<?xml version='1.0' encoding='UTF-8'?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0"><channel><title>Ubuntu security notices</title><link>https://ubuntu.com/security/notices/rss.xml</link><description>Recent content on Ubuntu security notices</description><atom:link href="https://ubuntu.com/security/notices/rss.xml" rel="self"/><copyright>2026 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.</copyright><docs>http://www.rssboard.org/rss-specification</docs><generator>Feedgen</generator><lastBuildDate>Wed, 15 Jul 2026 21:56:35 +0000</lastBuildDate><item><title>USN-8552-1: Sympa vulnerability</title><link>https://ubuntu.com/security/notices/USN-8552-1</link><description>It was discovered that Sympa did not properly validate input on the
generic SSO login. A remote attacker could possibly use this issue to
perform a path traversal attack and gain unintended access.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8552-1</guid><pubDate>Wed, 15 Jul 2026 14:50:01 +0000</pubDate></item><item><title>USN-8551-1: Tomcat vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8551-1</link><description>It was discovered that Tomcat incorrectly handled authorization when
multiple method constraints defined the same HTTP method. A remote
attacker could possibly use this issue to bypass authorization
restrictions. (CVE-2026-43515)

It was discovered that the Tomcat number guess example application did
not properly sanitize user-supplied input. An attacker could possibly
use this issue to inject malicious scripts, resulting in cross-site
scripting. (CVE-2026-50229)

It was discovered that Tomcat incorrectly evaluated rewrite valve
conditions in certain configurations. An attacker could possibly use
this issue to bypass rewrite rules, resulting in unauthorized access.
(CVE-2026-53404)

