========================================================================== Ubuntu Security Notice USN-8183-2 April 23, 2026 linux-aws, linux-aws-6.17, linux-hwe-6.17, linux-oracle, linux-oracle-6.17 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-oracle: Linux kernel for Oracle Cloud systems - linux-aws-6.17: Linux kernel for Amazon Web Services (AWS) systems - linux-hwe-6.17: Linux hardware enablement (HWE) kernel - linux-oracle-6.17: Linux kernel for Oracle Cloud systems Details: Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcode causing loss of integrity and confidentiality. (CVE-2024-36347) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - MIPS architecture; - PowerPC architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - Ublk userspace block driver; - Bluetooth drivers; - Character device driver; - TPM device driver; - Clock framework and drivers; - GPU drivers; - Hardware monitoring drivers; - Intel Trace Hub HW tracing drivers; - InfiniBand drivers; - Input Device core drivers; - Input Device (Mouse) drivers; - IOMMU subsystem; - Multiple devices driver; - Media drivers; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - Ethernet team driver; - PA-RISC drivers; - Chrome hardware platform drivers; - x86 platform drivers; - SCSI subsystem; - SPI subsystem; - TCM subsystem; - Freescale USB OTG Transceiver Driver; - USB Type-C Connector System Software Interface driver; - Watchdog drivers; - BTRFS file system; - exFAT file system; - Ext4 file system; - F2FS file system; - FUSE (File system in Userspace); - HFS+ file system; - File systems infrastructure; - Network file system (NFS) server daemon; - File system notification infrastructure; - NTFS3 file system; - OCFS2 file system; - SMB network file system; - XFS file system; - User-space API (UAPI); - io_uring subsystem; - Scheduler infrastructure; - Shadow Call Stack mechanism; - Tracing infrastructure; - Memory management; - BPF subsystem; - CAIF protocol; - Ceph Core library; - Networking core; - Ethtool driver; - Handshake API; - HSR network protocol; - IPv4 networking; - IPv6 networking; - Multipath TCP; - Netfilter; - NET/ROM layer; - NFC subsystem; - Open vSwitch; - Rose network layer; - Network traffic control; - Sun RPC protocol; - Key management; - Landlock security; - STMicroelectronics SoC drivers; - USB sound devices; - KVM subsystem; (CVE-2025-68351, CVE-2025-68353, CVE-2025-68365, CVE-2025-68368, CVE-2025-68725, CVE-2025-68736, CVE-2025-68745, CVE-2025-68767, CVE-2025-68768, CVE-2025-68769, CVE-2025-68770, CVE-2025-68771, CVE-2025-68772, CVE-2025-68773, CVE-2025-68774, CVE-2025-68775, CVE-2025-68776, CVE-2025-68777, CVE-2025-68778, CVE-2025-68780, CVE-2025-68781, CVE-2025-68782, CVE-2025-68783, CVE-2025-68784, CVE-2025-68785, CVE-2025-68786, CVE-2025-68787, CVE-2025-68788, CVE-2025-68791, CVE-2025-68792, CVE-2025-68793, CVE-2025-68794, CVE-2025-68795, CVE-2025-68796, CVE-2025-68797, CVE-2025-68798, CVE-2025-68799, CVE-2025-68800, CVE-2025-68801, CVE-2025-68802, CVE-2025-68803, CVE-2025-68804, CVE-2025-68805, CVE-2025-68806, CVE-2025-68807, CVE-2025-68808, CVE-2025-68809, CVE-2025-68810, CVE-2025-68811, CVE-2025-68813, CVE-2025-68814, CVE-2025-68815, CVE-2025-68816, CVE-2025-68817, CVE-2025-68818, CVE-2025-68819, CVE-2025-68820, CVE-2025-68821, CVE-2025-68822, CVE-2025-68823, CVE-2025-71064, CVE-2025-71065, CVE-2025-71066, CVE-2025-71067, CVE-2025-71068, CVE-2025-71069, CVE-2025-71070, CVE-2025-71071, CVE-2025-71072, CVE-2025-71073, CVE-2025-71075, CVE-2025-71076, CVE-2025-71077, CVE-2025-71078, CVE-2025-71079, CVE-2025-71081, CVE-2025-71082, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71086, CVE-2025-71087, CVE-2025-71089, CVE-2025-71091, CVE-2025-71093, CVE-2025-71094, CVE-2025-71095, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71099, CVE-2025-71100, CVE-2025-71101, CVE-2025-71102, CVE-2025-71104, CVE-2025-71105, CVE-2025-71107, CVE-2025-71108, CVE-2025-71109, CVE-2025-71111, CVE-2025-71112, CVE-2025-71113, CVE-2025-71114, CVE-2025-71115, CVE-2025-71116, CVE-2025-71117, CVE-2025-71118, CVE-2025-71119, CVE-2025-71120, CVE-2025-71121, CVE-2025-71122, CVE-2025-71123, CVE-2025-71124, CVE-2025-71125, CVE-2025-71126, CVE-2025-71130, CVE-2025-71131, CVE-2025-71132, CVE-2025-71133, CVE-2025-71135, CVE-2025-71136, CVE-2025-71137, CVE-2025-71138, CVE-2025-71140, CVE-2025-71143, CVE-2025-71146, CVE-2025-71147, CVE-2025-71148, CVE-2025-71149, CVE-2025-71150, CVE-2025-71151, CVE-2025-71153, CVE-2025-71154, CVE-2025-71156, CVE-2025-71157, CVE-2026-23091, CVE-2026-23209) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 linux-image-6.17.0-1011-oracle 6.17.0-1011.11 linux-image-6.17.0-1011-oracle-64k 6.17.0-1011.11 linux-image-6.17.0-1012-aws 