Hi all, Today, 2026-05-13, we have removed inactive packagers from the packager group. This is in accordance with the FESCo policy on inactive packagers: https://docs.fedoraproject.org/en-US/fesco/Policy_for_inactive_packagers/ If the removed user is 'main admin' for a package, this package will be orphaned. If there are co-maintainers for the package, one of them should take the role of 'main admin', by clicking "✋ Take" on `https://src.fedoraproject.org/rpms/<package>`". Otherwise any packager may take the package while it's orphaned. After 6 weeks, the package will be retired. After another 8 weeks, a new review is needed to unretire it. see https://docs.fedoraproject.org/en-US/fesco/Policy_for_orphan_and_retired_packages/ for more details. More details available in https://forge.fedoraproject.org/infra/tickets/issues/13321 Packages that have been orphaned are: rpms/abootimg rpms/cekit rpms/c-graph rpms/cgreen rpms/conserver rpms/fastbit rpms/fluent-bit rpms/golang-github-vincent-petithory-dataurl rpms/grim rpms/haproxy rpms/ipvsadm rpms/keepalived rpms/kobo rpms/L-function rpms/lgogdownloader rpms/libjaylink rpms/mod_gnutls rpms/mongoose rpms/openocd rpms/osm-gps-map rpms/palp rpms/php-gettext-gettext rpms/php-gettext-languages rpms/php-manual-en rpms/pinentry rpms/plotutils rpms/pyjwkest rpms/python-amqp rpms/python-dandischema rpms/python-datetimerange rpms/python-docker-squash rpms/python-fastpurge rpms/python-linux-procfs rpms/python-mbstrdecoder rpms/python-more-executors rpms/python-persist-queue rpms/python-pyjwkest rpms/python-retryz rpms/python-schedutils rpms/python-tftpy rpms/python-typepy rpms/python-zarr-checksum rpms/rgbds rpms/rpmgrill rpms/rubygem-xmlparser rpms/rust-derive-new rpms/rust-fend-core rpms/rust-lifeguard rpms/rust-mock_instant rpms/rust-psl rpms/rust-rspec rpms/rust-topological-sort rpms/sdcc rpms/slashem rpms/slurp rpms/sslh rpms/sugar rpms/sugar-artwork rpms/sugar-browse rpms/sugar-log rpms/sugar-read rpms/sugar-toolkit-gtk3 rpms/suitesparse rpms/telepathy-gabble rpms/trash-cli rpms/tuna rpms/webrtc-audio-processing rpms/xedit rpms/xorgxrdp -- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
Wednesday, May 13, 2026
F44 election nominations now open
--
TZ=America/Atlanta (UTC-4) 🕗
While I may be sending this email outside my normal office hours, I have no expectation to receive a reply outside yours.
-- _______________________________________________ announce mailing list -- announce@lists.fedoraproject.org To unsubscribe send an email to announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
F44 election nominations now open
--
TZ=America/Atlanta (UTC-4) 🕗
While I may be sending this email outside my normal office hours, I have no expectation to receive a reply outside yours.
-- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
[USN-8268-1] Dnsmasq vulnerabilities
========================================================================== Ubuntu Security Notice USN-8268-1 May 12, 2026 dnsmasq vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Dnsmasq. Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server Details: Andrew S. Fasano, Royce M, and Hugo Martinez Ray discovered that Dnsmasq did not allocate the necessary space to store domain names in some contexts. An attacker could possibly use this issue to write out-of-bounds, and could cause a denial of service or execute arbitrary code. (CVE-2026-2291) Royce M discovered that Dnsmasq could loop infinitely due to erroneously missing the window header. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-4890) Royce M discovered that a maliciously crafted packet could cause Dnsmasq to report a negative length. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-4891) Royce M and Asim Viladi Oglu Manizada discovered that certain configurations of Dnsmasq could write over the DHCPv6 CLID buffer within a privileged helper. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-4892) Royce M discovered that certain configurations of Dnsmasq could bypass internal bounds checks. An attacker could possibly use this issue to permit malformed packets, and could cause a denial of service. (CVE-2026-4893) Hugo Martinez discovered that Dnsmasq did not check the rdlen element of a record. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS. (CVE-2026-5172) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS dnsmasq 2.92-1ubuntu0.2 Ubuntu 25.10 dnsmasq 2.91-1ubuntu0.2 Ubuntu 24.04 LTS dnsmasq 2.90-2ubuntu0.3 Ubuntu 22.04 LTS dnsmasq 2.90-0ubuntu0.22.04.3 Ubuntu 20.04 LTS dnsmasq 2.90-0ubuntu0.20.04.1+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS dnsmasq 2.90-0ubuntu0.18.04.1+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS dnsmasq 2.90-0ubuntu0.16.04.1+esm3 Available with Ubuntu Pro Ubuntu 14.04 LTS dnsmasq 2.68-1ubuntu0.2+esm5 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8268-1 CVE-2026-2291, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, CVE-2026-5172 Package Information: https://launchpad.net/ubuntu/+source/dnsmasq/2.92-1ubuntu0.2 https://launchpad.net/ubuntu/+source/dnsmasq/2.91-1ubuntu0.2 https://launchpad.net/ubuntu/+source/dnsmasq/2.90-2ubuntu0.3 https://launchpad.net/ubuntu/+source/dnsmasq/2.90-0ubuntu0.22.04.3
[announce] TONIGHT: Steve Bourne on Shell
**NOTE that the meeting has been moved to 730 PM EDT and not the usual 645 PM EDT** (but coming earlier is fine) The Design of Unix Shell, Stephen R. Bourne 2026-05-13 @ 19:30 EDT (23:30 UTC) - Backroom of Brass Monkey 55 Little West 12th St Remote participation: Plans are to stream via NYC*BUG website. Q&A will be via IRC on libera.chat channel #nycbug - please preface your questions with '[Q]'. Some relevant reading for the meeting might be Stephen’s 1978 piece in The Bell System Technical Journal entitled “UNIX Time-Sharing System: The UNIX Shell” https://archive.org/details/bstj57-6-1971 (Bell System Technical Journal, Vol 57, No 6, 1978). Steve Bourne is internationally known for his work on the UNIX operating system. During his career he spent 20 years in senior engineering management positions at computer systems and networking companies. These included Cisco Systems, Sun Microsystems, Digital Equipment and Silicon Graphics. Since 2000 he has been Chief Technology Officer at El Dorado Ventures (now Rally Ventures) in Menlo Park, California. He is past chair of the ACM Queue board, a magazine that he started in 2003 for software practitioners. Steve spent nine years at Bell Laboratories as a member of the Seventh Edition UNIX team. He designed the UNIX Command Language sh or “Bourne Shell” which is used for scripting in the UNIX programming environment and he wrote the adb debugger tool. His book “The UNIX System” was widely read and published in 1983. Nearest NYC Subway is the 14th Street/Eighth Avenue station L, A, C, E. To get to the backroom, you must enter the front door, follow the long bar on your left, and walk all the way to the back. At the rear of the BrassMonkey, you will see an alcove for the 3 bathrooms our room is off to your right. _______________________________________________ announce mailing list announce@lists.nycbug.org https://lists.nycbug.org:8443/mailman/listinfo/announce
Tuesday, May 12, 2026
