==========================================================================
Ubuntu Security Notice USN-8079-1
March 05, 2026
less vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
Summary:
less could be made to crash or run arbitrary commands if it received
crafted input.
Software Description:
- less: pager program similar to more
Details:
It was discovered that less incorrectly handled certain file names. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary commands.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS
less 458-2ubuntu0.1~esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8079-1
CVE-2022-48624
Thursday, March 5, 2026
[USN-8078-1] Zutty vulnerability
==========================================================================
Ubuntu Security Notice USN-8078-1
March 05, 2026
zutty vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Zutty could be made to execute arbitrary commands.
Software Description:
- zutty: X terminal emulator
Details:
Carter Sande discovered that Zutty did not correctly echo invalid input to
the console on DECRQSS. An attacker could possibly use this issue to
execute arbitrary commands.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
zutty 0.11.2.20220109.192032+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8078-1
CVE-2022-41138
Ubuntu Security Notice USN-8078-1
March 05, 2026
zutty vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
Zutty could be made to execute arbitrary commands.
Software Description:
- zutty: X terminal emulator
Details:
Carter Sande discovered that Zutty did not correctly echo invalid input to
the console on DECRQSS. An attacker could possibly use this issue to
execute arbitrary commands.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
zutty 0.11.2.20220109.192032+dfsg1-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8078-1
CVE-2022-41138
[USN-8076-1] Qt vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8076-1
March 05, 2026
qtbase-opensource-src vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Qt.
Software Description:
- qtbase-opensource-src: Qt 5 libraries
Details:
It was discovered that Qt did not correctly handle OpenSSL's error queue.
An attacker could possibly use this issue to cause a denial of service.
This issue was only addressed in Ubuntu 20.04 LTS. (CVE-2020-13962)
It was discovered that Qt incorrectly handled certain XBM image files. If a
user or automated system were tricked into opening a specially crafted PPM
file, a remote attacker could cause Qt to crash, resulting in a denial of
service. This issue was only addressed in Ubuntu 16.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-17507)
It was discovered that Qt did not correctly handle executing specific
binaries. If a user or automated system were tricked into executing a
binary at a specific file path, an attacker could cause a denial of
service or execute arbitrary code. This issue was only addressed in
Ubuntu 20.04 LTS. (CVE-2022-25255)
It was discovered that Qt did not correctly handle certain integer
arithmetic. An attacker could possibly use this issue to cause a denial
of service. This issue was only addressed in Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-51714)
It was discovered that Qt did not correctly handle certain encrypted
connections. An attacker could possibly use this issue to leak sensitive
information. This issue was only addressed in Ubuntu 24.04 LTS.
(CVE-2024-39936)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libqt5core5t64 5.15.13+dfsg-1ubuntu1+esm1
Available with Ubuntu Pro
libqt5gui5t64 5.15.13+dfsg-1ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libqt5core5a 5.15.3+dfsg-2ubuntu0.2+esm3
Available with Ubuntu Pro
libqt5gui5 5.15.3+dfsg-2ubuntu0.2+esm3
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libqt5core5a 5.12.8+dfsg-0ubuntu2.1+esm3
Available with Ubuntu Pro
libqt5gui5 5.12.8+dfsg-0ubuntu2.1+esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libqt5core5a 5.9.5+dfsg-0ubuntu2.6+esm2
Available with Ubuntu Pro
libqt5gui5 5.9.5+dfsg-0ubuntu2.6+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libqt5core5a 5.5.1+dfsg-16ubuntu7.7+esm2
Available with Ubuntu Pro
libqt5gui5 5.5.1+dfsg-16ubuntu7.7+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8076-1
CVE-2020-13962, CVE-2020-17507, CVE-2022-25255, CVE-2023-51714,
CVE-2024-39936
Ubuntu Security Notice USN-8076-1
March 05, 2026
qtbase-opensource-src vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Qt.
Software Description:
- qtbase-opensource-src: Qt 5 libraries
Details:
It was discovered that Qt did not correctly handle OpenSSL's error queue.
An attacker could possibly use this issue to cause a denial of service.
This issue was only addressed in Ubuntu 20.04 LTS. (CVE-2020-13962)
It was discovered that Qt incorrectly handled certain XBM image files. If a
user or automated system were tricked into opening a specially crafted PPM
file, a remote attacker could cause Qt to crash, resulting in a denial of
service. This issue was only addressed in Ubuntu 16.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-17507)
It was discovered that Qt did not correctly handle executing specific
binaries. If a user or automated system were tricked into executing a
binary at a specific file path, an attacker could cause a denial of
service or execute arbitrary code. This issue was only addressed in
Ubuntu 20.04 LTS. (CVE-2022-25255)
It was discovered that Qt did not correctly handle certain integer
arithmetic. An attacker could possibly use this issue to cause a denial
of service. This issue was only addressed in Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-51714)
It was discovered that Qt did not correctly handle certain encrypted
connections. An attacker could possibly use this issue to leak sensitive
information. This issue was only addressed in Ubuntu 24.04 LTS.
(CVE-2024-39936)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libqt5core5t64 5.15.13+dfsg-1ubuntu1+esm1
Available with Ubuntu Pro
libqt5gui5t64 5.15.13+dfsg-1ubuntu1+esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
libqt5core5a 5.15.3+dfsg-2ubuntu0.2+esm3
Available with Ubuntu Pro
libqt5gui5 5.15.3+dfsg-2ubuntu0.2+esm3
Available with Ubuntu Pro
Ubuntu 20.04 LTS
libqt5core5a 5.12.8+dfsg-0ubuntu2.1+esm3
Available with Ubuntu Pro
libqt5gui5 5.12.8+dfsg-0ubuntu2.1+esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libqt5core5a 5.9.5+dfsg-0ubuntu2.6+esm2
Available with Ubuntu Pro
libqt5gui5 5.9.5+dfsg-0ubuntu2.6+esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libqt5core5a 5.5.1+dfsg-16ubuntu7.7+esm2
Available with Ubuntu Pro
libqt5gui5 5.5.1+dfsg-16ubuntu7.7+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8076-1
CVE-2020-13962, CVE-2020-17507, CVE-2022-25255, CVE-2023-51714,
CVE-2024-39936
[lfs-announce] LFS and BLFS 13.0 are released
The Linux From Scratch community is pleased to announce the release of
LFS Version 13.0 (systemd) and BLFS Version 13.0 (systemd).