6.17.0-1012.12 linux-image-6.17.0-1012-aws-64k 6.17.0-1012.12 linux-image-aws 6.17.0-1012.12 linux-image-aws-6.17 6.17.0-1012.12 linux-image-aws-64k 6.17.0-1012.12 linux-image-aws-64k-6.17 6.17.0-1012.12 linux-image-oracle 6.17.0-1011.11 linux-image-oracle-6.17 6.17.0-1011.11 linux-image-oracle-64k 6.17.0-1011.11 linux-image-oracle-64k-6.17 6.17.0-1011.11 Ubuntu 24.04 LTS linux-image-6.17.0-1011-oracle 6.17.0-1011.11~24.04.1 linux-image-6.17.0-1011-oracle-64k 6.17.0-1011.11~24.04.1 linux-image-6.17.0-1012-aws 6.17.0-1012.12~24.04.1 linux-image-6.17.0-1012-aws-64k 6.17.0-1012.12~24.04.1 linux-image-6.17.0-22-generic 6.17.0-22.22~24.04.1 linux-image-6.17.0-22-generic-64k 6.17.0-22.22~24.04.1 linux-image-aws 6.17.0-1012.12~24.04.1 linux-image-aws-6.17 6.17.0-1012.12~24.04.1 linux-image-aws-64k 6.17.0-1012.12~24.04.1 linux-image-aws-64k-6.17 6.17.0-1012.12~24.04.1 linux-image-generic-6.17 6.17.0-22.22~24.04.1 linux-image-generic-64k-6.17 6.17.0-22.22~24.04.1 linux-image-generic-64k-hwe-24.04 6.17.0-22.22~24.04.1 linux-image-generic-hwe-24.04 6.17.0-22.22~24.04.1 linux-image-oracle 6.17.0-1011.11~24.04.1 linux-image-oracle-6.17 6.17.0-1011.11~24.04.1 linux-image-oracle-64k 6.17.0-1011.11~24.04.1 linux-image-oracle-64k-6.17 6.17.0-1011.11~24.04.1 linux-image-virtual-6.17 6.17.0-22.22~24.04.1 linux-image-virtual-hwe-24.04 6.17.0-22.22~24.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8183-2 https://ubuntu.com/security/notices/USN-8183-1 CVE-2024-36347, CVE-2025-68351, CVE-2025-68353, CVE-2025-68365, CVE-2025-68368, CVE-2025-68725, CVE-2025-68736, CVE-2025-68745, CVE-2025-68767, CVE-2025-68768, CVE-2025-68769, CVE-2025-68770, CVE-2025-68771, CVE-2025-68772, CVE-2025-68773, CVE-2025-68774, CVE-2025-68775, CVE-2025-68776, CVE-2025-68777, CVE-2025-68778, CVE-2025-68780, CVE-2025-68781, CVE-2025-68782, CVE-2025-68783, CVE-2025-68784, CVE-2025-68785, CVE-2025-68786, CVE-2025-68787, CVE-2025-68788, CVE-2025-68791, CVE-2025-68792, CVE-2025-68793, CVE-2025-68794, CVE-2025-68795, CVE-2025-68796, CVE-2025-68797, CVE-2025-68798, CVE-2025-68799, CVE-2025-68800, CVE-2025-68801, CVE-2025-68802, CVE-2025-68803, CVE-2025-68804, CVE-2025-68805, CVE-2025-68806, CVE-2025-68807, CVE-2025-68808, CVE-2025-68809, CVE-2025-68810, CVE-2025-68811, CVE-2025-68813, CVE-2025-68814, CVE-2025-68815, CVE-2025-68816, CVE-2025-68817, CVE-2025-68818, CVE-2025-68819, CVE-2025-68820, CVE-2025-68821, CVE-2025-68822, CVE-2025-68823, CVE-2025-71064, CVE-2025-71065, CVE-2025-71066, CVE-2025-71067, CVE-2025-71068, CVE-2025-71069, CVE-2025-71070, CVE-2025-71071, CVE-2025-71072, CVE-2025-71073, CVE-2025-71075, CVE-2025-71076, CVE-2025-71077, CVE-2025-71078, CVE-2025-71079, CVE-2025-71081, CVE-2025-71082, CVE-2025-71083, CVE-2025-71084, CVE-2025-71085, CVE-2025-71086, CVE-2025-71087, CVE-2025-71089, CVE-2025-71091, CVE-2025-71093, CVE-2025-71094, CVE-2025-71095, CVE-2025-71096, CVE-2025-71097, CVE-2025-71098, CVE-2025-71099, CVE-2025-71100, CVE-2025-71101, CVE-2025-71102, CVE-2025-71104, CVE-2025-71105, CVE-2025-71107, CVE-2025-71108, CVE-2025-71109, CVE-2025-71111, CVE-2025-71112, CVE-2025-71113, CVE-2025-71114, CVE-2025-71115, CVE-2025-71116, CVE-2025-71117, CVE-2025-71118, CVE-2025-71119, CVE-2025-71120, CVE-2025-71121, CVE-2025-71122, CVE-2025-71123, CVE-2025-71124, CVE-2025-71125, CVE-2025-71126, CVE-2025-71130, CVE-2025-71131, CVE-2025-71132, CVE-2025-71133, CVE-2025-71135, CVE-2025-71136, CVE-2025-71137, CVE-2025-71138, CVE-2025-71140, CVE-2025-71143, CVE-2025-71146, CVE-2025-71147, CVE-2025-71148, CVE-2025-71149, CVE-2025-71150, CVE-2025-71151, CVE-2025-71153, CVE-2025-71154, CVE-2025-71156, CVE-2025-71157, CVE-2026-23091, CVE-2026-23209 Package Information: https://launchpad.net/ubuntu/+source/linux-aws/6.17.0-1012.12 https://launchpad.net/ubuntu/+source/linux-oracle/6.17.0-1011.11 https://launchpad.net/ubuntu/+source/linux-aws-6.17/6.17.0-1012.12~24.04.1 https://launchpad.net/ubuntu/+source/linux-hwe-6.17/6.17.0-22.22~24.04.1 https://launchpad.net/ubuntu/+source/linux-oracle-6.17/6.17.0-1011.11~24.04.1
Thursday, April 23, 2026
[USN-8098-10] Linux kernel (Raspberry Pi) vulnerabilities
