<?xml version='1.0' encoding='UTF-8'?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0"><channel><title>Ubuntu security notices</title><link>https://ubuntu.com/security/notices/rss.xml</link><description>Recent content on Ubuntu security notices</description><atom:link href="https://ubuntu.com/security/notices/rss.xml" rel="self"/><copyright>2026 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.</copyright><docs>http://www.rssboard.org/rss-specification</docs><generator>Feedgen</generator><lastBuildDate>Tue, 14 Jul 2026 09:53:22 +0000</lastBuildDate><item><title>USN-8535-1: PipeWire vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8535-1</link><description>It was discovered that PipeWire accepted unbounded Content-Length values
in its RAOP module. A remote attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 24.04 LTS.
(CVE-2026-14324)

It was discovered that PipeWire performed multiple unbounded stack
allocations in its PulseAudio protocol server. A local attacker could
possibly use this issue to cause a denial of service. (CVE-2026-14330)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8535-1</guid><pubDate>Mon, 13 Jul 2026 15:54:16 +0000</pubDate></item><item><title>USN-8534-1: LibreOffice vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8534-1</link><description>It was discovered that LibreOffice incorrectly handled importing DXF
drawings. An attacker could use this issue to cause LibreOffice to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-6039)

It was discovered that LibreOffice incorrectly handled certain ODF number
formats. An attacker could use this issue to cause LibreOffice to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-6040)

It was discovered that LibreOffice incorrectly handled importing EMF+
graphics. An attacker could use this issue to cause LibreOffice to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-6045)

It was discovered that LibreOffice incorrectly handled importing PPT
presentations. An attacker could use this issue to cause LibreOffice to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2026-8356)

It was discovered that LibreOffice Calc incorrectly handled compiling
certain formulas. An attacker could use this issue to cause LibreOffice to
crash, resulting in a denial of service, or possily execute arbitrary code.
(CVE-2026-8357)

It was discovered that LibreOffice Calc incorrectly handled importing
spreadsheet tracked changes. An attacker could use this issue to cause
LibreOffice to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2026-8358)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8534-1</guid><pubDate>Mon, 13 Jul 2026 15:04:25 +0000</pubDate></item><item><title>USN-8533-1: OpenSSH vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8533-1</link><description>It was discovered that OpenSSH sftp did not properly constrain the location
of downloaded files when connecting to an attacker-controlled server. An
attacker could possibly use this issue to write files to unintended
locations on the file system. (CVE-2026-59995)

It was discovered that OpenSSH scp could place files in the parent
directory of the intended destination when copying between two remote
hosts. An attacker could possibly use this issue to write files to
unintended locations. (CVE-2026-59996)

It was discovered that OpenSSH internal-sftp only recognized the first nine
command-line arguments, This could result in certain security-sensitive
arguments being ignored, contrary to expectations. (CVE-2026-59997)

It was discovered that OpenSSH had undocumented behaviour regarding the
GSSAPIStrictAcceptorCheck option in environments using Windows Active
Directory. The documentation has been updated to clarify use of the option.
(CVE-2026-59998)

It was discovered that OpenSSH did not properly enforce precedence of
DisableForwarding=yes over PermitTunnel=yes in server configurations. This
could possibly result in intended network forwarding restrictions being
bypassed, contrary to expectations. (CVE-2026-59999)

It was discovered that OpenSSH mishandled the MaxAuthTries limit for GSSAPI
authentication. A remote attacker could use this issue to perform excessive
authentication attempts. (CVE-2026-60000)

It was discovered that OpenSSH did not always honour the minimum
authentication delay. An attacker could possibly use this issue to perform
brute-force attacks more efficiently. (CVE-2026-60001)

It was discovered that the OpenSSH client had a use-after-free
vulnerability when a server changed its host key during a key re-exchange.
An attacker able to intercept communications could possibly use this issue
to execute arbitrary code or obtain sensitive information. (CVE-2026-60002)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8533-1</guid><pubDate>Mon, 13 Jul 2026 13:07:08 +0000</pubDate></item><item><title>USN-8532-1: libssh2 vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8532-1</link><description>It was discovered that libssh2 incorrectly handled certain publickey
subsystem attributes. A remote attacker controlling a malicious SSH server
could use this issue to cause a denial of service or possibly execute
arbitrary code. (CVE-2026-58050)

It was discovered that libssh2 did not properly initialize publickey list
entries before parsing. A remote attacker controlling a malicious SSH
server could use this issue to cause a denial of service or possibly
execute arbitrary code. (CVE-2026-58051)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8532-1</guid><pubDate>Mon, 13 Jul 2026 12:46:47 +0000</pubDate></item><item><title>USN-8496-3: cifs-utils vulnerability</title><link>https://ubuntu.com/security/notices/USN-8496-3</link><description>USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a
regression and was backed out in USN-8496-2. This update reintroduces the
security fix, along with a fix for the regression.