This release is a major update to both LFS and BLFS.
The LFS release includes updates to binutils-2.46 and glibc-2.42. In total, 36
packages were updated since the last release and extensive updates to the
text have been made throughout the book to improve readability. The Linux kernel has
also been updated to version 6.18.10.
Overall there have been over 100 commits to LFS since the previous stable version of
the book. Packages that have security updates include: glibc, coreutils, expat, Perl,
Python, systemd, xz, and vim. See
https://www.linuxfromscratch.org/lfs/advisories/12.4.html for a complete description
of security updates since the last stable release.
In BLFS several packages have been added and removed. See
https://rivendell.linuxfromscratch.org/blfs/news.html for a complete list.
See https://www.linuxfromscratch.org/blfs/advisories/12.4.html for BLFS packages that
were affected by security updates since the last stable release.
Overall there were 843 tickets closed via more than 1300 commits made to BLFS.
Please see the ChangeLog in the book for a full list of changes.
Thanks for this release goes to many contributors. Notably:
Douglas Reno
Xi Ruoyao
Pierre Labastie
Joe Locash
Rahul Chandra
Zeckma
I'd like to add a special thanks to our newest editor, Joe Locash. His help
during this development cycle has been a tremendous help.
----
As an additional announcement, Randy McMurchy has volunteered to take over editing
responsibilities for the System V versions of LFS and BLFS. Randy was the senior
editor for BLFS in the 2006 to 2011 time frame and now has the time to manage those
books. A time frame for updates has not been established yet.
----
You can read the books online[0]-[1], or download[2]-[3] to read locally.
Please direct any comments about this release to the LFS development
team at lfs-dev@lists.linuxfromscratch.org or
blfs-dev@lists.linuxfromscratch.org. Registration for the mailing lists
is required to avoid junk email.
-- Bruce Dubbs
LFS
[0] http://www.linuxfromscratch.org/lfs/view/13.0-systemd/
[1] http://www.linuxfromscratch.org/blfs/view/13.0-systemd/
[2] http://www.linuxfromscratch.org/lfs/downloads/13.0-systemd/
[3] http://www.linuxfromscratch.org/blfs/downloads/13.0-systemd/
LFS Version 13.0 (systemd) and BLFS Version 13.0 (systemd).
This release is a major update to both LFS and BLFS.
The LFS release includes updates to binutils-2.46 and glibc-2.42. In total, 36
packages were updated since the last release and extensive updates to the
text have been made throughout the book to improve readability. The Linux kernel has
also been updated to version 6.18.10.
Overall there have been over 100 commits to LFS since the previous stable version of
the book. Packages that have security updates include: glibc, coreutils, expat, Perl,
Python, systemd, xz, and vim. See
https://www.linuxfromscratch.org/lfs/advisories/12.4.html for a complete description
of security updates since the last stable release.
In BLFS several packages have been added and removed. See
https://rivendell.linuxfromscratch.org/blfs/news.html for a complete list.
See https://www.linuxfromscratch.org/blfs/advisories/12.4.html for BLFS packages that
were affected by security updates since the last stable release.
Overall there were 843 tickets closed via more than 1300 commits made to BLFS.
Please see the ChangeLog in the book for a full list of changes.
Thanks for this release goes to many contributors. Notably:
Douglas Reno
Xi Ruoyao
Pierre Labastie
Joe Locash
Rahul Chandra
Zeckma
I'd like to add a special thanks to our newest editor, Joe Locash. His help
during this development cycle has been a tremendous help.
----
As an additional announcement, Randy McMurchy has volunteered to take over editing
responsibilities for the System V versions of LFS and BLFS. Randy was the senior
editor for BLFS in the 2006 to 2011 time frame and now has the time to manage those
books. A time frame for updates has not been established yet.
----
You can read the books online[0]-[1], or download[2]-[3] to read locally.
Please direct any comments about this release to the LFS development
team at lfs-dev@lists.linuxfromscratch.org or
blfs-dev@lists.linuxfromscratch.org. Registration for the mailing lists
is required to avoid junk email.
-- Bruce Dubbs
LFS
[0] http://www.linuxfromscratch.org/lfs/view/13.0-systemd/
[1] http://www.linuxfromscratch.org/blfs/view/13.0-systemd/
[2] http://www.linuxfromscratch.org/lfs/downloads/13.0-systemd/
[3] http://www.linuxfromscratch.org/blfs/downloads/13.0-systemd/
Fedora Linux 44 Beta is GO
The Fedora Linux 44 Beta RC-1.2 compose is GO and will be shipped live
on Tuesday, March 10th 2026.
For more information please check the Go/No-Go meeting minutes[1][2]
or log[3][4].