[announce] May 13 Stephen Bourne (now 730 PM EDT)
**NOTE that the meeting has been moved to 730 PM EDT and not the usual 645 PM EDT** The Design of Unix Shell, Stephen R. Bourne 2026-05-13 @ 19:30 EDT (23:30 UTC) - Backroom of Brass Monkey 55 Little West 12th St Remote participation: Plans are to stream via NYC*BUG website. Q&A will be via IRC on libera.chat channel #nycbug - please preface your questions with '[Q]'. Some relevant reading for the meeting might be Stephen’s 1978 piece in The Bell System Technical Journal entitled “UNIX Time-Sharing System: The UNIX Shell” https://archive.org/details/bstj57-6-1971 (Bell System Technical Journal, Vol 57, No 6, 1978). Steve Bourne is internationally known for his work on the UNIX operating system. During his career he spent 20 years in senior engineering management positions at computer systems and networking companies. These included Cisco Systems, Sun Microsystems, Digital Equipment and Silicon Graphics. Since 2000 he has been Chief Technology Officer at El Dorado Ventures (now Rally Ventures) in Menlo Park, California. He is past chair of the ACM Queue board, a magazine that he started in 2003 for software practitioners. Steve spent nine years at Bell Laboratories as a member of the Seventh Edition UNIX team. He designed the UNIX Command Language sh or “Bourne Shell” which is used for scripting in the UNIX programming environment and he wrote the adb debugger tool. His book “The UNIX System” was widely read and published in 1983. Nearest NYC Subway is the 14th Street/Eighth Avenue station L, A, C, E. To get to the backroom, you must enter the front door, follow the long bar on your left, and walk all the way to the back. At the rear of the BrassMonkey, you will see an alcove for the 3 bathrooms our room is off to your right. _______________________________________________ announce mailing list announce@lists.nycbug.org https://lists.nycbug.org:8443/mailman/listinfo/announce
[USN-8270-1] Exim vulnerability
========================================================================== Ubuntu Security Notice USN-8270-1 May 12, 2026 exim4 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Exim could be made to crash or run programs if it received specially crafted network traffic. Software Description: - exim4: Exim is a mail transport agent Details: It was discovered that Exim incorrectly handled BDAT body parsing. A remote attacker could use this issue to cause Exim to crash, resulting in a denial of service, or possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS exim4 4.99.1-1ubuntu1.2 exim4-base 4.99.1-1ubuntu1.2 eximon4 4.99.1-1ubuntu1.2 Ubuntu 25.10 exim4 4.98.2-1ubuntu2.2 exim4-base 4.98.2-1ubuntu2.2 eximon4 4.98.2-1ubuntu2.2 Ubuntu 24.04 LTS exim4 4.97-4ubuntu4.5 exim4-base 4.97-4ubuntu4.5 eximon4 4.97-4ubuntu4.5 Ubuntu 22.04 LTS exim4 4.95-4ubuntu2.8 exim4-base 4.95-4ubuntu2.8 eximon4 4.95-4ubuntu2.8 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8270-1 https://launchpad.net/bugs/2152202 Package Information: https://launchpad.net/ubuntu/+source/exim4/4.99.1-1ubuntu1.2 https://launchpad.net/ubuntu/+source/exim4/4.98.2-1ubuntu2.2 https://launchpad.net/ubuntu/+source/exim4/4.97-4ubuntu4.5 https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.8
[USN-8263-1] ImageMagick vulnerabilities
