Errata patches for expat library and TCP selective ACK in kernel
have been released for OpenBSD 7.7 and 7.8.
Binary updates for the amd64, arm64 and i386 platform are available
via the syspatch utility. Source code patches can be found on the
respective errata page:
https://www.openbsd.org/errata77.html
https://www.openbsd.org/errata78.html
Friday, March 20, 2026
[USN-8112-2] Linux kernel (FIPS) vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8112-2
March 20, 2026
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with FIPS
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- HFS+ file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1144-fips 4.15.0-1144.156
Available with Ubuntu Pro
linux-image-4.15.0-2090-gcp-fips 4.15.0-2090.96
Available with Ubuntu Pro
linux-image-4.15.0-2127-aws-fips 4.15.0-2127.133
Available with Ubuntu Pro
linux-image-aws-fips 4.15.0.2127.121
Available with Ubuntu Pro
linux-image-aws-fips-4.15 4.15.0.2127.121
Available with Ubuntu Pro
linux-image-fips 4.15.0.1144.141
Available with Ubuntu Pro
linux-image-gcp-fips 4.15.0.2090.88
Available with Ubuntu Pro
linux-image-gcp-fips-4.15 4.15.0.2090.88
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-8112-2
https://ubuntu.com/security/notices/USN-8112-1
CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/4.15.0-2127.133
https://launchpad.net/ubuntu/+source/linux-fips/4.15.0-1144.156
https://launchpad.net/ubuntu/+source/linux-gcp-fips/4.15.0-2090.96
Ubuntu Security Notice USN-8112-2
March 20, 2026
linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS
- linux-fips: Linux kernel with FIPS
- linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with FIPS
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- HFS+ file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1144-fips 4.15.0-1144.156
Available with Ubuntu Pro
linux-image-4.15.0-2090-gcp-fips 4.15.0-2090.96
Available with Ubuntu Pro
linux-image-4.15.0-2127-aws-fips 4.15.0-2127.133
Available with Ubuntu Pro
linux-image-aws-fips 4.15.0.2127.121
Available with Ubuntu Pro
linux-image-aws-fips-4.15 4.15.0.2127.121
Available with Ubuntu Pro
linux-image-fips 4.15.0.1144.141
Available with Ubuntu Pro
linux-image-gcp-fips 4.15.0.2090.88
Available with Ubuntu Pro
linux-image-gcp-fips-4.15 4.15.0.2090.88
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-8112-2
https://ubuntu.com/security/notices/USN-8112-1
CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215
Package Information:
https://launchpad.net/ubuntu/+source/linux-aws-fips/4.15.0-2127.133
https://launchpad.net/ubuntu/+source/linux-fips/4.15.0-1144.156
https://launchpad.net/ubuntu/+source/linux-gcp-fips/4.15.0-2090.96
[USN-8112-1] Linux kernel vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8112-1
March 20, 2026
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- HFS+ file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1151-oracle 4.15.0-1151.162
Available with Ubuntu Pro
linux-image-4.15.0-1171-kvm 4.15.0-1171.176
Available with Ubuntu Pro
linux-image-4.15.0-1182-gcp 4.15.0-1182.199
Available with Ubuntu Pro
linux-image-4.15.0-1189-aws 4.15.0-1189.202
Available with Ubuntu Pro
linux-image-4.15.0-247-generic 4.15.0-247.259
Available with Ubuntu Pro
linux-image-4.15.0-247-lowlatency 4.15.0-247.259
Available with Ubuntu Pro
linux-image-aws-4.15 4.15.0.1189.187
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1189.187
Available with Ubuntu Pro
linux-image-gcp-4.15 4.15.0.1182.195
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1182.195
Available with Ubuntu Pro
linux-image-generic 4.15.0.247.231
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1171.162
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.247.231
Available with Ubuntu Pro
linux-image-oracle-4.15 4.15.0.1151.156
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1151.156
Available with Ubuntu Pro
linux-image-virtual 4.15.0.247.231
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1151-oracle 4.15.0-1151.162~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1182-gcp 4.15.0-1182.199~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1189-aws 4.15.0-1189.202~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-247-generic 4.15.0-247.259~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-247-lowlatency 4.15.0-247.259~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1189.202~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1182.199~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.247.259~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1182.199~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.247.259~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.247.259~16.04.1
Available with Ubuntu Pro
linux-image-oracle 4.15.0.1151.162~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.247.259~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-8112-1
CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215
Ubuntu Security Notice USN-8112-1
March 20, 2026
linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gcp-4.15, linux-hwe,
linux-kvm, linux-oracle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in the Linux kernel.