[1] https://meetbot.fedoraproject.org/meeting_matrix_fedoraproject-org/2026-03-05/f44-beta-go-no-go-meeting.2026-03-05-18.04.txt
[2] https://meetbot.fedoraproject.org/meeting_matrix_fedoraproject-org/2026-03-05/f44-beta-go-no-go-meeting.2026-03-05-18.04.html
[3] https://meetbot.fedoraproject.org/meeting_matrix_fedoraproject-org/2026-03-05/f44-beta-go-no-go-meeting.2026-03-05-18.04.log.txt
[4] https://meetbot.fedoraproject.org/meeting_matrix_fedoraproject-org/2026-03-05/f44-beta-go-no-go-meeting.2026-03-05-18.04.log.html
kevin
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
on Tuesday, March 10th 2026.
For more information please check the Go/No-Go meeting minutes[1][2]
or log[3][4].
[1] https://meetbot.fedoraproject.org/meeting_matrix_fedoraproject-org/2026-03-05/f44-beta-go-no-go-meeting.2026-03-05-18.04.txt
[2] https://meetbot.fedoraproject.org/meeting_matrix_fedoraproject-org/2026-03-05/f44-beta-go-no-go-meeting.2026-03-05-18.04.html
[3] https://meetbot.fedoraproject.org/meeting_matrix_fedoraproject-org/2026-03-05/f44-beta-go-no-go-meeting.2026-03-05-18.04.log.txt
[4] https://meetbot.fedoraproject.org/meeting_matrix_fedoraproject-org/2026-03-05/f44-beta-go-no-go-meeting.2026-03-05-18.04.log.html
kevin
--
_______________________________________________
devel-announce mailing list -- devel-announce@lists.fedoraproject.org
To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[USN-8077-1] Bleach vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8077-1
March 05, 2026
python-bleach vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Bleach.
Software Description:
- python-bleach: An allowed-list-based HTML sanitizing library that escapes or strips markup and attributes
Details:
It was discovered that Bleach did not properly sanitize URI attributes
containing character entities. An attacker could possibly use this issue
to construct a URI with a disallowed scheme that would bypass
sanitization, leading to cross-site scripting. This issue only affected
Ubuntu 18.04 LTS. (CVE-2018-7753)
Yaniv Nizry discovered that Bleach was vulnerable to a mutation
cross-site scripting issue when sanitizing HTML with the noscript tag
and a raw tag in the allowed tags list. An attacker could possibly
use this issue to inject malicious content, leading to cross-site
scripting. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-6802)
Yaniv Nizry discovered that Bleach was vulnerable to a mutation
cross-site scripting issue when sanitizing HTML with RCDATA together
with svg or math tags in the allowed tags list. An attacker could
possibly use this issue to inject malicious content, leading to
cross-site scripting. (CVE-2020-6816)
It was discovered that Bleach incorrectly handled parsing of style
attributes when sanitizing HTML. An attacker could possibly use this
issue to perform a regular expression denial of service, leading to
excessive resource consumption. (CVE-2020-6817)
Yaniv Nizry and MichaĆ Bentkowski discovered that Bleach was vulnerable
to a mutation cross-site scripting issue when sanitizing HTML with
certain combinations of allowed tags. An attacker could possibly use
this issue to inject malicious content, leading to cross-site scripting.
(CVE-2021-23980)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
python-bleach-doc 3.1.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-bleach 3.1.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
python-bleach 2.1.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
python-bleach-doc 2.1.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-bleach 2.1.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-bleach 1.4.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
python-bleach-doc 1.4.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-bleach 1.4.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8077-1
CVE-2018-7753, CVE-2020-6802, CVE-2020-6816, CVE-2020-6817,
CVE-2021-23980
Ubuntu Security Notice USN-8077-1
March 05, 2026
python-bleach vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Bleach.
Software Description:
- python-bleach: An allowed-list-based HTML sanitizing library that escapes or strips markup and attributes
Details:
It was discovered that Bleach did not properly sanitize URI attributes
containing character entities. An attacker could possibly use this issue
to construct a URI with a disallowed scheme that would bypass
sanitization, leading to cross-site scripting. This issue only affected
Ubuntu 18.04 LTS. (CVE-2018-7753)
Yaniv Nizry discovered that Bleach was vulnerable to a mutation
cross-site scripting issue when sanitizing HTML with the noscript tag
and a raw tag in the allowed tags list. An attacker could possibly
use this issue to inject malicious content, leading to cross-site
scripting. This issue only affected Ubuntu 18.04 LTS. (CVE-2020-6802)
Yaniv Nizry discovered that Bleach was vulnerable to a mutation
cross-site scripting issue when sanitizing HTML with RCDATA together
with svg or math tags in the allowed tags list. An attacker could
possibly use this issue to inject malicious content, leading to
cross-site scripting. (CVE-2020-6816)
It was discovered that Bleach incorrectly handled parsing of style
attributes when sanitizing HTML. An attacker could possibly use this
issue to perform a regular expression denial of service, leading to
excessive resource consumption. (CVE-2020-6817)
Yaniv Nizry and MichaĆ Bentkowski discovered that Bleach was vulnerable
to a mutation cross-site scripting issue when sanitizing HTML with
certain combinations of allowed tags. An attacker could possibly use
this issue to inject malicious content, leading to cross-site scripting.
(CVE-2021-23980)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
python-bleach-doc 3.1.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-bleach 3.1.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
python-bleach 2.1.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
python-bleach-doc 2.1.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-bleach 2.1.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
python-bleach 1.4.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
python-bleach-doc 1.4.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
python3-bleach 1.4.2-1ubuntu0.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8077-1
CVE-2018-7753, CVE-2020-6802, CVE-2020-6816, CVE-2020-6817,
CVE-2021-23980
[USN-8071-2] NSS vulnerability
==========================================================================
Ubuntu Security Notice USN-8071-2
March 05, 2026
nss vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
NSS could be made to crash or run programs if it received specially crafted
network traffic.