It was discovered that Tomcat incorrectly omitted certain authorization
information when logging the effective web.xml configuration. An
attacker could possibly use this issue to hide authorization
constraints, resulting in reduced auditability. (CVE-2026-55276)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8551-1</guid><pubDate>Wed, 15 Jul 2026 14:15:28 +0000</pubDate></item><item><title>USN-8550-1: libslirp vulnerability</title><link>https://ubuntu.com/security/notices/USN-8550-1</link><description>It was discovered that libslirp incorrectly handled TCP urgent data. A
privileged attacker inside a guest VM could possibly use this issue to
obtain sensitive information from the host process memory.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8550-1</guid><pubDate>Wed, 15 Jul 2026 13:59:22 +0000</pubDate></item><item><title>USN-8549-1: idna vulnerability</title><link>https://ubuntu.com/security/notices/USN-8549-1</link><description>It was discovered that idna did not properly reject oversized inputs before
performing expensive processing. An attacker could possibly use this issue
to cause idna to consume significant resources, leading to a denial of
service.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8549-1</guid><pubDate>Wed, 15 Jul 2026 13:46:50 +0000</pubDate></item><item><title>USN-8548-1: Linux kernel vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8548-1</link><description>It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw is known as Fragnesia. A local attacker could use this to escalate
privileges, or possibly escape a container. (CVE-2026-43503)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
  - SCSI subsystem;
  - Thermal drivers;
  - USB over IP driver;
  - File systems infrastructure;
  - Ext4 file system;
  - Network file system (NFS) server daemon;
  - SMB network file system;
  - Tracing infrastructure;
  - B.A.T.M.A.N. meshing protocol;
  - Ceph Core library;
  - DCCP (Datagram Congestion Control Protocol);
  - IPv4 networking;
  - IPv6 networking;
  - Netfilter;
  - RxRPC session sockets;
  - X.25 network layer;
(CVE-2021-47117, CVE-2021-47202, CVE-2023-52646, CVE-2024-56643,
CVE-2026-23455, CVE-2026-31402, CVE-2026-31607, CVE-2026-31637,
CVE-2026-31659, CVE-2026-31685, CVE-2026-43011, CVE-2026-43037,
CVE-2026-43038, CVE-2026-43383, CVE-2026-43407, CVE-2026-43414,
CVE-2026-45988, CVE-2026-46119, CVE-2026-46243)
</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8548-1</guid><pubDate>Wed, 15 Jul 2026 12:07:51 +0000</pubDate></item><item><title>USN-8547-1: Linux kernel vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8547-1</link><description>Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
  - RISC-V architecture;
  - Cryptographic API;
  - InfiniBand drivers;
  - IOMMU subsystem;
  - Network drivers;
  - STMicroelectronics network drivers;
  - NVME drivers;
  - x86 platform drivers;
  - SCSI subsystem;
  - SPI subsystem;
  - TCM subsystem;
  - USB over IP driver;
  - File systems infrastructure;
  - HFS+ file system;
  - Network file system (NFS) server daemon;
  - SMB network file system;
  - IPv6 networking;
  - Tracing infrastructure;
  - Timer subsystem;
  - B.A.T.M.A.N. meshing protocol;
  - Bluetooth subsystem;
  - Ethernet bridge;
  - Ceph Core library;
  - IPv4 networking;
  - MAC80211 subsystem;
  - Multipath TCP;
  - Netfilter;
  - RxRPC session sockets;
  - SMC sockets;
  - Sun RPC protocol;
  - X.25 network layer;
  - AMD SoC Alsa drivers;
  - KVM subsystem;
(CVE-2022-48816, CVE-2023-53673, CVE-2025-37778, CVE-2025-37822,
CVE-2025-37924, CVE-2025-38201, CVE-2025-40082, CVE-2025-68214,
CVE-2025-68263, CVE-2025-71089, CVE-2025-71220, CVE-2025-71222,
CVE-2025-71224, CVE-2026-23176, CVE-2026-23180, CVE-2026-23182,
CVE-2026-23190, CVE-2026-23193, CVE-2026-23198, CVE-2026-23202,
CVE-2026-23206, CVE-2026-23216, CVE-2026-23256, CVE-2026-23257,
CVE-2026-23258, CVE-2026-23262, CVE-2026-23272, CVE-2026-23278,
CVE-2026-23428, CVE-2026-23450, CVE-2026-23455, CVE-2026-31402,
CVE-2026-31418, CVE-2026-31478, CVE-2026-31607, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-43011,
CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43114,
CVE-2026-43117, CVE-2026-43185, CVE-2026-43186, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43383, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45988,
CVE-2026-46043, CVE-2026-46119, CVE-2026-46135, CVE-2026-46195,
CVE-2026-46243)
</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8547-1</guid><pubDate>Wed, 15 Jul 2026 10:59:34 +0000</pubDate></item><item><title>USN-8546-1: Linux kernel (Raspberry Pi) vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8546-1</link><description>Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
  - ARM64 architecture;
  - Block layer subsystem;
  - Cryptographic API;
  - DMA engine subsystem;
  - InfiniBand drivers;
  - STMicroelectronics network drivers;
  - Network drivers;
  - NVME drivers;
  - SCSI subsystem;
  - USB over IP driver;
  - File systems infrastructure;
  - Ext4 file system;
  - Network file system (NFS) server daemon;
  - SMB network file system;
  - Kernel thread helper (kthread);
  - IPv6 networking;
  - Tracing infrastructure;
  - Kernel exit() syscall;
  - Scatterlist API;
  - B.A.T.M.A.N. meshing protocol;
  - Ethernet bridge;
  - Ceph Core library;
  - IPv4 networking;
  - Multipath TCP;
  - Netfilter;
  - RxRPC session sockets;
  - SMC sockets;
  - X.25 network layer;
(CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392,
CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448,
CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718,
CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071,
CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125,
CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383,
CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898,
CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195,
CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289,
CVE-2026-46316, CVE-2026-46325)
</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8546-1</guid><pubDate>Wed, 15 Jul 2026 08:26:52 +0000</pubDate></item><item><title>USN-8545-1: Linux kernel (HWE) vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8545-1</link><description>Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
  - ARM64 architecture;
  - Block layer subsystem;
  - Cryptographic API;
  - DMA engine subsystem;
  - InfiniBand drivers;
  - STMicroelectronics network drivers;
  - Network drivers;
  - NVME drivers;
  - SCSI subsystem;
  - USB over IP driver;
  - File systems infrastructure;
  - Ext4 file system;
  - Network file system (NFS) server daemon;
  - SMB network file system;
  - Kernel thread helper (kthread);
  - IPv6 networking;
  - Tracing infrastructure;
  - Kernel exit() syscall;
  - Scatterlist API;
  - B.A.T.M.A.N. meshing protocol;
  - Ethernet bridge;
  - Ceph Core library;
  - IPv4 networking;
  - Multipath TCP;
  - Netfilter;
  - RxRPC session sockets;
  - SMC sockets;
  - X.25 network layer;
(CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392,
CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448,
CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718,
CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071,
CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125,
CVE-2026-43185, CVE-2026-43186, CVE-2026-43197, CVE-2026-43304,
CVE-2026-43341, CVE-2026-43376, CVE-2026-43378, CVE-2026-43383,
CVE-2026-43384, CVE-2026-43402, CVE-2026-43406, CVE-2026-43407,
CVE-2026-43414, CVE-2026-43493, CVE-2026-43501, CVE-2026-45898,
CVE-2026-45988, CVE-2026-46039, CVE-2026-46043, CVE-2026-46115,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195,
CVE-2026-46243, CVE-2026-46244, CVE-2026-46266, CVE-2026-46289,
CVE-2026-46316, CVE-2026-46325)
</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8545-1</guid><pubDate>Wed, 15 Jul 2026 07:57:03 +0000</pubDate></item><item><title>USN-8544-1: LuaJIT vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8544-1</link><description>It was discovered that LuaJIT incorrectly handled certain inputs. An attacker
could possibly use these issues to cause a crash, resulting in a denial of
service, or execute arbitrary code.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8544-1</guid><pubDate>Tue, 14 Jul 2026 21:47:27 +0000</pubDate></item><item><title>USN-8543-1: Wget vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8543-1</link><description>It was discovered that Wget mishandled semicolons in the userinfo
subcomponent of a URL. A remote attacker could possibly use this issue
to trick a user into connecting to a different host than intended. This
issue only affected Ubuntu 14.04 LTS. (CVE-2024-38428)

It was discovered that Wget incorrectly handled Metalink documents
containing a whitespace-only URL. A remote attacker could possibly use
this issue to cause a denial of service. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu
26.04 LTS. (CVE-2026-58469)

It was discovered that Wget incorrectly handled Content-Range header
values, leading to an integer overflow. A remote attacker could
possibly use this issue to cause download desynchronization.
(CVE-2026-58470)

It was discovered that Wget incorrectly handled character set
conversion of server-supplied filenames. A remote attacker could possibly
use this issue to cause a denial of service or possibly execute arbitrary
code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-58471)

It was discovered that Wget incorrectly handled HTML attributes
requiring entity encoding. A remote attacker could possibly use this issue
to cause a denial of service or possibly execute arbitrary code.
(CVE-2026-58472)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8543-1</guid><pubDate>Tue, 14 Jul 2026 19:06:42 +0000</pubDate></item></channel></rss>