Software Description:
- linux: Linux kernel
- linux-aws: Linux kernel for Amazon Web Services (AWS) systems
- linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems
- linux-kvm: Linux kernel for cloud environments
- linux-oracle: Linux kernel for Oracle Cloud systems
- linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems
- linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems
- linux-hwe: Linux hardware enablement (HWE) kernel
Details:
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- MMC subsystem;
- Network drivers;
- USB Device Class drivers;
- BTRFS file system;
- HFS+ file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- Simplified Mandatory Access Control Kernel framework;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS
linux-image-4.15.0-1151-oracle 4.15.0-1151.162
Available with Ubuntu Pro
linux-image-4.15.0-1171-kvm 4.15.0-1171.176
Available with Ubuntu Pro
linux-image-4.15.0-1182-gcp 4.15.0-1182.199
Available with Ubuntu Pro
linux-image-4.15.0-1189-aws 4.15.0-1189.202
Available with Ubuntu Pro
linux-image-4.15.0-247-generic 4.15.0-247.259
Available with Ubuntu Pro
linux-image-4.15.0-247-lowlatency 4.15.0-247.259
Available with Ubuntu Pro
linux-image-aws-4.15 4.15.0.1189.187
Available with Ubuntu Pro
linux-image-aws-lts-18.04 4.15.0.1189.187
Available with Ubuntu Pro
linux-image-gcp-4.15 4.15.0.1182.195
Available with Ubuntu Pro
linux-image-gcp-lts-18.04 4.15.0.1182.195
Available with Ubuntu Pro
linux-image-generic 4.15.0.247.231
Available with Ubuntu Pro
linux-image-kvm 4.15.0.1171.162
Available with Ubuntu Pro
linux-image-lowlatency 4.15.0.247.231
Available with Ubuntu Pro
linux-image-oracle-4.15 4.15.0.1151.156
Available with Ubuntu Pro
linux-image-oracle-lts-18.04 4.15.0.1151.156
Available with Ubuntu Pro
linux-image-virtual 4.15.0.247.231
Available with Ubuntu Pro
Ubuntu 16.04 LTS
linux-image-4.15.0-1151-oracle 4.15.0-1151.162~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1182-gcp 4.15.0-1182.199~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-1189-aws 4.15.0-1189.202~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-247-generic 4.15.0-247.259~16.04.1
Available with Ubuntu Pro
linux-image-4.15.0-247-lowlatency 4.15.0-247.259~16.04.1
Available with Ubuntu Pro
linux-image-aws-hwe 4.15.0.1189.202~16.04.1
Available with Ubuntu Pro
linux-image-gcp 4.15.0.1182.199~16.04.1
Available with Ubuntu Pro
linux-image-generic-hwe-16.04 4.15.0.247.259~16.04.1
Available with Ubuntu Pro
linux-image-gke 4.15.0.1182.199~16.04.1
Available with Ubuntu Pro
linux-image-lowlatency-hwe-16.04 4.15.0.247.259~16.04.1
Available with Ubuntu Pro
linux-image-oem 4.15.0.247.259~16.04.1
Available with Ubuntu Pro
linux-image-oracle 4.15.0.1151.162~16.04.1
Available with Ubuntu Pro
linux-image-virtual-hwe-16.04 4.15.0.247.259~16.04.1
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
ATTENTION: Due to an unavoidable ABI change the kernel updates have
been given a new version number, which requires you to recompile and
reinstall all third party kernel modules you might have installed.
Unless you manually uninstalled the standard kernel metapackages
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,
linux-powerpc), a standard system upgrade will automatically perform
this as well.