Software Description:
- nss: Network Security Service library
Details:
USN-8071-1 fixed a vulnerability in nss. This update provides the
corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that NSS incorrectly handled memory when performing
certain GHASH operations. A remote attacker could use this issue to cause
NSS to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libnss3 2:3.98-0ubuntu0.20.04.2+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libnss3 2:3.35-2ubuntu2.16+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libnss3 2:3.28.4-0ubuntu0.16.04.14+esm5
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libnss3 2:3.28.4-0ubuntu0.14.04.5+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8071-2
https://ubuntu.com/security/notices/USN-8071-1
CVE-2026-2781
Ubuntu Security Notice USN-8071-2
March 05, 2026
nss vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
NSS could be made to crash or run programs if it received specially crafted
network traffic.
Software Description:
- nss: Network Security Service library
Details:
USN-8071-1 fixed a vulnerability in nss. This update provides the
corresponding fix for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that NSS incorrectly handled memory when performing
certain GHASH operations. A remote attacker could use this issue to cause
NSS to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS
libnss3 2:3.98-0ubuntu0.20.04.2+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libnss3 2:3.35-2ubuntu2.16+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libnss3 2:3.28.4-0ubuntu0.16.04.14+esm5
Available with Ubuntu Pro
Ubuntu 14.04 LTS
libnss3 2:3.28.4-0ubuntu0.14.04.5+esm13
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8071-2
https://ubuntu.com/security/notices/USN-8071-1
CVE-2026-2781
Wednesday, March 4, 2026
[announce] Next NYC*BUG: Tonight! 2026-03-04 @ 18:45 local (23:45 UTC) - Backroom of Brass Monkey 55 Little West 12th St
Weird Code Injection Techniques on FreeBSD With libhijack.pdf remote presentation, Shawn Webb
2026-03-04 @ 18:45 local (23:45 UTC) - Backroom of Brass Monkey 55 Little West 12th St
Remote participation: Plans are to stream via NYC*BUG website. Q&A will be via IRC on libera.chat channel #nycbug - please preface your questions with '[Q]'.
2026-03-04 @ 18:45 local (23:45 UTC) - Backroom of Brass Monkey 55 Little West 12th St
Remote participation: Plans are to stream via NYC*BUG website. Q&A will be via IRC on libera.chat channel #nycbug - please preface your questions with '[Q]'.
FreeBSD is a widely-used open source operating system, powering your Playstation 4 and 5, Netflix, Juniper devices, and many other devices. libhijack is a post-exploitation tool to make code injection easier. In as little as four lines of code, developers can inject a complete shared object into another process fully anonymously.
libhijack makes it easy to force the target process to create new anonymous memory mappings, inject code into memory-backed file descriptors, and finally call fdlopen on the memfd.
This presentation walks attendees through various methods in which to stealthily inject code into a target process - some of these methods are new variants of prior work and remain unique to libhijack.
Shawn Webb is the co-founder of the HardenedBSD Project and the founding president of The HardenedBSD Foundation, a tax-exmpt not-for-profit 501©3 charitable organization in the US. While Shawn has a few decades of experience in infosec, both as a profession and a hobby, he considers himself a perpetual newb. He works for IOActive, an offensive security company, spending his time finding vulnerabilities in customer products.
While working in the NSA's backyard, he had the opportunity to be mentored by two interns - an experience that changed his life. He and his interns focused on the intersection of human rights and information security and cybersecurity.
Shawn "lattera" Webb also maintains a post-exploitation tool called libhijack. It makes runtime process infection and runtime function hooking for remote processes over the ptrace boundary incredibly simple on FreeBSD.
[USN-8073-1] QEMU vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8073-1
March 04, 2026
qemu vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
Details:
It was discovered that the UHCI controller implementation of QEMU could be
brought into an invalid state. An attacker inside the guest could possibly
use this issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2024-8354)
It was discovered that QEMU incorrectly handled memory during certain VNC
operations. An remote attacker could possibly use this issue to cause QEMU
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2025-11234)
It was discovered that the e1000 network device implementation of QEMU
could be made to write out of bounds. An attacker inside the guest could
possibly use this issue to cause QEMU to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-12464)
It was discovered that the virtio-crypto device implementation of QEMU did
not limit the length of a certain path input. An attacker inside the guest
could possibly use this issue to cause QEMU to consume large amount of
memory, resulting in a denial of service. This issue only affected Ubuntu
24.04 LTS and Ubuntu 25.10. (CVE-2025-14876)
It was discovered that the KVM Xen guest support of QEMU could be made to