========================================================================== Ubuntu Security Notice USN-8098-10 April 20, 2026 linux-raspi, linux-raspi-5.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-raspi: Linux kernel for Raspberry Pi systems - linux-raspi-5.4: Linux kernel for Raspberry Pi systems Details: Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - x86 architecture; - GPIO subsystem; - GPU drivers; - BTRFS file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - SMC sockets; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.4.0-1139-raspi 5.4.0-1139.152 Available with Ubuntu Pro linux-image-raspi 5.4.0.1139.170 Available with Ubuntu Pro linux-image-raspi-5.4 5.4.0.1139.170 Available with Ubuntu Pro linux-image-raspi2 5.4.0.1139.170 Available with Ubuntu Pro Ubuntu 18.04 LTS linux-image-5.4.0-1139-raspi 5.4.0-1139.152~18.04.1 Available with Ubuntu Pro linux-image-raspi-5.4 5.4.0.1139.152~18.04.1 Available with Ubuntu Pro linux-image-raspi-hwe-18.04 5.4.0.1139.152~18.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8098-10 https://ubuntu.com/security/notices/USN-8098-9 https://ubuntu.com/security/notices/USN-8098-8 https://ubuntu.com/security/notices/USN-8098-7 https://ubuntu.com/security/notices/USN-8098-6 https://ubuntu.com/security/notices/USN-8098-5 https://ubuntu.com/security/notices/USN-8098-4 https://ubuntu.com/security/notices/USN-8098-3 https://ubuntu.com/security/notices/USN-8098-2 https://ubuntu.com/security/notices/USN-8098-1 https://launchpad.net/bugs/2143853 CVE-2021-47599, CVE-2022-48875, CVE-2022-49072, CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-40215, CVE-2026-23268, CVE-2026-23269, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411
Wednesday, April 22, 2026
[USN-8200-2] Linux kernel (FIPS) vulnerabilities
========================================================================== Ubuntu Security Notice USN-8200-2 April 22, 2026 linux-fips, linux-aws-fips, linux-azure-fips, linux-gcp-fips vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS - linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS - linux-fips: Linux kernel with FIPS - linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with FIPS Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; (CVE-2022-49046, CVE-2024-46816, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.4.0-1131-fips 5.4.0-1131.141 Available with Ubuntu Pro linux-image-5.4.0-1157-aws-fips 5.4.0-1157.167+fips1 Available with Ubuntu Pro linux-image-5.4.0-1160-gcp-fips 5.4.0-1160.169+fips1 Available with Ubuntu Pro linux-image-5.4.0-1161-azure-fips 5.4.0-1161.167+fips1 Available with Ubuntu Pro linux-image-aws-fips 5.4.0.1157.104 Available with Ubuntu Pro linux-image-aws-fips-5.4 5.4.0.1157.104 Available with Ubuntu Pro linux-image-azure-fips 5.4.0.1161.97 Available with Ubuntu Pro linux-image-azure-fips-5.4 5.4.0.1161.97 Available with Ubuntu Pro linux-image-fips 5.4.0.1131.128 Available with Ubuntu Pro linux-image-fips-5.4 5.4.0.1131.128 Available with Ubuntu Pro linux-image-gcp-fips 5.4.0.1160.102 Available with Ubuntu Pro linux-image-gcp-fips-5.4 5.4.0.1160.102 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8200-2 https://ubuntu.com/security/notices/USN-8200-1 CVE-2022-49046, CVE-2024-46816, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074
[USN-8200-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-8200-1 April 22, 2026 linux, linux-aws, linux-aws-5.4, linux-azure, linux-gcp, linux-gcp-5.4, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-xilinx-zynqmp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-ibm: Linux kernel for IBM cloud systems - linux-iot: Linux kernel for IoT platforms - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-xilinx-zynqmp: Linux kernel for Xilinx ZynqMP processors - linux-aws-5.4: Linux kernel for Amazon Web Services (AWS) systems - linux-gcp-5.4: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe-5.4: Linux hardware enablement (HWE) kernel - linux-ibm-5.4: Linux kernel for IBM cloud systems - linux-oracle-5.4: Linux kernel for Oracle Cloud systems Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; (CVE-2022-49046, CVE-2024-46816, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.4.0-1061-iot 5.4.0-1061.64 Available with Ubuntu Pro linux-image-5.4.0-1075-xilinx-zynqmp 5.4.0-1075.79 Available with Ubuntu Pro linux-image-5.4.0-1103-ibm 5.4.0-1103.108 Available with Ubuntu Pro linux-image-5.4.0-1144-kvm 5.4.0-1144.153 Available with Ubuntu Pro linux-image-5.4.0-1155-oracle 5.4.0-1155.165 Available with Ubuntu Pro linux-image-5.4.0-1157-aws 5.4.0-1157.167 Available with Ubuntu Pro linux-image-5.4.0-1160-gcp 5.4.0-1160.169 Available with Ubuntu Pro linux-image-5.4.0-1161-azure 5.4.0-1161.167 Available with Ubuntu Pro linux-image-5.4.0-228-generic 5.4.0-228.248 Available with Ubuntu Pro linux-image-5.4.0-228-generic-lpae 5.4.0-228.248 Available with Ubuntu Pro linux-image-5.4.0-228-lowlatency 5.4.0-228.248 Available with Ubuntu Pro linux-image-aws-5.4 5.4.0.1157.154 Available with Ubuntu Pro linux-image-aws-lts-20.04 5.4.0.1157.154 Available with Ubuntu Pro linux-image-azure-5.4 5.4.0.1161.153 Available with Ubuntu Pro linux-image-azure-lts-20.04 5.4.0.1161.153 Available with Ubuntu Pro linux-image-gcp-5.4 5.4.0.1160.162 Available with Ubuntu Pro linux-image-gcp-lts-20.04 