References:
https://ubuntu.com/security/notices/USN-8112-1
CVE-2021-47599, CVE-2022-48875, CVE-2022-49267, CVE-2024-47659,
CVE-2024-49927, CVE-2024-56548, CVE-2024-56581, CVE-2024-56593,
CVE-2025-21704, CVE-2025-40215
Thursday, March 19, 2026
[USN-8103-2] Exiv2 regression
==========================================================================
Ubuntu Security Notice USN-8103-2
March 19, 2026
exiv2 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
USN-8103-1 introduced a regression in Exiv2
Software Description:
- exiv2: EXIF/IPTC/XMP metadata manipulation tool
Details:
USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression
for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and
Ubuntu 25.10. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Exiv2 did not correctly handle reading certain
buffers. An attacker could possibly use this issue to leak sensitive
information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04
LTS. (CVE-2020-18771)
Wen Cheng discovered that Exiv2 did not correctly handle certain memory
allocation. If a user or system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2020-18899)
It was discovered that Exiv2 did not correctly handle writing certain
metadata. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2025-54080)
It was discovered that Exiv2 did not correctly handle parsing certain
metadata. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-55304)
It was discovered that Exiv2 did not correctly handle parsing certain
images. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2026-25884)
It was discovered that Exiv2 did not correctly handle previewing certain
images. An attacker could possibly use this issue to cause a denial of
service. (CVE-2026-27596)
It was discovered that Exiv2 did not correctly handle certain integer
arithmetic. An attacker could possibly use this issue to cause a denial of
service. (CVE-2026-27631)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
exiv2 0.28.5+dfsg-1ubuntu0.3
libexiv2-28 0.28.5+dfsg-1ubuntu0.3
libexiv2-dev 0.28.5+dfsg-1ubuntu0.3
Ubuntu 24.04 LTS
exiv2 0.27.6-1ubuntu0.3
libexiv2-27 0.27.6-1ubuntu0.3
libexiv2-dev 0.27.6-1ubuntu0.3
Ubuntu 22.04 LTS
exiv2 0.27.5-3ubuntu1.3
libexiv2-27 0.27.5-3ubuntu1.3
libexiv2-dev 0.27.5-3ubuntu1.3
Ubuntu 20.04 LTS
exiv2 0.27.2-8ubuntu2.7+esm3
Available with Ubuntu Pro
libexiv2-27 0.27.2-8ubuntu2.7+esm3
Available with Ubuntu Pro
libexiv2-dev 0.27.2-8ubuntu2.7+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8103-2
https://ubuntu.com/security/notices/USN-8103-1
CVE-2025-55304, https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/2144731
Package Information:
https://launchpad.net/ubuntu/+source/exiv2/0.28.5+dfsg-1ubuntu0.3
https://launchpad.net/ubuntu/+source/exiv2/0.27.6-1ubuntu0.3
https://launchpad.net/ubuntu/+source/exiv2/0.27.5-3ubuntu1.3
Ubuntu Security Notice USN-8103-2
March 19, 2026
exiv2 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
USN-8103-1 introduced a regression in Exiv2
Software Description:
- exiv2: EXIF/IPTC/XMP metadata manipulation tool
Details:
USN-8103-1 fixed vulnerabilities in Exiv2. The update caused a regression
for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and
Ubuntu 25.10. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Exiv2 did not correctly handle reading certain
buffers. An attacker could possibly use this issue to leak sensitive
information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04
LTS. (CVE-2020-18771)
Wen Cheng discovered that Exiv2 did not correctly handle certain memory
allocation. If a user or system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2020-18899)
It was discovered that Exiv2 did not correctly handle writing certain
metadata. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2025-54080)
It was discovered that Exiv2 did not correctly handle parsing certain
metadata. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-55304)
It was discovered that Exiv2 did not correctly handle parsing certain
images. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2026-25884)
It was discovered that Exiv2 did not correctly handle previewing certain
images. An attacker could possibly use this issue to cause a denial of
service. (CVE-2026-27596)
It was discovered that Exiv2 did not correctly handle certain integer
arithmetic. An attacker could possibly use this issue to cause a denial of
service. (CVE-2026-27631)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