read out of bounds. An attacker inside the guest could possibly use this
issue to cause QEMU to crash, resulting in a denial of service. This issue
only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-0665)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
qemu-system 1:10.1.0+ds-5ubuntu2.4
qemu-system-arm 1:10.1.0+ds-5ubuntu2.4
qemu-system-common 1:10.1.0+ds-5ubuntu2.4
qemu-system-data 1:10.1.0+ds-5ubuntu2.4
qemu-system-gui 1:10.1.0+ds-5ubuntu2.4
qemu-system-mips 1:10.1.0+ds-5ubuntu2.4
qemu-system-misc 1:10.1.0+ds-5ubuntu2.4
qemu-system-modules-opengl 1:10.1.0+ds-5ubuntu2.4
qemu-system-modules-spice 1:10.1.0+ds-5ubuntu2.4
qemu-system-ppc 1:10.1.0+ds-5ubuntu2.4
qemu-system-riscv 1:10.1.0+ds-5ubuntu2.4
qemu-system-s390x 1:10.1.0+ds-5ubuntu2.4
qemu-system-sparc 1:10.1.0+ds-5ubuntu2.4
qemu-system-x86 1:10.1.0+ds-5ubuntu2.4
qemu-system-x86-xen 1:10.1.0+ds-5ubuntu2.4
qemu-system-xen 1:10.1.0+ds-5ubuntu2.4
Ubuntu 24.04 LTS
qemu-system 1:8.2.2+ds-0ubuntu1.13
qemu-system-arm 1:8.2.2+ds-0ubuntu1.13
qemu-system-common 1:8.2.2+ds-0ubuntu1.13
qemu-system-data 1:8.2.2+ds-0ubuntu1.13
qemu-system-gui 1:8.2.2+ds-0ubuntu1.13
qemu-system-mips 1:8.2.2+ds-0ubuntu1.13
qemu-system-misc 1:8.2.2+ds-0ubuntu1.13
qemu-system-modules-opengl 1:8.2.2+ds-0ubuntu1.13
qemu-system-modules-spice 1:8.2.2+ds-0ubuntu1.13
qemu-system-ppc 1:8.2.2+ds-0ubuntu1.13
qemu-system-s390x 1:8.2.2+ds-0ubuntu1.13
qemu-system-sparc 1:8.2.2+ds-0ubuntu1.13
qemu-system-x86 1:8.2.2+ds-0ubuntu1.13
qemu-system-x86-xen 1:8.2.2+ds-0ubuntu1.13
qemu-system-xen 1:8.2.2+ds-0ubuntu1.13
Ubuntu 22.04 LTS
qemu 1:6.2+dfsg-2ubuntu6.28
qemu-system 1:6.2+dfsg-2ubuntu6.28
qemu-system-arm 1:6.2+dfsg-2ubuntu6.28
qemu-system-common 1:6.2+dfsg-2ubuntu6.28
qemu-system-data 1:6.2+dfsg-2ubuntu6.28
qemu-system-gui 1:6.2+dfsg-2ubuntu6.28
qemu-system-mips 1:6.2+dfsg-2ubuntu6.28
qemu-system-misc 1:6.2+dfsg-2ubuntu6.28
qemu-system-ppc 1:6.2+dfsg-2ubuntu6.28
qemu-system-s390x 1:6.2+dfsg-2ubuntu6.28
qemu-system-sparc 1:6.2+dfsg-2ubuntu6.28
qemu-system-x86 1:6.2+dfsg-2ubuntu6.28
qemu-system-x86-microvm 1:6.2+dfsg-2ubuntu6.28
qemu-system-x86-xen 1:6.2+dfsg-2ubuntu6.28
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8073-1
CVE-2024-8354, CVE-2025-11234, CVE-2025-12464, CVE-2025-14876,
CVE-2026-0665
Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu2.4
https://launchpad.net/ubuntu/+source/qemu/1:8.2.2+ds-0ubuntu1.13
https://launchpad.net/ubuntu/+source/qemu/1:6.2+dfsg-2ubuntu6.28
Ubuntu Security Notice USN-8073-1
March 04, 2026
qemu vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Several security issues were fixed in QEMU.
Software Description:
- qemu: Machine emulator and virtualizer
Details:
It was discovered that the UHCI controller implementation of QEMU could be
brought into an invalid state. An attacker inside the guest could possibly
use this issue to cause QEMU to crash, resulting in a denial of service.
(CVE-2024-8354)
It was discovered that QEMU incorrectly handled memory during certain VNC
operations. An remote attacker could possibly use this issue to cause QEMU
to crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2025-11234)
It was discovered that the e1000 network device implementation of QEMU
could be made to write out of bounds. An attacker inside the guest could
possibly use this issue to cause QEMU to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-12464)
It was discovered that the virtio-crypto device implementation of QEMU did
not limit the length of a certain path input. An attacker inside the guest
could possibly use this issue to cause QEMU to consume large amount of
memory, resulting in a denial of service. This issue only affected Ubuntu
24.04 LTS and Ubuntu 25.10. (CVE-2025-14876)
It was discovered that the KVM Xen guest support of QEMU could be made to
read out of bounds. An attacker inside the guest could possibly use this
issue to cause QEMU to crash, resulting in a denial of service. This issue
only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-0665)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
qemu-system 1:10.1.0+ds-5ubuntu2.4
qemu-system-arm 1:10.1.0+ds-5ubuntu2.4
qemu-system-common 1:10.1.0+ds-5ubuntu2.4
qemu-system-data 1:10.1.0+ds-5ubuntu2.4
qemu-system-gui 1:10.1.0+ds-5ubuntu2.4
qemu-system-mips 1:10.1.0+ds-5ubuntu2.4
qemu-system-misc 1:10.1.0+ds-5ubuntu2.4
qemu-system-modules-opengl 1:10.1.0+ds-5ubuntu2.4
qemu-system-modules-spice 1:10.1.0+ds-5ubuntu2.4
qemu-system-ppc 1:10.1.0+ds-5ubuntu2.4
qemu-system-riscv 1:10.1.0+ds-5ubuntu2.4
qemu-system-s390x 1:10.1.0+ds-5ubuntu2.4
qemu-system-sparc 1:10.1.0+ds-5ubuntu2.4
qemu-system-x86 1:10.1.0+ds-5ubuntu2.4
qemu-system-x86-xen 1:10.1.0+ds-5ubuntu2.4
qemu-system-xen 1:10.1.0+ds-5ubuntu2.4
Ubuntu 24.04 LTS
qemu-system 1:8.2.2+ds-0ubuntu1.13
qemu-system-arm 1:8.2.2+ds-0ubuntu1.13
qemu-system-common 1:8.2.2+ds-0ubuntu1.13
qemu-system-data 1:8.2.2+ds-0ubuntu1.13
qemu-system-gui 1:8.2.2+ds-0ubuntu1.13
qemu-system-mips 1:8.2.2+ds-0ubuntu1.13
qemu-system-misc 1:8.2.2+ds-0ubuntu1.13
qemu-system-modules-opengl 1:8.2.2+ds-0ubuntu1.13
qemu-system-modules-spice 1:8.2.2+ds-0ubuntu1.13
qemu-system-ppc 1:8.2.2+ds-0ubuntu1.13
qemu-system-s390x 1:8.2.2+ds-0ubuntu1.13
qemu-system-sparc 1:8.2.2+ds-0ubuntu1.13
qemu-system-x86 1:8.2.2+ds-0ubuntu1.13
qemu-system-x86-xen 1:8.2.2+ds-0ubuntu1.13
qemu-system-xen 1:8.2.2+ds-0ubuntu1.13
Ubuntu 22.04 LTS
qemu 1:6.2+dfsg-2ubuntu6.28
qemu-system 1:6.2+dfsg-2ubuntu6.28