========================================================================== Ubuntu Security Notice USN-8263-1 May 11, 2026 imagemagick vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in ImageMagick. Software Description: - imagemagick: Image manipulation programs and library Details: It was discovered that ImageMagick incorrectly handled certain malformed image files in certain instances. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could possibly use these issues to cause a denial of service or possibly execute code. These issues only affected Ubuntu 14.04 LTS. (CVE-2018-15607, CVE-2018-18544, CVE-2019-13137, CVE-2019-13391, CVE-2019-13391) It was discovered that ImageMagick incorrectly handled certain malformed image files in certain instances. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could possibly use these issues to cause a denial of service or possibly execute code. (CVE-2026-24481, CVE-2026-24484, CVE-2026-24485, CVE-2026-25576, CVE-2026-25638, CVE-2026-25797, CVE-2026-25965) It was discovered that ImageMagick incorrectly handled certain malformed image files in certain instances. If a user or automated system using ImageMagick were tricked into opening a specifically crafted image, an attacker could possibly use these issues to cause a denial of service or possibly execute code. These issues only affected Ubuntu 25.10. (CVE-2026-25637, CVE-2026-25794, CVE-2026-25795, CVE-2026-25796, CVE-2026-25797, CVE-2026-25798, CVE-2026-25799, CVE-2026-25897, CVE-2026-25898) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 imagemagick-7.q16 8:7.1.2.3+dfsg1-1ubuntu0.1 imagemagick-7.q16hdri 8:7.1.2.3+dfsg1-1ubuntu0.1 libmagick++-7.q16-5 8:7.1.2.3+dfsg1-1ubuntu0.1 libmagick++-7.q16hdri-5 8:7.1.2.3+dfsg1-1ubuntu0.1 libmagickcore-7.q16-10 8:7.1.2.3+dfsg1-1ubuntu0.1 libmagickcore-7.q16-10-extra 8:7.1.2.3+dfsg1-1ubuntu0.1 libmagickcore-7.q16hdri-10 8:7.1.2.3+dfsg1-1ubuntu0.1 libmagickcore-7.q16hdri-10-extra 8:7.1.2.3+dfsg1-1ubuntu0.1 libmagickwand-7.q16-10 8:7.1.2.3+dfsg1-1ubuntu0.1 libmagickwand-7.q16hdri-10 8:7.1.2.3+dfsg1-1ubuntu0.1 Ubuntu 24.04 LTS imagemagick-6.q16 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9 Available with Ubuntu Pro libmagick++-6-headers 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9 Available with Ubuntu Pro libmagick++-6.q16-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9 Available with Ubuntu Pro libmagick++-6.q16hdri-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9 Available with Ubuntu Pro libmagickcore-6.q16-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9 Available with Ubuntu Pro libmagickcore-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9 Available with Ubuntu Pro libmagickcore-6.q16hdri-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9 Available with Ubuntu Pro libmagickcore-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9 Available with Ubuntu Pro libmagickwand-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9 Available with Ubuntu Pro libmagickwand-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9 Available with Ubuntu Pro Ubuntu 22.04 LTS imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10 Available with Ubuntu Pro libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10 Available with Ubuntu Pro libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10 Available with Ubuntu Pro libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10 Available with Ubuntu Pro libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10 Available with Ubuntu Pro libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10 Available with Ubuntu Pro libmagickcore-6.q16hdri-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10 Available with Ubuntu Pro libmagickwand-6-headers 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10 Available with Ubuntu Pro libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10 Available with Ubuntu Pro libmagickwand-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10 Available with Ubuntu Pro Ubuntu 20.04 LTS imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10 