exiv2 0.28.5+dfsg-1ubuntu0.3
libexiv2-28 0.28.5+dfsg-1ubuntu0.3
libexiv2-dev 0.28.5+dfsg-1ubuntu0.3
Ubuntu 24.04 LTS
exiv2 0.27.6-1ubuntu0.3
libexiv2-27 0.27.6-1ubuntu0.3
libexiv2-dev 0.27.6-1ubuntu0.3
Ubuntu 22.04 LTS
exiv2 0.27.5-3ubuntu1.3
libexiv2-27 0.27.5-3ubuntu1.3
libexiv2-dev 0.27.5-3ubuntu1.3
Ubuntu 20.04 LTS
exiv2 0.27.2-8ubuntu2.7+esm3
Available with Ubuntu Pro
libexiv2-27 0.27.2-8ubuntu2.7+esm3
Available with Ubuntu Pro
libexiv2-dev 0.27.2-8ubuntu2.7+esm3
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8103-2
https://ubuntu.com/security/notices/USN-8103-1
CVE-2025-55304, https://bugs.launchpad.net/ubuntu/+source/gimp/+bug/2144731
Package Information:
https://launchpad.net/ubuntu/+source/exiv2/0.28.5+dfsg-1ubuntu0.3
https://launchpad.net/ubuntu/+source/exiv2/0.27.6-1ubuntu0.3
https://launchpad.net/ubuntu/+source/exiv2/0.27.5-3ubuntu1.3
[USN-8105-2] FreeRDP regression
==========================================================================
Ubuntu Security Notice USN-8105-2
March 19, 2026
freerdp3 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
Summary:
USN-8105-1 introduced a regression in FreeRDP
Software Description:
- freerdp3: RDP client for Windows Terminal Services
Details:
USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a
regression which could cause FreeRDP to crash. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that FreeRDP incorrectly handled certain RDP packets. A
remote attacker could use this issue to cause FreeRDP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libfreerdp3-3 3.16.0+dfsg-2ubuntu0.4
Ubuntu 24.04 LTS
libfreerdp3-3 3.5.1+dfsg1-0ubuntu1.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8105-2
https://ubuntu.com/security/notices/USN-8105-1
https://launchpad.net/bugs/2144889
Package Information:
https://launchpad.net/ubuntu/+source/freerdp3/3.16.0+dfsg-2ubuntu0.4
https://launchpad.net/ubuntu/+source/freerdp3/3.5.1+dfsg1-0ubuntu1.5
Ubuntu Security Notice USN-8105-2
March 19, 2026
freerdp3 regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
Summary:
USN-8105-1 introduced a regression in FreeRDP
Software Description:
- freerdp3: RDP client for Windows Terminal Services
Details:
USN-8105-1 fixed vulnerabilities in FreeRDP. The update introduced a
regression which could cause FreeRDP to crash. This update fixes the
problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that FreeRDP incorrectly handled certain RDP packets. A
remote attacker could use this issue to cause FreeRDP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libfreerdp3-3 3.16.0+dfsg-2ubuntu0.4
Ubuntu 24.04 LTS
libfreerdp3-3 3.5.1+dfsg1-0ubuntu1.5
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8105-2
https://ubuntu.com/security/notices/USN-8105-1
https://launchpad.net/bugs/2144889
Package Information:
https://launchpad.net/ubuntu/+source/freerdp3/3.16.0+dfsg-2ubuntu0.4
https://launchpad.net/ubuntu/+source/freerdp3/3.5.1+dfsg1-0ubuntu1.5
Planned Outage - fedora.im / matrix - 2026-03-26 11:50 UTC
Planned Outage - fedora.im / matrix - 2026-03-26 11:50 UTC
There will be an outage starting at 2026-03-26 11:50 UTC,
which will last approximately 30 minutes.
To convert UTC to your local time, take a look at
or run:
date -d '2026-03-26 11:50 UTC'
Reason for outage:
Element matrix services is performing scheduled maintenance on our matrix server (fedora.im).
Affected Services:
chat.fedoraproject.org
fedora.im
matrix services
Ticket Link:
Please join #admin:fedoraproject.org / #noc:fedoraproject.org on matrix.
or add comments to this ticket for more information or feedback.
Updated status for this outage may be available at
Planned Outage - update/reboots - 2026-03-25 22:00 UTC
Planned Outage - update/reboots - 2026-03-25 22:00 UTC
There will be an outage starting at 2026-03-25 22:00 UTC,
which will last approximately 5 hours.
To convert UTC to your local time, take a look at
or run:
date -d '2026-03-25 22:00 UTC'
Reason for outage:
We will be applying all updates to servers and rebooting them.
Affected Services:
Many services will be affected, most should only be down for a short time as their particular resources are rebooted HOWEVER some may be down for a non-trivial amount of time due to RHEL-9 to RHEL-10 upgrades.
Ticket Link:
Please join #admin:fedoraproject.org / #noc:fedoraproject.org on matrix.
or add comments to this ticket for more information or feedback.
