@ubuntu.com.security.notices.rss.xml@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
Recent content on Ubuntu security notices
Site URL: ubuntu.com/security/notices/rss.xml
Feed URL: ubuntu.com/security/notices/rss.xml
Posts: 23
Followers: 1
USN-8195-3: PackageKit vulnerability
https://ubuntu.com/security/notices/USN-8195-3
Published: April 29, 2026 08:59
USN-8195-1 fixed a vulnerability in PackageKit. This update provides the corresponding fix to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that PackageKit incorrectly handled certain transactions.…
USN-8221-1: wheel vulnerability
https://ubuntu.com/security/notices/USN-8221-1
Published: April 29, 2026 00:11
It was discovered that wheel did not correctly handle certain file paths. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to execute arbitrary code.
USN-8198-2: Tornado vulnerabilities
https://ubuntu.com/security/notices/USN-8198-2
Published: April 28, 2026 19:27
USN-8198-1 fixed vulnerabilities in Tornado. This update provides the corresponding updates for Ubuntu 26.04 LTS. Original advisory details: It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could…
USN-8219-1: UltraJSON vulnerabilities
https://ubuntu.com/security/notices/USN-8219-1
Published: April 28, 2026 17:32
Cameron Criswell discovered that UltraJSON contained a memory leak that would occur when parsing large integers. An attacker could possibly use this issue to cause UltraJSON to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04…
USN-8185-2: Linux kernel (Low Latency NVIDIA) vulnerabilities
https://ubuntu.com/security/notices/USN-8185-2
Published: April 28, 2026 16:30
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this…
USN-8190-2: Rack::Session vulnerability
https://ubuntu.com/security/notices/USN-8190-2
Published: April 28, 2026 13:51
USN-8190-1 fixed a vulnerability in Rack::Session. This update provides the corresponding update for Ubuntu 26.04 LTS. Original advisory details: SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A…
USN-8136-2: Dovecot regression
https://ubuntu.com/security/notices/USN-8136-2
Published: April 28, 2026 12:52
USN-8136-1 fixed vulnerabilities in Dovecot. The update caused a regression on Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Dovecot…
USN-8214-1: NLTK vulnerability
https://ubuntu.com/security/notices/USN-8214-1
Published: April 28, 2026 08:10
It was discovered that NLTK incorrectly handled file extraction when opening a maliciously crafted zip file. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code.
USN-8202-2: jq vulnerabilities
https://ubuntu.com/security/notices/USN-8202-2
Published: April 28, 2026 04:18
USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this…
USN-8213-1: Vim vulnerabilities
https://ubuntu.com/security/notices/USN-8213-1
Published: April 27, 2026 20:30
Michał Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-35177) …
USN-8212-1: authd vulnerability
https://ubuntu.com/security/notices/USN-8212-1
Published: April 27, 2026 15:39
It was discovered that authd incorrectly assigned the primary group ID to users under certain conditions. A local attacker could possibly use this issue to achieve privilege escalation, or gain unauthorized access to files belonging to other users.
USN-8180-5: Linux kernel (IBM) vulnerabilities
https://ubuntu.com/security/notices/USN-8180-5
Published: April 24, 2026 09:40
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; -…
USN-8206-1: OpenMPT vulnerability
https://ubuntu.com/security/notices/USN-8206-1
Published: April 23, 2026 16:05
Antonio Morales Maldonado discovered that OpenMPT did not properly limit the length of strings in certain cases, leading to a buffer overflow. An attacker could possibly use this issue to cause OpenMPT to crash, resulting in a denial of service.
USN-8180-4: Linux kernel (Azure FIPS) vulnerabilities
https://ubuntu.com/security/notices/USN-8180-4
Published: April 23, 2026 10:16
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; -…
USN-8180-3: Linux kernel vulnerabilities
https://ubuntu.com/security/notices/USN-8180-3
Published: April 23, 2026 10:08
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Drivers core; -…
USN-8204-1: Linux kernel (Raspberry Pi Real-time) vulnerabilities
https://ubuntu.com/security/notices/USN-8204-1
Published: April 23, 2026 10:00
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this…
USN-8203-1: Linux kernel (Oracle) vulnerabilities
https://ubuntu.com/security/notices/USN-8203-1
Published: April 23, 2026 09:52
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this…
USN-8179-3: Linux kernel vulnerabilities
https://ubuntu.com/security/notices/USN-8179-3
Published: April 23, 2026 09:41
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this…
USN-8183-2: Linux kernel vulnerabilities
https://ubuntu.com/security/notices/USN-8183-2
Published: April 23, 2026 09:27
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this…
USN-8201-1: Linux kernel (Azure) vulnerabilities
https://ubuntu.com/security/notices/USN-8201-1
Published: April 22, 2026 19:09
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of…
USN-8200-2: Linux kernel (FIPS) vulnerabilities
https://ubuntu.com/security/notices/USN-8200-2
Published: April 22, 2026 18:24
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C…
USN-8200-1: Linux kernel vulnerabilities
https://ubuntu.com/security/notices/USN-8200-1
Published: April 22, 2026 18:15
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C…
USN-8198-1: Tornado vulnerabilities
https://ubuntu.com/security/notices/USN-8198-1
Published: April 22, 2026 17:52
It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-31958) It was discovered that Tornado did not properly validate characters in…