5.4.0.1160.162 Available with Ubuntu Pro linux-image-generic 5.4.0.228.220 Available with Ubuntu Pro linux-image-generic-5.4 5.4.0.228.220 Available with Ubuntu Pro linux-image-generic-hwe-18.04 5.4.0.228.220 Available with Ubuntu Pro linux-image-generic-lpae 5.4.0.228.220 Available with Ubuntu Pro linux-image-generic-lpae-5.4 5.4.0.228.220 Available with Ubuntu Pro linux-image-generic-lpae-hwe-18.04 5.4.0.228.220 Available with Ubuntu Pro linux-image-ibm-5.4 5.4.0.1103.132 Available with Ubuntu Pro linux-image-ibm-lts-20.04 5.4.0.1103.132 Available with Ubuntu Pro linux-image-kvm 5.4.0.1144.140 Available with Ubuntu Pro linux-image-kvm-5.4 5.4.0.1144.140 Available with Ubuntu Pro linux-image-lowlatency 5.4.0.228.220 Available with Ubuntu Pro linux-image-lowlatency-5.4 5.4.0.228.220 Available with Ubuntu Pro linux-image-lowlatency-hwe-18.04 5.4.0.228.220 Available with Ubuntu Pro linux-image-oem 5.4.0.228.220 Available with Ubuntu Pro linux-image-oem-osp1 5.4.0.228.220 Available with Ubuntu Pro linux-image-oracle-5.4 5.4.0.1155.149 Available with Ubuntu Pro linux-image-oracle-lts-20.04 5.4.0.1155.149 Available with Ubuntu Pro linux-image-virtual 5.4.0.228.220 Available with Ubuntu Pro linux-image-virtual-5.4 5.4.0.228.220 Available with Ubuntu Pro linux-image-virtual-hwe-18.04 5.4.0.228.220 Available with Ubuntu Pro linux-image-xilinx-zynqmp 5.4.0.1075.75 Available with Ubuntu Pro linux-image-xilinx-zynqmp-5.4 5.4.0.1075.75 Available with Ubuntu Pro Ubuntu 18.04 LTS linux-image-5.4.0-1103-ibm 5.4.0-1103.108~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-1155-oracle 5.4.0-1155.165~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-1157-aws 5.4.0-1157.167~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-1160-gcp 5.4.0-1160.169~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-228-generic 5.4.0-228.248~18.04.1 Available with Ubuntu Pro linux-image-5.4.0-228-lowlatency 5.4.0-228.248~18.04.1 Available with Ubuntu Pro linux-image-aws 5.4.0.1157.167~18.04.1 Available with Ubuntu Pro linux-image-aws-5.4 5.4.0.1157.167~18.04.1 Available with Ubuntu Pro linux-image-gcp 5.4.0.1160.169~18.04.1 Available with Ubuntu Pro linux-image-gcp-5.4 5.4.0.1160.169~18.04.1 Available with Ubuntu Pro linux-image-generic-5.4 5.4.0.228.248~18.04.1 Available with Ubuntu Pro linux-image-generic-hwe-18.04 5.4.0.228.248~18.04.1 Available with Ubuntu Pro linux-image-ibm 5.4.0.1103.108~18.04.1 Available with Ubuntu Pro linux-image-ibm-5.4 5.4.0.1103.108~18.04.1 Available with Ubuntu Pro linux-image-lowlatency-5.4 5.4.0.228.248~18.04.1 Available with Ubuntu Pro linux-image-lowlatency-hwe-18.04 5.4.0.228.248~18.04.1 Available with Ubuntu Pro linux-image-oem 5.4.0.228.248~18.04.1 Available with Ubuntu Pro linux-image-oem-osp1 5.4.0.228.248~18.04.1 Available with Ubuntu Pro linux-image-oracle 5.4.0.1155.165~18.04.1 Available with Ubuntu Pro linux-image-oracle-5.4 5.4.0.1155.165~18.04.1 Available with Ubuntu Pro linux-image-snapdragon-5.4 5.4.0.228.248~18.04.1 Available with Ubuntu Pro linux-image-snapdragon-hwe-18.04 5.4.0.228.248~18.04.1 Available with Ubuntu Pro linux-image-virtual-5.4 5.4.0.228.248~18.04.1 Available with Ubuntu Pro linux-image-virtual-hwe-18.04 5.4.0.228.248~18.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8200-1 CVE-2022-49046, CVE-2024-46816, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074
[USN-8201-1] Linux kernel (Azure) vulnerabilities
========================================================================== Ubuntu Security Notice USN-8201-1 April 22, 2026 linux-azure-5.4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure-5.4: Linux kernel for Microsoft Azure cloud systems Details: Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853, CVE-2026-23268, CVE-2026-23269, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23408, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - x86 architecture; - Cryptographic API; - GPIO subsystem; - GPU drivers; - I2C subsystem; - BTRFS file system; - XFRM subsystem; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Network traffic control; - SMC sockets; (CVE-2021-47599, CVE-2022-48875, CVE-2022-49046, CVE-2022-49072, CVE-2024-46816, CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-37849, CVE-2025-40215, CVE-2026-23060, CVE-2026-23074) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-image-5.4.0-1161-azure 5.4.0-1161.167~18.04.1 Available with Ubuntu Pro linux-image-azure 5.4.0.1161.167~18.04.1 Available with Ubuntu Pro linux-image-azure-5.4 5.4.0.1161.167~18.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8201-1 https://launchpad.net/bugs/2143853 CVE-2021-47599, CVE-2022-48875, CVE-2022-49046, CVE-2022-49072, CVE-2024-46816, CVE-2024-49927, CVE-2024-56640, CVE-2025-21780, CVE-2025-37849, CVE-2025-40215, CVE-2026-23060, CVE-2026-23074, CVE-2026-23268, CVE-2026-23269, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23406, CVE-2026-23407, CVE-2026-23409, CVE-2026-23410, CVE-2026-23411