Updated status for this outage may be available at
[USN-8111-1] OpenStack Glance vulnerability
==========================================================================
Ubuntu Security Notice USN-8111-1
March 19, 2026
glance vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
OpenStack Glance could be made to perform server-side request forgery
Software Description:
- glance: OpenStack Image Registry and Delivery Service
Details:
It was discovered that OpenStack Glance was incorrectly validating the IP
addresses and the redirect destination URL when downloading or importing
images from a remote source. An attacker could possibly use this issue to
perform server-side request forgery and obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
glance 2:31.0.0-0ubuntu1.2
glance-api 2:31.0.0-0ubuntu1.2
glance-common 2:31.0.0-0ubuntu1.2
python-glance-doc 2:31.0.0-0ubuntu1.2
python3-glance 2:31.0.0-0ubuntu1.2
Ubuntu 24.04 LTS
glance 2:28.1.0-0ubuntu1.2
glance-api 2:28.1.0-0ubuntu1.2
glance-common 2:28.1.0-0ubuntu1.2
python-glance-doc 2:28.1.0-0ubuntu1.2
python3-glance 2:28.1.0-0ubuntu1.2
Ubuntu 22.04 LTS
glance 2:24.2.1-0ubuntu1.4
glance-api 2:24.2.1-0ubuntu1.4
glance-common 2:24.2.1-0ubuntu1.4
python-glance-doc 2:24.2.1-0ubuntu1.4
python3-glance 2:24.2.1-0ubuntu1.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8111-1
https://bugs.launchpad.net/glance/+bug/2138602
Package Information:
https://launchpad.net/ubuntu/+source/glance/2:31.0.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/glance/2:28.1.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/glance/2:24.2.1-0ubuntu1.4
Ubuntu Security Notice USN-8111-1
March 19, 2026
glance vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
OpenStack Glance could be made to perform server-side request forgery
Software Description:
- glance: OpenStack Image Registry and Delivery Service
Details:
It was discovered that OpenStack Glance was incorrectly validating the IP
addresses and the redirect destination URL when downloading or importing
images from a remote source. An attacker could possibly use this issue to
perform server-side request forgery and obtain sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
glance 2:31.0.0-0ubuntu1.2
glance-api 2:31.0.0-0ubuntu1.2
glance-common 2:31.0.0-0ubuntu1.2
python-glance-doc 2:31.0.0-0ubuntu1.2
python3-glance 2:31.0.0-0ubuntu1.2
Ubuntu 24.04 LTS
glance 2:28.1.0-0ubuntu1.2
glance-api 2:28.1.0-0ubuntu1.2
glance-common 2:28.1.0-0ubuntu1.2
python-glance-doc 2:28.1.0-0ubuntu1.2
python3-glance 2:28.1.0-0ubuntu1.2
Ubuntu 22.04 LTS
glance 2:24.2.1-0ubuntu1.4
glance-api 2:24.2.1-0ubuntu1.4
glance-common 2:24.2.1-0ubuntu1.4
python-glance-doc 2:24.2.1-0ubuntu1.4
python3-glance 2:24.2.1-0ubuntu1.4
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8111-1
https://bugs.launchpad.net/glance/+bug/2138602
Package Information:
https://launchpad.net/ubuntu/+source/glance/2:31.0.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/glance/2:28.1.0-0ubuntu1.2
https://launchpad.net/ubuntu/+source/glance/2:24.2.1-0ubuntu1.4
[USN-8018-3] Python 2.7 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8018-3
March 19, 2026
python2.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in python2.7
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672,
CVE-2026-0865 for python3. This update provides the corresponding updates
for python2.7.
Original advisory details:
Denis Ledoux discovered that Python incorrectly parsed email message
headers. An attacker could possibly use this issue to inject arbitrary
headers into email messages. This issue only affected python3.6,
python3.7, python3.8, python3.9, python3.10, python3.11, python3.12,
python3.13, and python3.14 packages. (CVE-2025-11468)
Jacob Walls, Shai Berger, and Natalia Bidart discovered that Python
inefficiently parsed XML input with quadratic complexity. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2025-12084)
It was discovered that Python incorrectly parsed malicious plist files. An
attacker could possibly use this issue to cause Python to use excessive
resources, leading to a denial of service. This issue only affected
python3.5, python3.6, python3.7, python3.8, python3.9, python3.10,
python3.11, python3.12, python3.13, and python3.14 packages.
(CVE-2025-13837)
Omar Hasan discovered that Python incorrectly parsed URL mediatypes. An
attacker could possibly use this issue to inject arbitrary HTTP headers.
(CVE-2025-15282)
Omar Hasan discovered that Python incorrectly parsed malicious IMAP
inputs. An attacker could possibly use this issue to inject arbitrary
IMAP commands. (CVE-2025-15366)
Omar Hasan discovered that Python incorrectly parsed malicious POP3
inputs. An attacker could possibly use this issue to inject arbitrary
POP3 commands. (CVE-2025-15367)
Omar Hasan discovered that Python incorrectly parsed malicious HTTP cookie
headers. An attacker could possibly use this issue to inject arbitrary
HTTP headers. (CVE-2026-0672)
Omar Hasan discovered that Python incorrectly parsed malicious HTTP header
names and values. An attacker could possibly use this issue to inject
arbitrary HTTP headers. (CVE-2026-0865)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libpython2.7 2.7.18-13ubuntu1.5+esm8
Available with Ubuntu Pro
python2.7 2.7.18-13ubuntu1.5+esm8
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libpython2.7 2.7.18-1~20.04.7+esm9
Available with Ubuntu Pro
python2.7 2.7.18-1~20.04.7+esm9
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libpython2.7 2.7.17-1~18.04ubuntu1.13+esm14
Available with Ubuntu Pro
python2.7 2.7.17-1~18.04ubuntu1.13+esm14
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libpython2.7 2.7.12-1ubuntu0~16.04.18+esm19
Available with Ubuntu Pro
python2.7 2.7.12-1ubuntu0~16.04.18+esm19
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libpython2.7 2.7.6-8ubuntu0.6+esm29
Available with Ubuntu Pro
python2.7 2.7.6-8ubuntu0.6+esm29
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8018-3
https://ubuntu.com/security/notices/USN-8018-2
https://ubuntu.com/security/notices/USN-8018-1
CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865
Ubuntu Security Notice USN-8018-3
March 19, 2026
python2.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in python2.7
Software Description:
- python2.7: An interactive high-level object-oriented language
Details:
USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672,
CVE-2026-0865 for python3. This update provides the corresponding updates
for python2.7.
