0.27-0ubuntu1~24.04.1
dotnet-host-10.0 10.0.8-0ubuntu1~24.04.1
dotnet-host-8.0 8.0.27-0ubuntu1~24.04.1
dotnet-hostfxr-10.0 10.0.8-0ubuntu1~24.04.1
dotnet-hostfxr-8.0 8.0.27-0ubuntu1~24.04.1
dotnet-runtime-10.0 10.0.8-0ubuntu1~24.04.1
dotnet-runtime-8.0 8.0.27-0ubuntu1~24.04.1
dotnet-sdk-10.0 10.0.108-0ubuntu1~24.04.1
dotnet-sdk-8.0 8.0.127-0ubuntu1~24.04.1
dotnet-sdk-aot-10.0 10.0.108-0ubuntu1~24.04.1
dotnet-sdk-dbg-10.0 10.0.108-0ubuntu1~24.04.1
dotnet10 10.0.108-10.0.8-0ubuntu1~24.04.1
dotnet8 8.0.127-8.0.27-0ubuntu1~24.04.1

Ubuntu 22.04 LTS
aspnetcore-runtime-8.0 8.0.27-0ubuntu1~22.04.1
dotnet-host-8.0 8.0.27-0ubuntu1~22.04.1
dotnet-hostfxr-8.0 8.0.27-0ubuntu1~22.04.1
dotnet-runtime-8.0 8.0.27-0ubuntu1~22.04.1
dotnet-sdk-8.0 8.0.127-0ubuntu1~22.04.1
dotnet8 8.0.127-8.0.27-0ubuntu1~22.04.1

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8298-1
CVE-2026-42899

Package Information:
https://launchpad.net/ubuntu/+source/dotnet10/10.0.108-10.0.8-0ubuntu1~26.04.1
https://launchpad.net/ubuntu/+source/dotnet10/10.0.108-10.0.8-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.127-8.0.27-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet9/9.0.117-9.0.16-0ubuntu1~25.10.1
https://launchpad.net/ubuntu/+source/dotnet10/10.0.108-10.0.8-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.127-8.0.27-0ubuntu1~24.04.1
https://launchpad.net/ubuntu/+source/dotnet8/8.0.127-8.0.27-0ubuntu1~22.04.1



[USN-8302-1] NLTK vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8302-1
May 25, 2026

nltk vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in NLTK.

Software Description:
- nltk: Natural Language Toolkit

Details:

It was discovered that NLTK incorrectly validated file paths when
opening files using the nltk.util module. An attacker could possibly
use this issue to obtain sensitive information. (CVE-2026-0846)

It was discovered that NLTK incorrectly validated file paths in
multiple CorpusReader classes. An attacker could possibly use
this issue to obtain sensitive information. (CVE-2026-0847)

It was discovered that NLTK did not properly validate external
Java archive files loaded by StanfordSegmenter. An attacker
could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu
22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS.
(CVE-2026-0848)

It was discovered that NLTK's WordNet browser application
incorrectly handled user-supplied input. An attacker could
possibly use this issue to perform a cross-site scripting
attack. (CVE-2026-33230)

It was discovered that NLTK's WordNet browser application did
not restrict access to the shutdown endpoint. A remote attacker
could possibly use this issue to cause a denial of service.
(CVE-2026-33231)

It was discovered that NLTK's downloader did not validate path
attributes in remote XML index files. An attacker could possibly
use this issue to create or overwrite arbitrary files.
(CVE-2026-33236)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
python3-nltk 3.9.2-1ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 24.04 LTS
python3-nltk 3.8.1-1ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 22.04 LTS
python3-nltk 3.7-1ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 20.04 LTS
python3-nltk 3.4.5-2ubuntu0.1~esm4
Available with Ubuntu Pro

Ubuntu 18.04 LTS
python-nltk 3.2.5-1ubuntu0.1+esm4
Available with Ubuntu Pro
python3-nltk 3.2.5-1ubuntu0.1+esm4
Available with Ubuntu Pro

Ubuntu 16.04 LTS
python-nltk 3.1-1ubuntu0.1+esm4
Available with Ubuntu Pro
python3-nltk 3.1-1ubuntu0.1+esm4
Available with Ubuntu Pro

Ubuntu 14.04 LTS
python-nltk 2.0~b9-0ubuntu4.1~esm6
Available with Ubuntu Pro

In general, a standard system update will make all the necessary
changes.