Available with Ubuntu Pro libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10 Available with Ubuntu Pro libmagick++-6.q16hdri-8 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10 Available with Ubuntu Pro libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10 Available with Ubuntu Pro libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10 Available with Ubuntu Pro libmagickcore-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10 Available with Ubuntu Pro libmagickcore-6.q16hdri-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10 Available with Ubuntu Pro libmagickwand-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10 Available with Ubuntu Pro libmagickwand-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10 Available with Ubuntu Pro Ubuntu 18.04 LTS imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm12 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm12 Available with Ubuntu Pro libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm12 Available with Ubuntu Pro libmagick++-6.q16hdri-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm12 Available with Ubuntu Pro libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12 Available with Ubuntu Pro libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm12 Available with Ubuntu Pro libmagickcore-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12 Available with Ubuntu Pro libmagickcore-6.q16hdri-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm12 Available with Ubuntu Pro libmagickwand-6-headers 8:6.9.7.4+dfsg-16ubuntu6.15+esm12 Available with Ubuntu Pro libmagickwand-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12 Available with Ubuntu Pro libmagickwand-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12 Available with Ubuntu Pro Ubuntu 16.04 LTS imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm20 Available with Ubuntu Pro libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm20 Available with Ubuntu Pro libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm20 Available with Ubuntu Pro libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm20 Available with Ubuntu Pro libmagickwand-6-headers 8:6.8.9.9-7ubuntu5.16+esm20 Available with Ubuntu Pro libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm20 Available with Ubuntu Pro Ubuntu 14.04 LTS libmagick++5 8:6.7.7.10-6ubuntu3.13+esm21 Available with Ubuntu Pro libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm21 Available with Ubuntu Pro libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm21 Available with Ubuntu Pro libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm21 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8263-1 CVE-2026-24481, CVE-2026-24484, CVE-2026-24485, CVE-2026-25576, CVE-2026-25637, CVE-2026-25638, CVE-2026-25794, CVE-2026-25795, CVE-2026-25796, CVE-2026-25797, CVE-2026-25798, CVE-2026-25799, CVE-2026-25897, CVE-2026-25898, CVE-2026-25965 Package Information: https://launchpad.net/ubuntu/+source/imagemagick/8:7.1.2.3+dfsg1-1ubuntu0.1
Monday, May 11, 2026
[USN-8267-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-8267-1 May 11, 2026 linux-azure, linux-azure-fips, linux-oracle vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure-fips: Linux kernel for Microsoft Azure Cloud systems with FIPS - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-oracle: Linux kernel for Oracle Cloud systems Details: Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853, CVE-2026-23268, CVE-2026-23269, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23410, CVE-2026-23411) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - Network drivers; - UDF file system; - NFC subsystem; - Network traffic control; - Sun RPC protocol; - XFRM subsystem; (CVE-2024-27388, CVE-2024-46777, CVE-2024-46816, CVE-2024-49938, CVE-2024-50008, CVE-2024-50142, CVE-2025-21735, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074, CVE-2026-23209) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-image-4.15.0-2109-azure-fips 4.15.0-2109.115 Available with Ubuntu Pro linux-image-azure-fips 4.15.0.2109.105 Available with Ubuntu Pro linux-image-azure-fips-4.15 4.15.0.2109.105 Available with Ubuntu Pro Ubuntu 16.04 LTS linux-image-4.15.0-1153-oracle 4.15.0-1153.164~16.04.1 Available with Ubuntu Pro linux-image-4.15.0-1200-azure 4.15.0-1200.215~16.04.1 Available with Ubuntu Pro linux-image-azure 4.15.0.1200.215~16.04.1 Available with Ubuntu Pro linux-image-oracle 4.15.0.1153.164~16.