Original advisory details:
Denis Ledoux discovered that Python incorrectly parsed email message
headers. An attacker could possibly use this issue to inject arbitrary
headers into email messages. This issue only affected python3.6,
python3.7, python3.8, python3.9, python3.10, python3.11, python3.12,
python3.13, and python3.14 packages. (CVE-2025-11468)
Jacob Walls, Shai Berger, and Natalia Bidart discovered that Python
inefficiently parsed XML input with quadratic complexity. An attacker
could possibly use this issue to cause a denial of service.
(CVE-2025-12084)
It was discovered that Python incorrectly parsed malicious plist files. An
attacker could possibly use this issue to cause Python to use excessive
resources, leading to a denial of service. This issue only affected
python3.5, python3.6, python3.7, python3.8, python3.9, python3.10,
python3.11, python3.12, python3.13, and python3.14 packages.
(CVE-2025-13837)
Omar Hasan discovered that Python incorrectly parsed URL mediatypes. An
attacker could possibly use this issue to inject arbitrary HTTP headers.
(CVE-2025-15282)
Omar Hasan discovered that Python incorrectly parsed malicious IMAP
inputs. An attacker could possibly use this issue to inject arbitrary
IMAP commands. (CVE-2025-15366)
Omar Hasan discovered that Python incorrectly parsed malicious POP3
inputs. An attacker could possibly use this issue to inject arbitrary
POP3 commands. (CVE-2025-15367)
Omar Hasan discovered that Python incorrectly parsed malicious HTTP cookie
headers. An attacker could possibly use this issue to inject arbitrary
HTTP headers. (CVE-2026-0672)
Omar Hasan discovered that Python incorrectly parsed malicious HTTP header
names and values. An attacker could possibly use this issue to inject
arbitrary HTTP headers. (CVE-2026-0865)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
libpython2.7 2.7.18-13ubuntu1.5+esm8
Available with Ubuntu Pro
python2.7 2.7.18-13ubuntu1.5+esm8
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libpython2.7 2.7.18-1~20.04.7+esm9
Available with Ubuntu Pro
python2.7 2.7.18-1~20.04.7+esm9
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libpython2.7 2.7.17-1~18.04ubuntu1.13+esm14
Available with Ubuntu Pro
python2.7 2.7.17-1~18.04ubuntu1.13+esm14
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libpython2.7 2.7.12-1ubuntu0~16.04.18+esm19
Available with Ubuntu Pro
python2.7 2.7.12-1ubuntu0~16.04.18+esm19
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libpython2.7 2.7.6-8ubuntu0.6+esm29
Available with Ubuntu Pro
python2.7 2.7.6-8ubuntu0.6+esm29
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8018-3
https://ubuntu.com/security/notices/USN-8018-2
https://ubuntu.com/security/notices/USN-8018-1
CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865
Wednesday, March 18, 2026
[USN-8103-1] Exiv2 vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8103-1
March 18, 2026
exiv2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Exiv2.
Software Description:
- exiv2: EXIF/IPTC/XMP metadata manipulation tool
Details:
It was discovered that Exiv2 did not correctly handle reading certain
buffers. An attacker could possibly use this issue to leak sensitive
information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04
LTS. (CVE-2020-18771)
Wen Cheng discovered that Exiv2 did not correctly handle certain memory
allocation. If a user or system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2020-18899)
It was discovered that Exiv2 did not correctly handle writing certain
metadata. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2025-54080)
It was discovered that Exiv2 did not correctly handle parsing certain
metadata. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-55304)
It was discovered that Exiv2 did not correctly handle parsing certain
images. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2026-25884)
It was discovered that Exiv2 did not correctly handle previewing certain
images. An attacker could possibly use this issue to cause a denial of
service. (CVE-2026-27596)
It was discovered that Exiv2 did not correctly handle certain integer
arithmetic. An attacker could possibly use this issue to cause a denial of
service. (CVE-2026-27631)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
exiv2 0.28.5+dfsg-1ubuntu0.1
Ubuntu 24.04 LTS
exiv2 0.27.6-1ubuntu0.1
Ubuntu 22.04 LTS
exiv2 0.27.5-3ubuntu1.1
Ubuntu 20.04 LTS
exiv2 0.27.2-8ubuntu2.7+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
exiv2 0.25-3.1ubuntu0.18.04.11+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
exiv2 0.25-2.1ubuntu16.04.7+esm5
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8103-1
CVE-2020-18771, CVE-2020-18899, CVE-2025-54080, CVE-2025-55304,
CVE-2026-25884, CVE-2026-27596, CVE-2026-27631
Package Information:
https://launchpad.net/ubuntu/+source/exiv2/0.28.5+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/exiv2/0.27.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/exiv2/0.27.5-3ubuntu1.1
Ubuntu Security Notice USN-8103-1
March 18, 2026
exiv2 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Exiv2.