qemu-system-arm 1:6.2+dfsg-2ubuntu6.28
qemu-system-common 1:6.2+dfsg-2ubuntu6.28
qemu-system-data 1:6.2+dfsg-2ubuntu6.28
qemu-system-gui 1:6.2+dfsg-2ubuntu6.28
qemu-system-mips 1:6.2+dfsg-2ubuntu6.28
qemu-system-misc 1:6.2+dfsg-2ubuntu6.28
qemu-system-ppc 1:6.2+dfsg-2ubuntu6.28
qemu-system-s390x 1:6.2+dfsg-2ubuntu6.28
qemu-system-sparc 1:6.2+dfsg-2ubuntu6.28
qemu-system-x86 1:6.2+dfsg-2ubuntu6.28
qemu-system-x86-microvm 1:6.2+dfsg-2ubuntu6.28
qemu-system-x86-xen 1:6.2+dfsg-2ubuntu6.28
After a standard system update you need to restart all QEMU virtual
machines to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8073-1
CVE-2024-8354, CVE-2025-11234, CVE-2025-12464, CVE-2025-14876,
CVE-2026-0665
Package Information:
https://launchpad.net/ubuntu/+source/qemu/1:10.1.0+ds-5ubuntu2.4
https://launchpad.net/ubuntu/+source/qemu/1:8.2.2+ds-0ubuntu1.13
https://launchpad.net/ubuntu/+source/qemu/1:6.2+dfsg-2ubuntu6.28
[USN-8075-1] GIMP vulnerabilities
==========================================================================
Ubuntu Security Notice USN-8075-1
March 04, 2026
gimp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in GIMP.
Software Description:
- gimp: GNU Image Manipulation Program
Details:
Michael Randrianantenaina discovered that calculating the linear size of a
DDS file could overflow on 32-bit systems. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04
LTS. (CVE-2025-2760)
Michael Randrianantenaina discovered that GIMP did not perform any bounds
checking when calculating an offset into XWD Colormaps. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2025-10934)
It was discovered that GIMP's PNM loader did not sufficiently check that
the image could fit within the allocated memory, which could cause GIMP to
read or write out-of-bounds. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2025-14422)
It was discovered that maliciously-crafted TGA files could cause memory
corruption and leave GIMP in an inconsistent state. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2025-48797)
It was discovered that a maliciously-crafted XCF file could cause GIMP to
free the same memory region twice, or access an already freed address. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2025-48798)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
gimp 2.10.36-3ubuntu0.24.04.1+esm2
Available with Ubuntu Pro
libgimp2.0t64 2.10.36-3ubuntu0.24.04.1+esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
gimp 2.10.30-1ubuntu0.1+esm2
Available with Ubuntu Pro
libgimp2.0 2.10.30-1ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
gimp 2.10.18-1ubuntu0.1+esm2
Available with Ubuntu Pro
libgimp2.0 2.10.18-1ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
gimp 2.8.22-1ubuntu0.1~esm2
Available with Ubuntu Pro
libgimp2.0 2.8.22-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
gimp 2.8.16-1ubuntu1.1+esm2
Available with Ubuntu Pro
libgimp2.0 2.8.16-1ubuntu1.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8075-1
CVE-2025-10934, CVE-2025-14422, CVE-2025-2760, CVE-2025-48797,
CVE-2025-48798
Ubuntu Security Notice USN-8075-1
March 04, 2026
gimp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in GIMP.
Software Description:
- gimp: GNU Image Manipulation Program
Details:
Michael Randrianantenaina discovered that calculating the linear size of a
DDS file could overflow on 32-bit systems. An attacker could possibly use
this issue to cause a denial of service or execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04
LTS. (CVE-2025-2760)
Michael Randrianantenaina discovered that GIMP did not perform any bounds
checking when calculating an offset into XWD Colormaps. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2025-10934)
It was discovered that GIMP's PNM loader did not sufficiently check that
the image could fit within the allocated memory, which could cause GIMP to
read or write out-of-bounds. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2025-14422)
It was discovered that maliciously-crafted TGA files could cause memory
corruption and leave GIMP in an inconsistent state. An attacker could
possibly use this issue to cause a denial of service or execute arbitrary
code. (CVE-2025-48797)
It was discovered that a maliciously-crafted XCF file could cause GIMP to
free the same memory region twice, or access an already freed address. An
attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. (CVE-2025-48798)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
gimp 2.10.36-3ubuntu0.24.04.1+esm2
Available with Ubuntu Pro
libgimp2.0t64 2.10.36-3ubuntu0.24.04.1+esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
gimp 2.10.30-1ubuntu0.1+esm2
Available with Ubuntu Pro
libgimp2.0 2.10.30-1ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
gimp 2.10.18-1ubuntu0.1+esm2
Available with Ubuntu Pro
libgimp2.0 2.10.18-1ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
gimp 2.8.22-1ubuntu0.1~esm2
Available with Ubuntu Pro
libgimp2.0 2.8.22-1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 16.04 LTS
gimp 2.8.16-1ubuntu1.1+esm2
Available with Ubuntu Pro
libgimp2.0 2.8.16-1ubuntu1.1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8075-1
CVE-2025-10934, CVE-2025-14422, CVE-2025-2760, CVE-2025-48797,
CVE-2025-48798
[LSN-0118-1] Linux kernel vulnerability
Linux kernel vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary
Several security issues were fixed in the kernel.