FreeBSD Security Advisory FreeBSD-SA-26:10.tty
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:10.tty Security Advisory The FreeBSD Project Topic: Kernel use-after-free bug in the TIOCNOTTY handler Category: core Module: tty Announced: 2026-04-21 Credits: Nicholas Carlini using Claude, Anthropic Affects: All supported versions of FreeBSD. Corrected: 2026-04-21 15:43:02 UTC (stable/15, 15.0-STABLE) 2026-04-21 15:44:27 UTC (releng/15.0, 15.0-RELEASE-p6) 2026-04-21 15:43:13 UTC (stable/14, 14.4-STABLE) 2026-04-21 15:45:31 UTC (releng/14.4, 14.4-RELEASE-p2) 2026-04-21 15:46:01 UTC (releng/14.3, 14.3-RELEASE-p11) 2026-04-21 15:43:56 UTC (stable/13, 13.5-STABLE) 2026-04-21 15:47:07 UTC (releng/13.5, 13.5-RELEASE-p12) CVE Name: CVE-2026-5398 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background TIOCNOTTY is an ioctl(2) operation which allows a process to detach itself from its controlling terminal. Unprivileged processes may use this ioctl. See the tty(4) manual page for more information on its usage. II. Problem Description The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the terminal structure may end up containing a pointer to freed memory. III. Impact A malicious process can abuse the dangling pointer to grant itself root privileges. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/SA-26:10/tty-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:10/tty-15.patch.asc # gpg --verify tty-15.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/SA-26:10/tty-14.4.patch # fetch https://security.FreeBSD.org/patches/SA-26:10/tty-14.4.patch.asc # gpg --verify tty-14.4.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:10/tty-14.3.patch # fetch https://security.FreeBSD.org/patches/SA-26:10/tty-14.3.patch.asc # gpg --verify tty-14.3.patch.asc [FreeBSD 13.5] # fetch https://security.FreeBSD.org/patches/SA-26:10/tty-13.patch # fetch https://security.FreeBSD.org/patches/SA-26:10/tty-13.patch.asc # gpg --verify tty-13.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 0c6b1e0864b8 stable/15-n283065 releng/15.0/ fdee312d0c97 releng/15.0-n281022 stable/14/ f46210a7ab32 stable/14-n273997 releng/14.4/ af294329c57f releng/14.4-n273685 releng/14.3/ 44077c07f19f releng/14.3-n271485 stable/13/ 5eae7f23fe0e stable/13-n259845 releng/13.5/ 2862a33bdd1c releng/13.5-n259210 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-5398> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:10.tty.asc> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnnoaMACgkQbljekB8A Gu8qzA//fuGHRB8Y+n+EUyAGycr0PGMeG423hykkYBAvfBJJP5RYv4Ter79YAeuu zqXqijjr+yyKcE1+km63/koxUXZmkbpR2Xt/0i2d3jAqnrUioZqwc+llCgqhh6Dr AhyDn+xCtCWJow0Iktlk6ZHEuQLX6kwGxT/1cvmcnhZE8XQf2PNEbRk8oit+kf8c LQZF2EBK4wPh5Lik8DvqoyX1k7B44jVhL2AMqs/2fRdTFluY/MIgvbRsRdCQRLJE doXA2YdDljkTJpAPIg31WP6C7L0LPkeyRm4Xn3zBt4SalyiChfQ9kQYcdQS7/lt4 LUyrQKQHVtVx2SseYFTtPoncYl2IEmaHOAZkQrfzxFybYryoq4macGbuNZh0Aygq mpIAIIDKAyKQCcDGzluRL4ksoPyw9Kav7SJJ83P9khrKINaNg5NZc1Ptc7K/UvSk H5XKwHBaURcXGzl1crBtqbbK5lEvO/UaxXraMwqCTM+WqF7dND2KvSbZEma/FJ8l 7Wcszs2dvgC2dQghlmRlxxYvMGzf49XO4+Y64WarMqmLTAyDV9nBrZGMUj1M2nqC rgylEscbOn8z/Yq8vpr0sydYRVDBHtVMOaztsqFylGnzRfSjQQH3yuJ40ngvy9yo GexBhYXFyrruuuuz9p9xplIRzVkHVjkrm9/zwe4bSBylQ+/MeGQ= =crMa -----END PGP SIGNATURE-----
[USN-8195-1] PackageKit vulnerability
========================================================================== Ubuntu Security Notice USN-8195-1 April 22, 2026 packagekit vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: PackageKit could be made to install packages as the administrator. Software Description: - packagekit: Provides a package management service Details: It was discovered that PackageKit incorrectly handled certain transactions. A local attacker could use this issue to install arbitrary packages as root, possibly resulting in privilege escalation. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 packagekit 1.3.1-1ubuntu1.1 Ubuntu 24.04 LTS packagekit 1.2.8-2ubuntu1.5 Ubuntu 22.04 LTS packagekit 1.2.5-2ubuntu3.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8195-1 https://launchpad.net/bugs/2149908 Package Information: https://launchpad.net/ubuntu/+source/packagekit/1.3.1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/packagekit/1.2.8-2ubuntu1.5 https://launchpad.net/ubuntu/+source/packagekit/1.2.5-2ubuntu3.1
FreeBSD Security Advisory FreeBSD-SA-26:11.amd64