Software Description:
- exiv2: EXIF/IPTC/XMP metadata manipulation tool
Details:
It was discovered that Exiv2 did not correctly handle reading certain
buffers. An attacker could possibly use this issue to leak sensitive
information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04
LTS. (CVE-2020-18771)
Wen Cheng discovered that Exiv2 did not correctly handle certain memory
allocation. If a user or system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2020-18899)
It was discovered that Exiv2 did not correctly handle writing certain
metadata. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2025-54080)
It was discovered that Exiv2 did not correctly handle parsing certain
metadata. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-55304)
It was discovered that Exiv2 did not correctly handle parsing certain
images. If a user or system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service. (CVE-2026-25884)
It was discovered that Exiv2 did not correctly handle previewing certain
images. An attacker could possibly use this issue to cause a denial of
service. (CVE-2026-27596)
It was discovered that Exiv2 did not correctly handle certain integer
arithmetic. An attacker could possibly use this issue to cause a denial of
service. (CVE-2026-27631)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
exiv2 0.28.5+dfsg-1ubuntu0.1
Ubuntu 24.04 LTS
exiv2 0.27.6-1ubuntu0.1
Ubuntu 22.04 LTS
exiv2 0.27.5-3ubuntu1.1
Ubuntu 20.04 LTS
exiv2 0.27.2-8ubuntu2.7+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
exiv2 0.25-3.1ubuntu0.18.04.11+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
exiv2 0.25-2.1ubuntu16.04.7+esm5
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8103-1
CVE-2020-18771, CVE-2020-18899, CVE-2025-54080, CVE-2025-55304,
CVE-2026-25884, CVE-2026-27596, CVE-2026-27631
Package Information:
https://launchpad.net/ubuntu/+source/exiv2/0.28.5+dfsg-1ubuntu0.1
https://launchpad.net/ubuntu/+source/exiv2/0.27.6-1ubuntu0.1
https://launchpad.net/ubuntu/+source/exiv2/0.27.5-3ubuntu1.1
[USN-8097-2] roundcube regression
==========================================================================
Ubuntu Security Notice USN-8097-2
March 18, 2026
roundcube regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
USN-8097-1 introduced a regression in roundcube
Software Description:
- roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack
Details:
USN-8097-1 fixed a vulnerability in roundcube. The update caused
a regression affecting the HTML sanitizer, preventing Roundcube from rendering
any email message body. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Roundcube Webmail did not properly sanitize the
animate tag within SVG documents. An attacker could possibly use
this issue to cause a cross-site scripting attack.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
roundcube-core 1.4.3+dfsg.1-1ubuntu0.1~esm7
Available with Ubuntu Pro
roundcube-plugins 1.4.3+dfsg.1-1ubuntu0.1~esm7
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8097-2
https://ubuntu.com/security/notices/USN-8097-1
https://launchpad.net/bugs/2144682
Ubuntu Security Notice USN-8097-2
March 18, 2026
roundcube regression
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
USN-8097-1 introduced a regression in roundcube
Software Description:
- roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack
Details:
USN-8097-1 fixed a vulnerability in roundcube. The update caused
a regression affecting the HTML sanitizer, preventing Roundcube from rendering
any email message body. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Roundcube Webmail did not properly sanitize the
animate tag within SVG documents. An attacker could possibly use
this issue to cause a cross-site scripting attack.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
roundcube-core 1.4.3+dfsg.1-1ubuntu0.1~esm7
Available with Ubuntu Pro
roundcube-plugins 1.4.3+dfsg.1-1ubuntu0.1~esm7
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8097-2
https://ubuntu.com/security/notices/USN-8097-1
https://launchpad.net/bugs/2144682
[USN-8108-1] Bouncy Castle vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8108-1
March 18, 2026
bouncycastle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Bouncy Castle.