Software Description
- linux - Linux kernel
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-azure - Linux kernel for Microsoft Azure Cloud systems
- linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke - Linux kernel for Google Container Engine (GKE) systems
- linux-ibm - Linux kernel for IBM cloud systems
- linux-oracle - Linux kernel for Oracle Cloud systems
Details
In the Linux kernel, the following vulnerability has been resolved: smb:
client: fix UAF in async decryption Doing an async decryption (large
read) crashes with a slab-use-after-free way down in the crypto API.
(CVE-2024-50047)
In the Linux kernel, the following vulnerability has been resolved:
padata: avoid UAF for reorder_work Although the previous patch can avoid
ps and ps UAF for _do_serial, it can not avoid potential UAF issue for
reorder_work. (CVE-2025-21726)
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix random stack corruption after get_block When get_block is
called with a buffer_head allocated on the stack, such as
do_mpage_readpage, stack corruption due to buffer_head UAF may occur in
the following race condition situation. (CVE-2025-22036)
In the Linux kernel, the following vulnerability has been resolved: smb:
client: fix use-after-free in crypt_message when using async crypto The
CVE-2024-50047 fix removed asynchronous crypto handling from
crypt_message(), assuming all crypto operations are synchronous.
(CVE-2025-38488)
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix Preauh_HashValue race condition If client send multiple
session setup requests to ksmbd, Preauh_HashValue race condition could
happen. (CVE-2025-38561)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/futex: ensure io_futex_wait() cleans up properly on failure The
io_futex_data is allocated upfront and assigned to the io_kiocb
async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at
that point. (CVE-2025-39698)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Initialise scc_index in unix_add_edge(). (CVE-2025-40214)
Update instructions
The problem can be corrected by updating your kernel livepatch to the
following versions:
Ubuntu 20.04 LTS
aws - 118.1
aws - 118.2
azure - 118.1
gcp - 118.1
generic - 118.1
generic - 118.2
ibm - 118.1
lowlatency - 118.1
lowlatency - 118.2
oracle - 118.1
Ubuntu 18.04 LTS
generic - 118.1
generic - 118.2
lowlatency - 118.1
lowlatency - 118.2
Ubuntu 24.04 LTS
aws - 118.1
azure - 118.1
gcp - 118.1
generic - 118.1
ibm - 118.1
oracle - 118.1
Ubuntu 22.04 LTS
aws - 118.1
aws - 118.2
azure - 118.1
gcp - 118.1
gcp - 118.2
generic - 118.1
gke - 118.1
gke - 118.2
ibm - 118.1
ibm - 118.2
oracle - 118.1
Support Information
Livepatches for supported LTS kernels will receive upgrades for a period
of up to 13 months after the build date of the kernel.
Livepatches for supported HWE kernels which are not based on an LTS
kernel version will receive upgrades for a period of up to 9 months
after the build date of the kernel, or until the end of support for that
kernel's non-LTS distro release version, whichever is sooner.
References
- CVE-2024-50047
- CVE-2025-21726
- CVE-2025-22036
- CVE-2025-38488
- CVE-2025-38561
- CVE-2025-39698
- CVE-2025-40214
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary
Several security issues were fixed in the kernel.
Software Description
- linux - Linux kernel
- linux-aws - Linux kernel for Amazon Web Services (AWS) systems
- linux-azure - Linux kernel for Microsoft Azure Cloud systems
- linux-gcp - Linux kernel for Google Cloud Platform (GCP) systems
- linux-gke - Linux kernel for Google Container Engine (GKE) systems
- linux-ibm - Linux kernel for IBM cloud systems
- linux-oracle - Linux kernel for Oracle Cloud systems
Details
In the Linux kernel, the following vulnerability has been resolved: smb:
client: fix UAF in async decryption Doing an async decryption (large
read) crashes with a slab-use-after-free way down in the crypto API.
(CVE-2024-50047)
In the Linux kernel, the following vulnerability has been resolved:
padata: avoid UAF for reorder_work Although the previous patch can avoid
ps and ps UAF for _do_serial, it can not avoid potential UAF issue for
reorder_work. (CVE-2025-21726)
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix random stack corruption after get_block When get_block is
called with a buffer_head allocated on the stack, such as
do_mpage_readpage, stack corruption due to buffer_head UAF may occur in
the following race condition situation. (CVE-2025-22036)
In the Linux kernel, the following vulnerability has been resolved: smb:
client: fix use-after-free in crypt_message when using async crypto The
CVE-2024-50047 fix removed asynchronous crypto handling from
crypt_message(), assuming all crypto operations are synchronous.