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8267-1 https://launchpad.net/bugs/2143853 CVE-2024-27388, CVE-2024-46777, CVE-2024-46816, CVE-2024-49938, CVE-2024-50008, CVE-2024-50142, CVE-2025-21735, CVE-2025-37849, CVE-2026-23060, CVE-2026-23074, CVE-2026-23209, CVE-2026-23268, CVE-2026-23269, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23410, CVE-2026-23411 Package Information: https://launchpad.net/ubuntu/+source/linux-azure-fips/4.15.0-2109.115
[USN-8266-1] Linux kernel vulnerabilities
========================================================================== Ubuntu Security Notice USN-8266-1 May 11, 2026 linux, linux-aws, linux-aws-fips, linux-aws-hwe, linux-azure-4.15, linux-fips, linux-gcp, linux-gcp-4.15, linux-gcp-fips, linux-hwe, linux-kvm, linux-oracle vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-aws-fips: Linux kernel for Amazon Web Services (AWS) systems with FIPS - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-fips: Linux kernel with FIPS - linux-gcp-4.15: Linux kernel for Google Cloud Platform (GCP) systems - linux-gcp-fips: Linux kernel for Google Cloud Platform (GCP) systems with FIPS - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud systems - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853, CVE-2026-23268, CVE-2026-23269, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23410, CVE-2026-23411) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - GPU drivers; - Network drivers; - Sun RPC protocol; - XFRM subsystem; (CVE-2024-27388, CVE-2024-46816, CVE-2024-49938, CVE-2024-50008, CVE-2024-50142, CVE-2026-23209) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS linux-image-4.15.0-1146-fips 4.15.0-1146.158 Available with Ubuntu Pro linux-image-4.15.0-1153-oracle 4.15.0-1153.164 Available with Ubuntu Pro linux-image-4.15.0-1173-kvm 4.15.0-1173.178 Available with Ubuntu Pro linux-image-4.15.0-1184-gcp 4.15.0-1184.201 Available with Ubuntu Pro linux-image-4.15.0-1191-aws 4.15.0-1191.204 Available with Ubuntu Pro linux-image-4.15.0-1200-azure 4.15.0-1200.215 Available with Ubuntu Pro linux-image-4.15.0-2092-gcp-fips 4.15.0-2092.98 Available with Ubuntu Pro linux-image-4.15.0-2129-aws-fips 4.15.0-2129.135 Available with Ubuntu Pro linux-image-4.15.0-249-generic 4.15.0-249.261 Available with Ubuntu Pro linux-image-4.15.0-249-lowlatency 4.15.0-249.261 Available with Ubuntu Pro linux-image-aws-4.15 4.15.0.1191.189 Available with Ubuntu Pro linux-image-aws-fips 4.15.0.2129.123 Available with Ubuntu Pro linux-image-aws-fips-4.15 4.15.0.2129.123 Available with Ubuntu Pro linux-image-aws-lts-18.04 4.15.0.1191.189 Available with Ubuntu Pro linux-image-azure-4.15 4.15.0.1200.168 Available with Ubuntu Pro linux-image-azure-lts-18.04 4.15.0.1200.168 Available with Ubuntu Pro linux-image-fips 4.15.0.1146.143 Available with Ubuntu Pro linux-image-gcp-4.15 4.15.0.1184.197 Available with Ubuntu Pro linux-image-gcp-fips 4.15.0.2092.90 Available with Ubuntu Pro linux-image-gcp-fips-4.15 4.15.0.2092.90 Available with Ubuntu Pro linux-image-gcp-lts-18.04 4.15.0.1184.197 Available with Ubuntu Pro linux-image-generic 4.15.0.249.233 Available with Ubuntu Pro linux-image-kvm 4.15.0.1173.164 Available with Ubuntu Pro linux-image-lowlatency 4.15.0.249.233 Available with Ubuntu Pro linux-image-oracle-4.15 4.15.0.1153.158 Available with Ubuntu Pro linux-image-oracle-lts-18.04 4.15.0.1153.158 Available with Ubuntu Pro