Software Description:
- bouncycastle: Java implementation of cryptographic algorithms
Details:
It was discovered that Bouncy Castle did not sanitize user input when
inserting it into an LDAP search filter. An attacker could possibly use
this issue to perform an LDAP injection attack. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2023-33201)
It was discovered that Bouncy Castle incorrectly handled specially crafted
F2m parameters in the ECCurve algorithm. An attacker could possibly use
this issue to cause Bouncy Castle to use excessive resources, leading to a
denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-29857)
It was discovered that Bouncy Castle leaked timing information when
handling exceptions during an RSA handshake. An attacker could possibly use
this issue to obtain sensitive information. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS.
(CVE-2024-30171)
It was discovered that Bouncy Castle incorrectly handled endpoint
identification with an SSL socket enabled without an explicit hostname. An
attacker could possibly use this issue to perform a DNS poisoning attack.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2024-34447)
Bing Shi discovered that Bouncy Castle incorrectly handled resource memory
allocation. An attacker could possibly use this issue to cause Bouncy
Castle to use excessive resources, leading to a denial of service. This
issue only affected Ubuntu 24.04 LTS. (CVE-2025-8916)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libbcjmail-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcmail-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpg-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpkix-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcprov-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbctls-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcutil-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libbcmail-java 1.68-5ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpg-java 1.68-5ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpkix-java 1.68-5ubuntu0.1~esm1
Available with Ubuntu Pro
libbcprov-java 1.68-5ubuntu0.1~esm1
Available with Ubuntu Pro
libbctls-java 1.68-5ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libbcmail-java 1.61-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpg-java 1.61-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpkix-java 1.61-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcprov-java 1.61-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libbcmail-java 1.59-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpg-java 1.59-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpkix-java 1.59-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcprov-java 1.59-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libbcmail-java 1.51-4ubuntu1+esm1
Available with Ubuntu Pro
libbcpg-java 1.51-4ubuntu1+esm1
Available with Ubuntu Pro
libbcpkix-java 1.51-4ubuntu1+esm1
Available with Ubuntu Pro
libbcprov-java 1.51-4ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8108-1
CVE-2023-33201, CVE-2024-29857, CVE-2024-30171, CVE-2024-30172,
CVE-2024-34447, CVE-2025-8916
Ubuntu Security Notice USN-8108-1
March 18, 2026
bouncycastle vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Bouncy Castle.
Software Description:
- bouncycastle: Java implementation of cryptographic algorithms
Details:
It was discovered that Bouncy Castle did not sanitize user input when
inserting it into an LDAP search filter. An attacker could possibly use
this issue to perform an LDAP injection attack. This issue only affected
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2023-33201)
It was discovered that Bouncy Castle incorrectly handled specially crafted
F2m parameters in the ECCurve algorithm. An attacker could possibly use
this issue to cause Bouncy Castle to use excessive resources, leading to a
denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04
LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-29857)
It was discovered that Bouncy Castle leaked timing information when
handling exceptions during an RSA handshake. An attacker could possibly use
this issue to obtain sensitive information. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS.
(CVE-2024-30171)
It was discovered that Bouncy Castle incorrectly handled endpoint
identification with an SSL socket enabled without an explicit hostname. An
attacker could possibly use this issue to perform a DNS poisoning attack.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2024-34447)
Bing Shi discovered that Bouncy Castle incorrectly handled resource memory
allocation. An attacker could possibly use this issue to cause Bouncy
Castle to use excessive resources, leading to a denial of service. This
issue only affected Ubuntu 24.04 LTS. (CVE-2025-8916)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libbcjmail-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcmail-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpg-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpkix-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcprov-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbctls-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcutil-java 1.77-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libbcmail-java 1.68-5ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpg-java 1.68-5ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpkix-java 1.68-5ubuntu0.1~esm1
Available with Ubuntu Pro
libbcprov-java 1.68-5ubuntu0.1~esm1
Available with Ubuntu Pro
libbctls-java 1.68-5ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libbcmail-java 1.61-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpg-java 1.61-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpkix-java 1.61-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcprov-java 1.61-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libbcmail-java 1.59-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpg-java 1.59-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcpkix-java 1.59-1ubuntu0.1~esm1
Available with Ubuntu Pro
libbcprov-java 1.59-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libbcmail-java 1.51-4ubuntu1+esm1
Available with Ubuntu Pro
libbcpg-java 1.51-4ubuntu1+esm1
Available with Ubuntu Pro
libbcpkix-java 1.51-4ubuntu1+esm1
Available with Ubuntu Pro
libbcprov-java 1.51-4ubuntu1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8108-1
CVE-2023-33201, CVE-2024-29857, CVE-2024-30171, CVE-2024-30172,
CVE-2024-34447, CVE-2025-8916
Subscribe to:
Comments (Atom)