(CVE-2025-38488)
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix Preauh_HashValue race condition If client send multiple
session setup requests to ksmbd, Preauh_HashValue race condition could
happen. (CVE-2025-38561)
In the Linux kernel, the following vulnerability has been resolved:
io_uring/futex: ensure io_futex_wait() cleans up properly on failure The
io_futex_data is allocated upfront and assigned to the io_kiocb
async_data field, but the request isn't marked with REQ_F_ASYNC_DATA at
that point. (CVE-2025-39698)
In the Linux kernel, the following vulnerability has been resolved:
af_unix: Initialise scc_index in unix_add_edge(). (CVE-2025-40214)
Update instructions
The problem can be corrected by updating your kernel livepatch to the
following versions:
Ubuntu 20.04 LTS
aws - 118.1
aws - 118.2
azure - 118.1
gcp - 118.1
generic - 118.1
generic - 118.2
ibm - 118.1
lowlatency - 118.1
lowlatency - 118.2
oracle - 118.1
Ubuntu 18.04 LTS
generic - 118.1
generic - 118.2
lowlatency - 118.1
lowlatency - 118.2
Ubuntu 24.04 LTS
aws - 118.1
azure - 118.1
gcp - 118.1
generic - 118.1
ibm - 118.1
oracle - 118.1
Ubuntu 22.04 LTS
aws - 118.1
aws - 118.2
azure - 118.1
gcp - 118.1
gcp - 118.2
generic - 118.1
gke - 118.1
gke - 118.2
ibm - 118.1
ibm - 118.2
oracle - 118.1
Support Information
Livepatches for supported LTS kernels will receive upgrades for a period
of up to 13 months after the build date of the kernel.
Livepatches for supported HWE kernels which are not based on an LTS
kernel version will receive upgrades for a period of up to 9 months
after the build date of the kernel, or until the end of support for that
kernel's non-LTS distro release version, whichever is sooner.
References
- CVE-2024-50047
- CVE-2025-21726
- CVE-2025-22036
- CVE-2025-38488
- CVE-2025-38561
- CVE-2025-39698
- CVE-2025-40214
F45 Change Proposal: Update_xmlsec_to_1_3 [SelfContained]
Wiki: https://fedoraproject.org/wiki/Changes/Update_xmlsec_to_1_3
Discussion Thread: https://discussion.fedoraproject.org/t/182444
**This is a proposed Change for Fedora Linux.**
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
== Summary ==
This change brings xmlsec 1.3.x into Fedora. Version 1.3 is not backward compatible with 1.2.
== Owner ==
* Name: [[User:thalman| Tomas Halman]]
* Email: thalman@redhat.com
== Detailed Description ==
Update of xmlsec to 1.3.9 brings new and actively developed version into the Fedora. This version changes some interfaces and it is not backward compatible.
This change requires rebuild and/or update of depending packages:
* aqbanking
* lasso
* libdigidocpp
* libpskc
* libreoffice
* mod_auth_mellon
* nordugrid-arc
* open-vm-tools
* openscap
== Feedback ==
== Benefit to Fedora ==
Version 1.3 is actively developed and receives new features like new cyphers. Old version is just maintained.
== Scope ==
* Proposal owners:
* Other developers:
* Release engineering: [https://forge.fedoraproject.org/releng/tickets/issues #Releng issue number]
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with the Fedora Strategy:
== Upgrade/compatibility impact ==
No manual configuration changes are needed or expected.
== Early Testing (Optional) ==
Do you require 'QA Blueprint' support? No
== How To Test ==
* No special hardware needed
* Packages will be tested by their owners
* We will use a copr repository for building and testing depended packages
* All applications work the same as before change.
== User Experience ==
Users should obtain new cypher suites, but this is not typically noticed by users. But application may move defaults to more modern and safe ciphers.
== Dependencies ==
Here is list of packages depending on xmlsec1
* aqbanking
* lasso
* libdigidocpp
* libpskc
* libreoffice-core
* mod_auth_mellon
* nordugrid-arc
* open-vm-tools
* openscap
== Contingency Plan ==
* Contingency mechanism: If we found a blocker in depended component, we will create new package (xmlsec12) with the 1.2 version and component not possible to update will compile against old version for now. That might be a bit more work and we might postpone the change for next version of Fedora.
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change), Yes/No
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
\n
Discussion Thread: https://discussion.fedoraproject.org/t/182444
**This is a proposed Change for Fedora Linux.**
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.
== Summary ==
This change brings xmlsec 1.3.x into Fedora. Version 1.3 is not backward compatible with 1.2.
== Owner ==
* Name: [[User:thalman| Tomas Halman]]
* Email: thalman@redhat.com
== Detailed Description ==
Update of xmlsec to 1.3.9 brings new and actively developed version into the Fedora. This version changes some interfaces and it is not backward compatible.
This change requires rebuild and/or update of depending packages:
* aqbanking
* lasso
* libdigidocpp
* libpskc
* libreoffice
* mod_auth_mellon
* nordugrid-arc
* open-vm-tools
* openscap
== Feedback ==
== Benefit to Fedora ==
Version 1.3 is actively developed and receives new features like new cyphers. Old version is just maintained.
== Scope ==
* Proposal owners:
* Other developers:
* Release engineering: [https://forge.fedoraproject.org/releng/tickets/issues #Releng issue number]
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with the Fedora Strategy:
== Upgrade/compatibility impact ==
No manual configuration changes are needed or expected.
== Early Testing (Optional) ==
Do you require 'QA Blueprint' support? No
== How To Test ==
* No special hardware needed
* Packages will be tested by their owners
* We will use a copr repository for building and testing depended packages
* All applications work the same as before change.
== User Experience ==
Users should obtain new cypher suites, but this is not typically noticed by users. But application may move defaults to more modern and safe ciphers.
== Dependencies ==
Here is list of packages depending on xmlsec1
* aqbanking
* lasso
* libdigidocpp
* libpskc
* libreoffice-core
* mod_auth_mellon
* nordugrid-arc
* open-vm-tools
* openscap
== Contingency Plan ==
* Contingency mechanism: If we found a blocker in depended component, we will create new package (xmlsec12) with the 1.2 version and component not possible to update will compile against old version for now. That might be a bit more work and we might postpone the change for next version of Fedora.
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change), Yes/No
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
\n
Subscribe to:
Comments (Atom)