[USN-8058-1] rlottie vulnerabilities
[USN-8065-1] Authlib vulnerabilities
[USN-8059-6] Linux kernel vulnerabilities
[USN-8066-1] Rack vulnerabilities
[USN-8058-1] rlottie vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8058-1
February 24, 2026
rlottie vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in rlottie.
Software Description:
- rlottie: library for rendering vector based animations and art
Details:
It was discovered that rlottie did not properly handle certain inputs. An
attacker could use this issue to cause a denial of service or possibly
execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
librlottie0-1 0.1+dfsg-4.2ubuntu0.1
Ubuntu 24.04 LTS
librlottie0-1 0.1+dfsg-4ubuntu1.1
Ubuntu 22.04 LTS
librlottie0-1 0.1+dfsg-2ubuntu0.2
Ubuntu 20.04 LTS
librlottie0-1 0~git20200305.a717479+dfsg-1ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8058-1
CVE-2025-0634, CVE-2025-53074, CVE-2025-53075
Package Information:
https://launchpad.net/ubuntu/+source/rlottie/0.1+dfsg-4.2ubuntu0.1
https://launchpad.net/ubuntu/+source/rlottie/0.1+dfsg-4ubuntu1.1
https://launchpad.net/ubuntu/+source/rlottie/0.1+dfsg-2ubuntu0.2
[USN-8065-1] Authlib vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8065-1
February 25, 2026
python-authlib vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in Authlib.
Software Description:
- python-authlib: Python library for building OAuth and OpenID Connect servers
Details:
Millie Solem discovered that Authlib did not properly restrict algorithm
selection during JWT verification, allowing HMAC verification with
asymmetric public keys when no algorithm was specified. A remote attacker
could possibly use this issue to bypass signature verification and forge
tokens, resulting in authentication bypass or privilege escalation.
(CVE-2024-37568)
Muhammad Noman Ilyas discovered that Authlib did not properly enforce
critical header parameter handling during JSON Web Signature verification,
leading to unknown critical parameters being incorrectly accepted. A remote
attacker could possibly use this issue to bypass security policies in mixed
deployments, resulting in authentication bypass, replay attacks, or
privilege escalation. (CVE-2025-59420)
Muhammad Noman Ilyas discovered that Authlib did not properly limit the
size of JSON Web Signature or JSON Web Token header and signature segments.
A remote attacker could possibly use this issue to cause excessive memory
or processor consumption, leading to a denial of service. (CVE-2025-61920)
Muhammad Noman Ilyas discovered that Authlib performed unbounded
decompression when processing certain compressed encrypted tokens. A remote
attacker could possibly use this issue to send a specially crafted token
that can be expanded to a large size during decompression, causing a denial
of service. (CVE-2025-62706)
It was discovered that Authlib did not properly bind cached state
information to the initiating user session during OAuth authentication
flows. A remote attacker could possibly use this issue to perform cross-
site request forgery attacks, resulting in unauthorized actions or
authentication bypass. This issue only affected Ubuntu 24.04 LTS.
(CVE-2025-68158)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
python-authlib-doc 1.3.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-authlib 1.3.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
python-authlib-doc 0.15.5-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-authlib 0.15.5-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8065-1
CVE-2024-37568, CVE-2025-59420, CVE-2025-61920, CVE-2025-62706,
CVE-2025-68158
[USN-8059-6] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8059-6
February 26, 2026
linux-aws, linux-aws-6.8, linux-ibm, linux-ibm-6.8, linux-xilinx
vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-ibm: Linux kernel for IBM cloud systems
- linux-xilinx: Linux kernel for Xilinx systems
- linux-aws-6.8: Linux kernel for Amazon Web Services (AWS) systems
- linux-ibm-6.8: Linux kernel for IBM cloud systems
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- SMB network file system;
(CVE-2025-22037, CVE-2025-37899)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
linux-image-6.8.0-1024-xilinx 6.8.0-1024.25
linux-image-6.8.0-1045-ibm 6.8.0-1045.45
linux-image-6.8.0-1047-aws 6.8.0-1047.50
linux-image-6.8.0-1047-aws-64k 6.8.0-1047.50
linux-image-aws-6.8 6.8.0-1047.50
linux-image-aws-64k-6.8 6.8.0-1047.50
linux-image-aws-64k-lts-24.04 6.8.0-1047.50
linux-image-aws-lts-24.04 6.8.0-1047.50
linux-image-ibm 6.8.0-1045.45
linux-image-ibm-6.8 6.8.0-1045.45
linux-image-ibm-classic 6.8.0-1045.45
linux-image-ibm-lts-24.04 6.8.0-1045.45
linux-image-xilinx 6.8.0.1024.25
linux-image-xilinx-6.8 6.8.0.1024.25
linux-image-xilinx-zynqmp 6.8.0.1024.25
Ubuntu 22.04 LTS
linux-image-6.8.0-1045-ibm 6.8.0-1045.45~22.04.1
linux-image-6.8.0-1047-aws 6.8.0-1047.50~22.04.1
linux-image-6.8.0-1047-aws-64k 6.8.0-1047.50~22.04.1
linux-image-aws 6.8.0-1047.50~22.04.1
linux-image-aws-6.8 6.8.0-1047.50~22.04.1
linux-image-aws-64k 6.8.0-1047.50~22.04.1
linux-image-aws-64k-6.8 6.8.0-1047.50~22.04.1
linux-image-ibm-6.8 6.8.0-1045.45~22.04.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-8059-6
https://ubuntu.com/security/notices/USN-8059-5
https://ubuntu.com/security/notices/USN-8059-4
https://ubuntu.com/security/notices/USN-8059-3
https://ubuntu.com/security/notices/USN-8059-2
https://ubuntu.com/security/notices/USN-8059-1
CVE-2025-22037, CVE-2025-37899
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws/6.8.0-1047.50
https://launchpad.net/ubuntu/+source/linux-ibm/6.8.0-1045.45
https://launchpad.net/ubuntu/+source/linux-xilinx/6.8.0-1024.25
https://launchpad.net/ubuntu/+source/linux-aws-6.8/6.8.0-1047.50~22.04.1
https://launchpad.net/ubuntu/+source/linux-ibm-6.8/6.8.0-1045.45~22.04.1
[USN-8066-1] Rack vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8066-1
February 26, 2026
ruby-rack vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Rack.
Software Description:
- ruby-rack: modular Ruby webserver interface
Details:
Minh Pham Quang discovered that Rack did not correctly handle parsing
certain paths, which could lead to a path traversal attack. An attacker
could possibly use this issue to leak sensitive information.
(CVE-2026-22860)
Ali Firas discovered that Rack did not correctly sanitize certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2026-25500)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
ruby-rack 3.1.16-0.1ubuntu0.2
Ubuntu 24.04 LTS
ruby-rack 2.2.7-1ubuntu0.6
Ubuntu 22.04 LTS
ruby-rack 2.1.4-5ubuntu1.2+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
ruby-rack 2.0.7-2ubuntu0.1+esm9
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8066-1
CVE-2026-22860, CVE-2026-25500
Package Information:
https://launchpad.net/ubuntu/+source/ruby-rack/3.1.16-0.1ubuntu0.2
https://launchpad.net/ubuntu/+source/ruby-rack/2.2.7-1ubuntu0.6