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:11.amd64 Security Advisory The FreeBSD Project Topic: Missing large page handling in pmap_pkru_update_range() Category: core Module: amd64 Announced: 2026-04-21 Credits: Nicholas Carlini using Claude, Anthropic Affects: All supported versions of FreeBSD. Corrected: 2026-04-21 15:43:03 UTC (stable/15, 15.0-STABLE) 2026-04-21 15:44:28 UTC (releng/15.0, 15.0-RELEASE-p6) 2026-04-21 15:43:14 UTC (stable/14, 14.4-STABLE) 2026-04-21 15:45:32 UTC (releng/14.4, 14.4-RELEASE-p2) 2026-04-21 15:46:03 UTC (releng/14.3, 14.3-RELEASE-p11) 2026-04-21 15:43:57 UTC (stable/13, 13.5-STABLE) 2026-04-21 15:47:08 UTC (releng/13.5, 13.5-RELEASE-p12) CVE Name: CVE-2026-6386 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background Memory protection keys are an amd64 CPU feature, available in modern Intel and AMD CPUs, which allow applications to apply access restrictions to regions of virtual memory. On FreeBSD this functionality is provided by the pkru(3) interface. II. Problem Description In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to take into account the presence of 1GB largepage mappings created using the shm_create_largepage(3) interface. In particular, it would always treat a page directory page entry as pointing to another page table page. III. Impact The bug can be abused by an unprivileged user to cause pmap_pkru_update_range() to treat userspace memory as a page table page, and thus overwrite memory to which the application would otherwise not have access. IV. Workaround No workaround is available. The bug only affects amd64 systems. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your vulnerable system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-15.patch # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-15.patch.asc # gpg --verify amd64-15.patch.asc [FreeBSD 14.4 and 14.3] # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-14.patch # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-14.patch.asc # gpg --verify amd64-14.patch.asc [FreeBSD 13.5] # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-13.patch # fetch https://security.FreeBSD.org/patches/SA-26:11/amd64-13.patch.asc # gpg --verify amd64-13.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 9331e62e8b80 stable/15-n283066 releng/15.0/ 649db49403a7 releng/15.0-n281023 stable/14/ 4c0e5e3cc441 stable/14-n273998 releng/14.4/ 5787df30dc3e releng/14.4-n273686 releng/14.3/ 979e645dd25e releng/14.3-n271486 stable/13/ b8fc56193068 stable/13-n259846 releng/13.5/ a2f6f2d00125 releng/13.5-n259211 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://www.cve.org/CVERecord?id=CVE-2026-6386> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-26:11.amd64.asc> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnnoakACgkQbljekB8A Gu8xHBAA0UShf6OLTcPprJ4YbzORKrmUeN6MPSwrvtn792T01Fi7zXj1IeBd1/N1 25SI2GBhoMWP1wBR9G0Er8Vjv9cn4lnuWCeBIMmaofgLUi/UahT5lLhQGG7e3ypq DdmfyWwnJ7tAkDvxHUH2t3STjzIsQaH2NSTpxcg5bdSbGSPGr7On2RBKalvLLBon SUx8FtlOpDj+TttxidoQcYeez8vCkdgn9PCbA/9cxZlFmy+ioE/14PQU2TAYbcnK mZ3BWOKxRDlBN9zHBwkaSdIgjs6+t0/pCYrlUu2nCaZ9o6dtn/6WtulcuCB/l9DQ UABsdc2uhCZvafdN316lABxaPLm3+uvcOFqRZs24tkLOYk5JxBYQQdaHrZ4cP+xS IgQf/Zl5s/ZlwfzOjzTg54KLyH7yxR5iJ/JIJ2mRJ5PZ9wavYGM6czf4l9w+sYQw wTTQSO/zdLRHgcKUYdq+xpv2AWEkjkZSRxRQhgMZ9rS5V+1MqhnCLs9uCsG/Ns7c Yv7t8I+r7j3gjdEFJRDVW+awHQR2ppI/odmyABaThG3bBdPxXy9pR0IvSYtZKGEW cUjYp2intHCDna0TSa4nzrTlCZCAZijVKeVLXSrYNvrJ9nE3dB8oESP2YASjyJBM VxpRYXmjprazBYcRgt7kf/tSfpky7Cq59H1NU+pVxaR5TAzWvaI= =kWUu -----END PGP SIGNATURE-----
[USN-8196-1] strongSwan vulnerabilities
========================================================================== Ubuntu Security Notice USN-8196-1 April 22, 2026 strongswan vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in strongSwan. Software Description: - strongswan: IPsec VPN solution Details: Haruto Kimura discovered that strongSwan incorrectly handled the supported_versions extension in TLS. A remote attacker could possibly use this issue to cause strongSwan to stop responding, resulting in a denial of service. (CVE-2026-35328) Haruto Kimura discovered that strongSwan incorrectly handled certain encrypted PKCS#7 containers. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35329) Lukas Johannes Moeller discovered that strongSwan incorrectly handled certain EAP-SIM/AKA attributes. A remote attacker could use this issue to cause strongSwan to stop responding, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-35330) Haruto Kimura discovered that strongSwan incorrectly handled processing of X.509 name constraints. A remote attacker could possibly use this issue to bypass excluded name constraints. (CVE-2026-35331) Haruto Kimura discovered that strongSwan incorrectly processed ECDH public values. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35332) Lukas Johannes Moeller discovered that strongSwan incorrectly handled certain RADIUS attributes. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35333) Ryo Shimada discovered that strongSwan incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause strongSwan to crash, resulting in a denial of service. (CVE-2026-35334) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libstrongswan 6.0.1-6ubuntu4.3 strongswan 6.0.1-6ubuntu4.3 Ubuntu 24.04 LTS libstrongswan 5.9.13-2ubuntu4.24.04.3 strongswan 5.9.13-2ubuntu4.24.04.3 Ubuntu 22.04 LTS libstrongswan 5.9.5-2ubuntu2.6 strongswan 5.9.5-2ubuntu2.6 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8196-1 CVE-2026-35328, CVE-2026-35329, CVE-2026-35330, CVE-2026-35331, CVE-2026-35332, CVE-2026-35333, CVE-2026-35334 Package Information: https://launchpad.net/ubuntu/+source/strongswan/6.0.1-6ubuntu4.3 https://launchpad.net/ubuntu/+source/strongswan/5.9.13-2ubuntu4.24.04.3 https://launchpad.net/ubuntu/+source/strongswan/5.9.5-2ubuntu2.6
Tuesday, April 21, 2026
FreeBSD Errata Notice FreeBSD-EN-26:07.pkgbase
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:07.pkgbase Errata Notice The FreeBSD Project Topic: Base packages fail to build with newer versions of libucl Category: core Module: packages Announced: 2026-04-21 Affects: FreeBSD 15.0 Corrected: 2026-04-07 11:27:02 UTC (stable/15, 15.0-STABLE) 2026-04-21 15:44:26 UTC (releng/15.0, 15.0-RELEASE-p6) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The libucl library is used for parsing documents in the UCL markup format. The base system private Lua (flua) exposes libucl to Lua applications via the "ucl" module. II. Problem Description In libucl version 0.9.3, an API change was made in the Lua ucl module to prohibit the use of certain syntax by default, specifically the ".include" directive. This change causes the base system package build ("make update-packages") to fail when the host system is using libucl 0.9.3 or later. III. Impact Future versions of FreeBSD, which include libucl 0.9.3 or later, will be unable to build FreeBSD 15.0 base system packages from source. IV. Workaround No workaround is available. V. Solution Update the base system source tree to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. No action is required on the host (build) system. To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-26:07/pkgbase.patch # fetch https://security.FreeBSD.org/patches/EN-26:07/pkgbase.patch.asc # gpg --verify pkgbase.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 976b2ebf4309 stable/15-n282865 releng/15.0/ f3bbb238daa1 releng/15.0-n281021 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:07.pkgbase.asc> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnnoaEACgkQbljekB8A Gu9oRhAAog+a+4hJ3OtOel1VVHOgB+JrKfKQHedMitP5RDZAy0e3tWBkm2lKXitv akZIxFeqmJufBtZRQQSqa9Y9GSFklYHOXh+p/YvObshgkyXijHt+6DtcMtQEmryd ZDSpVxBpmFP/taGHO7KdSOYuhoyaF5zYUzbuh62AlYHWD/48TPCyBWnEBzcPrGXz Ew3FltDqKwtccACBZyI9VZFUMCTfCQeaOxB41zEhNGAbxu9DAmpD1t3e5kxHr8ji imFRVwi0CsKvB9JGcU5BXKU1YtmG4hXEl9CvacNwxOFGjONB+MYZCNfdNXA9SDjn 9fRhz1TzVcFN6i4zWgu2YCV8id5YtaFQuYYjLZQczWgtoNKxBhqpEjeNGKTp1YIb kwCdF+K+bbLPdtOl6w8E7q3Ksm7AluwbtjJaXskABgUYfXTSDlo6N/HHFd8WNRM0 +u+XZ/DRhpgNVUDlQJU2XhfYKQyGyd3H//ZtD+ExQeMnTQYASBll3t6hhHx5wTWo ZHpWJ1dUTZfv0vJMcNrIF0H81AgTigA6Saq4OrIYiec/4HBAIs+MeVO0oWCvF0bs 0g67n6+1Kxz29mXi2nWIbFmILZGEYq3J0y+hEJsr8gmRBgmWpFQJBOYUHXnZwYUG q4YDpXvE9WWKATm/KB3clAd08QQej26P+Qow0ck1Gq17aPWCL6w= =jKUS -----END PGP SIGNATURE-----
FreeBSD Errata Notice FreeBSD-EN-26:06.timerfd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:06.timerfd Errata Notice The FreeBSD Project Topic: Periodic timerfd(2) timers may produce incorrect results Category: core Module: timerfd Announced: 2026-04-21 Affects: FreeBSD 14.3 and later. Corrected: 2026-04-03 15:26:14 UTC (stable/15, 15.0-STABLE) 2026-04-21 15:44:25 UTC (releng/15.0, 15.0-RELEASE-p6) 2026-04-03 15:27:26 UTC (stable/14, 14.4-STABLE) 2026-04-21 15:45:30 UTC (releng/14.4, 14.4-RELEASE-p2) 2026-04-21 15:46:00 UTC (releng/14.3, 14.3-RELEASE-p11) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The timerfd(2) family of system calls provides a file descriptor-based interface for managing timers. II. Problem Description timerfd(2) implements periodic timers. The implementation had a bug which caused it to fire too early in some cases. III. Impact The bug has been observed to cause excessive CPU usage in some applications, particularly in some KDE desktop programs. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r now 2) To update your system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r now 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-26:06/timerfd.patch # fetch https://security.FreeBSD.org/patches/EN-26:06/timerfd.patch.asc # gpg --verify timerfd.