References:
https://ubuntu.com/security/notices/USN-8302-1
CVE-2026-0846, CVE-2026-0847, CVE-2026-0848, CVE-2026-33230,
CVE-2026-33231, CVE-2026-33236



[USN-8304-1] Vim vulnerabilities


==========================================================================
Ubuntu Security Notice USN-8304-1
May 25, 2026

vim vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Vim.

Software Description:
- vim: Vi IMproved - enhanced vi editor

Details:

Joshua Rogers discovered that Vim incorrectly handled certain URL schemes
in the netrw plugin. An attacker could possibly use this issue to execute
arbitrary commands. (CVE-2026-42307)

It was discovered that Vim incorrectly handled command-line completion for
the :find command. An attacker could possibly use this issue to execute
arbitrary commands. (CVE-2026-44656)

Daniel Cervera discovered that Vim incorrectly handled loading spell files.
An attacker could possibly use this issue to cause a denial of service, or
to execute arbitrary code. (CVE-2026-45130)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
vim 2:9.1.2141-1ubuntu4.2
vim-common 2:9.1.2141-1ubuntu4.2
vim-gtk3 2:9.1.2141-1ubuntu4.2
vim-gui-common 2:9.1.2141-1ubuntu4.2
vim-motif 2:9.1.2141-1ubuntu4.2
vim-nox 2:9.1.2141-1ubuntu4.2
vim-runtime 2:9.1.2141-1ubuntu4.2
vim-tiny 2:9.1.2141-1ubuntu4.2

Ubuntu 25.10
vim 2:9.1.0967-1ubuntu6.5
vim-athena 2:9.1.0967-1ubuntu6.5
vim-common 2:9.1.0967-1ubuntu6.5
vim-gtk3 2:9.1.0967-1ubuntu6.5
vim-gui-common 2:9.1.0967-1ubuntu6.5
vim-motif 2:9.1.0967-1ubuntu6.5
vim-nox 2:9.1.0967-1ubuntu6.5
vim-runtime 2:9.1.0967-1ubuntu6.5
vim-tiny 2:9.1.0967-1ubuntu6.5

Ubuntu 24.04 LTS
vim 2:9.1.0016-1ubuntu7.14
vim-athena 2:9.1.0016-1ubuntu7.14
vim-common 2:9.1.0016-1ubuntu7.14
vim-gtk3 2:9.1.0016-1ubuntu7.14
vim-gui-common 2:9.1.0016-1ubuntu7.14
vim-motif 2:9.1.0016-1ubuntu7.14
vim-nox 2:9.1.0016-1ubuntu7.14
vim-runtime 2:9.1.0016-1ubuntu7.14
vim-tiny 2:9.1.0016-1ubuntu7.14

Ubuntu 22.04 LTS
vim 2:8.2.3995-1ubuntu2.30
vim-athena 2:8.2.3995-1ubuntu2.30
vim-common 2:8.2.3995-1ubuntu2.30
vim-gtk 2:8.2.3995-1ubuntu2.30
vim-gtk3 2:8.2.3995-1ubuntu2.30
vim-gui-common 2:8.2.3995-1ubuntu2.30
vim-nox 2:8.2.3995-1ubuntu2.30
vim-runtime 2:8.2.3995-1ubuntu2.30
vim-tiny 2:8.2.3995-1ubuntu2.30