Original advisory details:

 It was discovered that cifs-utils incorrectly dropped root privileges
 before looking up user information. A local attacker could possibly use
 this issue to execute arbitrary code as the root user.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8496-3</guid><pubDate>Mon, 13 Jul 2026 12:33:26 +0000</pubDate></item><item><title>USN-8531-1: libexif vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8531-1</link><description>It was discovered that libexif had an integer overflow in its MakerNote
decoder when called with a zero-length buffer. An attacker could possibly
use this issue to cause a denial of service or obtain sensitive
information. (CVE-2026-32775)

It was discovered that libexif had an integer overflow in its Nikon
MakerNote handler on 32-bit systems. A local attacker could possibly use
this issue to cause a denial of service or obtain sensitive information.
(CVE-2026-40385)

It was discovered that libexif had an integer underflow in its size
checking for Fuji and Olympus MakerNote decoding. An attacker could
possibly use this issue to cause a denial of service or obtain sensitive
information. (CVE-2026-40386)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8531-1</guid><pubDate>Mon, 13 Jul 2026 12:15:07 +0000</pubDate></item><item><title>USN-8530-1: Linux kernel (AWS) vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8530-1</link><description>It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284)

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
  - InfiniBand drivers;
  - SCSI subsystem;
  - Thermal drivers;
  - USB over IP driver;
  - Network file system (NFS) server daemon;
  - SMB network file system;
  - Tracing infrastructure;
  - B.A.T.M.A.N. meshing protocol;
  - Ethernet bridge;
  - Ceph Core library;
  - DCCP (Datagram Congestion Control Protocol);
  - IPv4 networking;
  - IPv6 networking;
  - Netfilter;
  - RxRPC session sockets;
  - X.25 network layer;
(CVE-2021-47202, CVE-2024-56643, CVE-2026-23272, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31607, CVE-2026-31637, CVE-2026-31659,
CVE-2026-31682, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037,
CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414,
CVE-2026-45988, CVE-2026-46043, CVE-2026-46119, CVE-2026-46243)
</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8530-1</guid><pubDate>Fri, 10 Jul 2026 10:07:49 +0000</pubDate></item><item><title>USN-8529-1: Linux kernel vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8529-1</link><description>It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
  - InfiniBand drivers;
  - SCSI subsystem;
  - Thermal drivers;
  - USB over IP driver;
  - Network file system (NFS) server daemon;
  - SMB network file system;
  - Tracing infrastructure;
  - B.A.T.M.A.N. meshing protocol;
  - Ethernet bridge;
  - Ceph Core library;
  - DCCP (Datagram Congestion Control Protocol);
  - IPv4 networking;
  - IPv6 networking;
  - Netfilter;
  - RxRPC session sockets;
  - X.25 network layer;
(CVE-2021-47202, CVE-2024-56643, CVE-2026-23272, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31607, CVE-2026-31637, CVE-2026-31659,
CVE-2026-31682, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037,
CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414,
CVE-2026-45988, CVE-2026-46043, CVE-2026-46119, CVE-2026-46243)
</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8529-1</guid><pubDate>Fri, 10 Jul 2026 10:00:19 +0000</pubDate></item><item><title>USN-8528-1: Linux kernel (Xilinx ZynqMP) vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8528-1</link><description>It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)

It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503,
CVE-2026-46300)