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 9b785380f307 stable/15-n282826 releng/15.0/ b0be1af0c48b releng/15.0-n281020 stable/14/ 3c00f603a280 stable/14-n273878 releng/14.4/ df8d2f945028 releng/14.4-n273684 releng/14.3/ f37c6e3a133e releng/14.3-n271484 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293368> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:06.timerfd.asc> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnnoZ8ACgkQbljekB8A Gu9aeRAA28qaGYm351M3YdLLoo6XeT5iklKRCvPPZoIJtoP5V9UPUkW6NFkpYUqp 7sB3VrZ5xPImfCK1o6qE0oT9lnXqQZnGoPyqwoUJwcmRmLY/Js2s1zzn5q7qqdw0 L/LseIFkvRelhy3KYSO9xnxm/eNQj/A0YK8w/Hi1tM0KR2IBtUjYVMKDvWLrPENH z+mhlDBOCX1rbSz/E87WAZxZfarBG5XaGIytoBla8IEEsgaARVKr6iYqZaX17ZIZ u0UgedQ38pQK0QQDhBE26gxwDu+2AZYo0SxdRXnVDkXUOgGkCoiGInyPLVQtrVcb rmojbUDGDGbwraNkrUZ6wZjKJEArVJ9eC13AROSRc9vAneG3z2i52YaOGURrOZui 7yzj2d0SyglWhlV6sG/rJUAuTV7XB53JqzNyzLFm2tK3tlxOBMOEJp/qm0QG4sL/ chXc/VIu8VqXeb3MmHtyWrMW+0hoLKI7pBVFdISiefjLRMHVscUZp3Ph7xvZT3GT +hpvkMz2cp2CSn/N7+qHnEpoP8tgXPEneRPj3MgE0F6pqm3nVx/tAhoUBo9HYBRc J6zWq5wkyRzIej6OFUM6gT3xRLeNLEODpDyKkcwanh9nvITVB7QbfmmC0E3fUfYM NSGmlRNwnS9Nsuz0uF5Fj3gxEyhBMkBMfHRqV9rPimHgThrWcLM= =omqs -----END PGP SIGNATURE-----
FreeBSD Errata Notice FreeBSD-EN-26:05.vm
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:05.vm Errata Notice The FreeBSD Project Topic: The page fault handler fails to zero memory Category: core Module: vm Announced: 2026-04-21 Affects: All supported versions of FreeBSD. Corrected: 2026-04-13 10:57:44 UTC (stable/15, 15.0-STABLE) 2026-04-21 15:44:24 UTC (releng/15.0, 15.0-RELEASE-p6) 2026-04-13 02:56:40 UTC (stable/14, 14.4-STABLE) 2026-04-21 15:45:29 UTC (releng/14.4, 14.4-RELEASE-p2) 2026-04-21 15:45:59 UTC (releng/14.3, 14.3-RELEASE-p11) 2026-04-13 02:58:42 UTC (stable/13, 13.5-STABLE) 2026-04-21 15:47:06 UTC (releng/13.5, 13.5-RELEASE-p12) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The mmap(2) system call allows applications and system libraries to allocate heap memory using the MAP_ANON flag. The system call allocates virtual memory in the calling thread's address space and phyiscal memory is allocated on demand as page faults occur. Memory allocated this way is allocated to be zero-filled. II. Problem Description Due to a regression introduced a previous erratum which attempted to fix a similar problem, under some conditions, particularly heavy memory pressure with swapping, the phyiscal pages allocated and mapped by the kernel may not be zero-filled. III. Impact This bug has been observed to cause process crashes. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date, and reboot the system. Perform one of the following: 1) To update your system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base # shutdown -r now 2) To update your system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r now 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/EN-26:05/vm-15.patch # fetch https://security.FreeBSD.org/patches/EN-26:05/vm-15.patch.asc # gpg --verify vm-15.patch.asc [FreeBSD 14.4 and 14.3] # fetch https://security.FreeBSD.org/patches/EN-26:05/vm-14.patch # fetch https://security.FreeBSD.org/patches/EN-26:05/vm-14.patch.asc # gpg --verify vm-14.patch.asc [FreeBSD 13.5] # fetch https://security.FreeBSD.org/patches/EN-26:05/vm-13.patch # fetch https://security.FreeBSD.org/patches/EN-26:05/vm-13.patch.asc # gpg --verify vm-13.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 58718cf36593 stable/15-n282974 releng/15.0/ ffb21713d9fd releng/15.0-n281019 stable/14/ 9b7c0f4f81f0 stable/14-n273947 releng/14.4/ 1abe7ead45c3 releng/14.4-n273683 releng/14.3/ 4d22b3925df8 releng/14.3-n271483 stable/13/ 50f7b62f0862 stable/13-n259839 releng/13.5/ 6c9dd7528350 releng/13.5-n259209 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294039> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:05.vm.asc> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnnoZoACgkQbljekB8A Gu+Nvg/+Nac6V7x8ELgRlc0dJfzvEeQgxfcu1acAfpr8Bskew+0c8vjwB1dmBAMp ENDYyI4+kgVFTG+i6KvFVEISTtlji6VWEul4BBgYow93Auk/S492mvOfaQapnW7V 31hjo0jBrT+ZsBW/inRgjy7QQpukqFiz2+aaXjFs8Q426gmW0SizgOFWinVcWaI1 /xbp5mQ76VnoPMda5+8VDU4NImqcCTUNsUbsfUGLUjYlFhbVR96BODTYIyxB7lsp +seXVbnk4SdkRwOVXotoCvi2nhnuVc4P3tmUvpmiuOjRQpvAA43VLbgrQJeZjwad Xda8vzwScbhHZtkrQ5CqInH+4eSLbPYsz3ST1TGKCMh1GwKzQ1b2hqJ52QKHDYbM NMl5/PhRcfpQNU2dbJqo2X16weowu4N/fSfMPSZrJE7TBdPqBSK/M1bKk/5nBmga 68PLhPPV/q8MbIaf7+19dGO1vsRiM/XpX0IF4XWwURs+ScQCJom1LXX7bQUv+2N/ i5iPF+JS+PIUsNgwLBz/oR15nyNpZf6kl+ZAKLlZcHdlW1kFHzDW/4DGcIM1Kvx6 hpwCYx7othSMy6tSxenOM8DLBx2fvvdtxTE+aSRwgnYjxSFquZkN6iSJZ2TP2LnY koDdRwMajUcxXXB/+RmaoP3/yqK3v156ilntTmolipfMEocGtnE= =JBjP -----END PGP SIGNATURE-----