Ubuntu 20.04 LTS
vim 2:8.1.2269-1ubuntu5.32+esm5
Available with Ubuntu Pro
vim-athena 2:8.1.2269-1ubuntu5.32+esm5
Available with Ubuntu Pro
vim-common 2:8.1.2269-1ubuntu5.32+esm5
Available with Ubuntu Pro
vim-gtk 2:8.1.2269-1ubuntu5.32+esm5
Available with Ubuntu Pro
vim-gtk3 2:8.1.2269-1ubuntu5.32+esm5
Available with Ubuntu Pro
vim-gui-common 2:8.1.2269-1ubuntu5.32+esm5
Available with Ubuntu Pro
vim-nox 2:8.1.2269-1ubuntu5.32+esm5
Available with Ubuntu Pro
vim-runtime 2:8.1.2269-1ubuntu5.32+esm5
Available with Ubuntu Pro
vim-tiny 2:8.1.2269-1ubuntu5.32+esm5
Available with Ubuntu Pro

Ubuntu 18.04 LTS
vim 2:8.0.1453-1ubuntu1.13+esm17
Available with Ubuntu Pro
vim-athena 2:8.0.1453-1ubuntu1.13+esm17
Available with Ubuntu Pro
vim-common 2:8.0.1453-1ubuntu1.13+esm17
Available with Ubuntu Pro
vim-gnome 2:8.0.1453-1ubuntu1.13+esm17
Available with Ubuntu Pro
vim-gtk 2:8.0.1453-1ubuntu1.13+esm17
Available with Ubuntu Pro
vim-gtk3 2:8.0.1453-1ubuntu1.13+esm17
Available with Ubuntu Pro
vim-gui-common 2:8.0.1453-1ubuntu1.13+esm17
Available with Ubuntu Pro
vim-nox 2:8.0.1453-1ubuntu1.13+esm17
Available with Ubuntu Pro
vim-runtime 2:8.0.1453-1ubuntu1.13+esm17
Available with Ubuntu Pro
vim-tiny 2:8.0.1453-1ubuntu1.13+esm17
Available with Ubuntu Pro

Ubuntu 16.04 LTS
vim 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-athena 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-common 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-gnome 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-gtk 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-gtk3 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-gui-common 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-nox 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-runtime 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro
vim-tiny 2:7.4.1689-3ubuntu1.5+esm32
Available with Ubuntu Pro

Ubuntu 14.04 LTS
vim 2:7.4.052-1ubuntu3.1+esm26
Available with Ubuntu Pro
vim-athena 2:7.4.052-1ubuntu3.1+esm26
Available with Ubuntu Pro
vim-common 2:7.4.052-1ubuntu3.1+esm26
Available with Ubuntu Pro
vim-gnome 2:7.4.052-1ubuntu3.1+esm26
Available with Ubuntu Pro
vim-gtk 2:7.4.052-1ubuntu3.1+esm26
Available with Ubuntu Pro
vim-gui-common 2:7.4.052-1ubuntu3.1+esm26
Available with Ubuntu Pro
vim-lesstif 2:7.4.052-1ubuntu3.1+esm26
Available with Ubuntu Pro
vim-nox 2:7.4.052-1ubuntu3.1+esm26
Available with Ubuntu Pro
vim-runtime 2:7.4.052-1ubuntu3.1+esm26
Available with Ubuntu Pro
vim-tiny 2:7.4.052-1ubuntu3.1+esm26
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8304-1
CVE-2026-42307, CVE-2026-44656, CVE-2026-45130

Package Information:
https://launchpad.net/ubuntu/+source/vim/2:9.1.2141-1ubuntu4.2
https://launchpad.net/ubuntu/+source/vim/2:9.1.0967-1ubuntu6.5
https://launchpad.net/ubuntu/+source/vim/2:9.1.0016-1ubuntu7.14
https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.30


Perl-HTTP-Tiny, Firefox, Nginx, and more updates for SUSE

CyberPowerPC Infinity Ultra 7 RTX Prebuilt Review and more

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...