Qualys discovered that a race condition existed in the ptrace subsystem of
the Linux kernel when privileged processes are exiting. An unprivileged
local attacker could use this issue to expose sensitive information.
(CVE-2026-46333)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
  - RISC-V architecture;
  - Cryptographic API;
  - InfiniBand drivers;
  - IOMMU subsystem;
  - Ethernet bonding driver;
  - Network drivers;
  - STMicroelectronics network drivers;
  - NVME drivers;
  - x86 platform drivers;
  - SCSI subsystem;
  - SPI subsystem;
  - TCM subsystem;
  - USB over IP driver;
  - File systems infrastructure;
  - HFS+ file system;
  - Network file system (NFS) server daemon;
  - SMB network file system;
  - IPv6 networking;
  - Netfilter;
  - Tracing infrastructure;
  - io_uring subsystem;
  - Timer subsystem;
  - B.A.T.M.A.N. meshing protocol;
  - Bluetooth subsystem;
  - Ethernet bridge;
  - Ceph Core library;
  - IPv4 networking;
  - MAC80211 subsystem;
  - Multipath TCP;
  - Packet sockets;
  - RDS protocol;
  - RxRPC session sockets;
  - SMC sockets;
  - Sun RPC protocol;
  - TLS protocol;
  - X.25 network layer;
  - AMD SoC Alsa drivers;
  - KVM subsystem;
(CVE-2022-48816, CVE-2023-53673, CVE-2024-35862, CVE-2024-50060,
CVE-2025-37778, CVE-2025-37822, CVE-2025-37924, CVE-2025-38201,
CVE-2025-40082, CVE-2025-68214, CVE-2025-68263, CVE-2025-71089,
CVE-2025-71220, CVE-2025-71222, CVE-2025-71224, CVE-2026-23176,
CVE-2026-23180, CVE-2026-23182, CVE-2026-23190, CVE-2026-23193,
CVE-2026-23198, CVE-2026-23202, CVE-2026-23206, CVE-2026-23216,
CVE-2026-23256, CVE-2026-23257, CVE-2026-23258, CVE-2026-23262,
CVE-2026-23272, CVE-2026-23274, CVE-2026-23278, CVE-2026-23351,
CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402,
CVE-2026-31418, CVE-2026-31419, CVE-2026-31478, CVE-2026-31504,
CVE-2026-31533, CVE-2026-31607, CVE-2026-31637, CVE-2026-31649,
CVE-2026-31657, CVE-2026-31659, CVE-2026-31668, CVE-2026-31669,
CVE-2026-31682, CVE-2026-31685, CVE-2026-43011, CVE-2026-43033,
CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43077,
CVE-2026-43078, CVE-2026-43114, CVE-2026-43117, CVE-2026-43186,
CVE-2026-43304, CVE-2026-43341, CVE-2026-43383, CVE-2026-43406,
CVE-2026-43407, CVE-2026-43414, CVE-2026-43493, CVE-2026-43494,
CVE-2026-43501, CVE-2026-45988, CVE-2026-46028, CVE-2026-46043,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46195, CVE-2026-46243)
</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8528-1</guid><pubDate>Fri, 10 Jul 2026 09:52:32 +0000</pubDate></item><item><title>USN-8527-1: Linux kernel (Raspberry Pi) vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8527-1</link><description>Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
  - RISC-V architecture;
  - Cryptographic API;
  - InfiniBand drivers;
  - IOMMU subsystem;
  - Network drivers;
  - STMicroelectronics network drivers;
  - NVME drivers;
  - x86 platform drivers;
  - SCSI subsystem;
  - SPI subsystem;
  - TCM subsystem;
  - USB over IP driver;
  - File systems infrastructure;
  - HFS+ file system;
  - Network file system (NFS) server daemon;
  - SMB network file system;
  - IPv6 networking;
  - Tracing infrastructure;
  - Timer subsystem;
  - B.A.T.M.A.N. meshing protocol;
  - Bluetooth subsystem;
  - Ethernet bridge;
  - Ceph Core library;
  - IPv4 networking;
  - MAC80211 subsystem;
  - Multipath TCP;
  - Netfilter;
  - RxRPC session sockets;
  - SMC sockets;
  - Sun RPC protocol;
  - X.25 network layer;
  - AMD SoC Alsa drivers;
  - KVM subsystem;
(CVE-2022-48816, CVE-2023-53673, CVE-2025-37778, CVE-2025-37822,
CVE-2025-37924, CVE-2025-38201, CVE-2025-40082, CVE-2025-68214,
CVE-2025-68263, CVE-2025-71089, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2026-23176, CVE-2026-23180, CVE-2026-23182,
CVE-2026-23190, CVE-2026-23193, CVE-2026-23198, CVE-2026-23202,
CVE-2026-23206, CVE-2026-23216, CVE-2026-23256, CVE-2026-23257,
CVE-2026-23258, CVE-2026-23262, CVE-2026-23272, CVE-2026-23278,
CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402,
CVE-2026-31418, CVE-2026-31478, CVE-2026-31607, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011,
CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43114,
CVE-2026-43117, CVE-2026-43186, CVE-2026-43304, CVE-2026-43341,
CVE-2026-43383, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414,
CVE-2026-43493, CVE-2026-43501, CVE-2026-45988, CVE-2026-46043,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46195, CVE-2026-46243)
</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8527-1</guid><pubDate>Fri, 10 Jul 2026 09:45:14 +0000</pubDate></item></channel></rss>