linux-image-virtual 4.15.0.249.233 Available with Ubuntu Pro Ubuntu 16.04 LTS linux-image-4.15.0-1184-gcp 4.15.0-1184.201~16.04.1 Available with Ubuntu Pro linux-image-4.15.0-1191-aws 4.15.0-1191.204~16.04.1 Available with Ubuntu Pro linux-image-4.15.0-249-generic 4.15.0-249.261~16.04.1 Available with Ubuntu Pro linux-image-4.15.0-249-lowlatency 4.15.0-249.261~16.04.1 Available with Ubuntu Pro linux-image-aws-hwe 4.15.0.1191.204~16.04.1 Available with Ubuntu Pro linux-image-gcp 4.15.0.1184.201~16.04.1 Available with Ubuntu Pro linux-image-generic-hwe-16.04 4.15.0.249.261~16.04.1 Available with Ubuntu Pro linux-image-gke 4.15.0.1184.201~16.04.1 Available with Ubuntu Pro linux-image-lowlatency-hwe-16.04 4.15.0.249.261~16.04.1 Available with Ubuntu Pro linux-image-oem 4.15.0.249.261~16.04.1 Available with Ubuntu Pro linux-image-virtual-hwe-16.04 4.15.0.249.261~16.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8266-1 https://launchpad.net/bugs/2143853 CVE-2024-27388, CVE-2024-46816, CVE-2024-49938, CVE-2024-50008, CVE-2024-50142, CVE-2026-23209, CVE-2026-23268, CVE-2026-23269, CVE-2026-23403, CVE-2026-23404, CVE-2026-23405, CVE-2026-23410, CVE-2026-23411
[USN-8255-2] Linux kernel (Azure) vulnerabilities
========================================================================== Ubuntu Security Notice USN-8255-2 May 11, 2026 linux-azure-5.15 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure-5.15: Linux kernel for Microsoft Azure cloud systems Details: Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; (CVE-2026-23112, CVE-2026-23273) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS linux-image-5.15.0-1111-azure 5.15.0-1111.120~20.04.1 Available with Ubuntu Pro linux-image-azure 5.15.0.1111.120~20.04.1 Available with Ubuntu Pro linux-image-azure-5.15 5.15.0.1111.120~20.04.1 Available with Ubuntu Pro linux-image-azure-cvm 5.15.0.1111.120~20.04.1 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8255-2 https://ubuntu.com/security/notices/USN-8255-1 CVE-2023-2640, CVE-2023-32629, CVE-2026-23112, CVE-2026-23273
[USN-8254-2] Linux kernel (NVIDIA) vulnerabilities
========================================================================== Ubuntu Security Notice USN-8254-2 May 11, 2026 linux-nvidia, linux-nvidia-6.8, linux-nvidia-lowlatency vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-nvidia: Linux kernel for NVIDIA systems - linux-nvidia-lowlatency: Linux low latency kernel for NVIDIA systems - linux-nvidia-6.8: Linux kernel for NVIDIA systems Details: Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; - Netfilter; (CVE-2026-23112, CVE-2026-23231, CVE-2026-23273) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS linux-image-6.8.0-1052-nvidia 6.8.0-1052.55 linux-image-6.8.0-1052-nvidia-64k 6.8.0-1052.55 linux-image-6.8.0-1052-nvidia-lowlatency 6.8.0-1052.55.1 linux-image-6.8.0-1052-nvidia-lowlatency-64k 6.8.0-1052.55.1 linux-image-nvidia 6.8.0-1052.55 linux-image-nvidia-6.8 6.8.0-1052.55 linux-image-nvidia-64k 6.8.0-1052.55 linux-image-nvidia-64k-6.8 6.8.0-1052.55 linux-image-nvidia-lowlatency 6.8.0-1052.55.1 linux-image-nvidia-lowlatency-6.8 6.8.0-1052.55.1 linux-image-nvidia-lowlatency-64k 6.8.0-1052.55.1 linux-image-nvidia-lowlatency-64k-6.8 6.8.0-1052.55.1 Ubuntu 22.04 LTS linux-image-6.8.0-1052-nvidia 6.8.0-1052.55~22.04.1 linux-image-6.8.0-1052-nvidia-64k 6.8.0-1052.55~22.04.1 linux-image-nvidia-6.8 6.8.0-1052.55~22.04.1 linux-image-nvidia-64k-6.8 6.8.0-1052.55~22.04.1 linux-image-nvidia-64k-hwe-22.04 6.8.0-1052.55~22.04.1 linux-image-nvidia-hwe-22.04 6.8.0-1052.55~22.04.1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-8254-2 https://ubuntu.com/security/notices/USN-8254-1 CVE-2026-23112, CVE-2026-23231, CVE-2026-23273 Package Information: https://launchpad.net/ubuntu/+source/linux-nvidia/6.8.0-1052.55 https://launchpad.net/ubuntu/+source/linux-nvidia-lowlatency/6.8.0-1052.55.1 https://launchpad.net/ubuntu/+source/linux-nvidia-6.8/6.8.0-1052.55~22.04.1