<?xml version='1.0' encoding='UTF-8'?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0"><channel><title>Ubuntu security notices</title><link>https://ubuntu.com/security/notices/rss.xml</link><description>Recent content on Ubuntu security notices</description><atom:link href="https://ubuntu.com/security/notices/rss.xml" rel="self"/><copyright>2026 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.</copyright><docs>http://www.rssboard.org/rss-specification</docs><generator>Feedgen</generator><lastBuildDate>Thu, 09 Jul 2026 13:00:02 +0000</lastBuildDate><item><title>USN-8492-4: Linux kernel (Raspberry Pi) vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8492-4</link><description>Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
  - ARM64 architecture;
  - MIPS architecture;
  - PowerPC architecture;
  - x86 architecture;
  - Block layer subsystem;
  - Cryptographic API;
  - ACPI drivers;
  - ATM drivers;
  - RNBD block device driver;
  - Ublk userspace block driver;
  - Bus devices;
  - Character device driver;
  - TPM device driver;
  - Clock framework and drivers;
  - Clocksource drivers;
  - CPU idle management framework;
  - Hardware crypto device drivers;
  - DMA engine subsystem;
  - EFI core;
  - GPIO subsystem;
  - GPU drivers;
  - HID subsystem;
  - Hardware monitoring drivers;
  - IIO subsystem;
  - InfiniBand drivers;
  - IOMMU subsystem;
  - Multiple devices driver;
  - Media drivers;
  - Multifunction device drivers;
  - Broadcom VK accelerator driver;
  - MOST (Media Oriented Systems Transport) drivers;
  - MTD block device drivers;
  - Ethernet bonding driver;
  - Network drivers;
  - Mellanox network drivers;
  - STMicroelectronics network drivers;
  - NTB driver;
  - NVME drivers;
  - PCI subsystem;
  - Performance monitor drivers;
  - Pin controllers subsystem;
  - x86 platform drivers;
  - Power supply drivers;
  - RapidIO drivers;
  - RAS (Reliability, Availability, Serviceability) subsystem;
  - Remote Processor subsystem;
  - RPMSG subsystem;
  - S/390 drivers;
  - SCSI subsystem;
  - MediaTek SoC drivers;
  - Texas Instruments SoC drivers;
  - SPI subsystem;
  - Greybus lights staging drivers;
  - Realtek RTL8723BS SDIO drivers;
  - UFS subsystem;
  - ChipIdea USB driver;
  - DesignWare USB3 driver;
  - USB over IP driver;
  - vDPA drivers;
  - Virtio Host (VHOST) subsystem;
  - Framebuffer layer;
  - BTRFS file system;
  - File systems infrastructure;
  - Ceph distributed file system;
  - Ext4 file system;
  - F2FS file system;
  - FAT file system;
  - GFS2 file system;
  - HFS+ file system;
  - JFS file system;
  - Network file system (NFS) server daemon;
  - NILFS2 file system;
  - NTFS3 file system;
  - OCFS2 file system;
  - Proc file system;
  - Pstore file system;
  - Diskquota system;
  - SMB network file system;
  - XFS file system;
  - Audit subsystem;
  - Memory Management;
  - IPv6 networking;
  - Netfilter;
  - Tracing infrastructure;
  - Kernel kexec() syscall;
  - RCU subsystem;
  - Scheduler infrastructure;
  - Scatterlist API;
  - 9P file system network protocol;
  - Asynchronous Transfer Mode (ATM) subsystem;
  - B.A.T.M.A.N. meshing protocol;
  - Bluetooth subsystem;
  - Ethernet bridge;
  - Ceph Core library;
  - Networking core;
  - IPv4 networking;
  - KCM (Kernel Connection Multiplexor) sockets driver;
  - Multipath TCP;
  - NFC subsystem;
  - RDS protocol;
  - RxRPC session sockets;
  - Network traffic control;
  - SMC sockets;
  - Sun RPC protocol;
  - X.25 network layer;
  - XFRM subsystem;
  - AppArmor security module;
  - Simplified Mandatory Access Control Kernel framework;
  - SOF drivers;
  - USB sound devices;
(CVE-2025-40005, CVE-2025-71229, CVE-2025-71231, CVE-2025-71232,
CVE-2025-71233, CVE-2025-71235, CVE-2025-71236, CVE-2025-71237,
CVE-2025-71238, CVE-2025-71239, CVE-2025-71265, CVE-2025-71266,
CVE-2025-71267, CVE-2025-71272, CVE-2025-71273, CVE-2025-71274,
CVE-2025-71286, CVE-2025-71291, CVE-2025-71292, CVE-2025-71294,
CVE-2025-71295, CVE-2025-71297, CVE-2025-71304, CVE-2025-71305,
CVE-2026-23100, CVE-2026-23169, CVE-2026-23220, CVE-2026-23221,
CVE-2026-23222, CVE-2026-23228, CVE-2026-23229, CVE-2026-23230,
CVE-2026-23233, CVE-2026-23234, CVE-2026-23235, CVE-2026-23236,
CVE-2026-23237, CVE-2026-23238, CVE-2026-23241, CVE-2026-23242,
CVE-2026-23243, CVE-2026-23249, CVE-2026-23266, CVE-2026-23267,
CVE-2026-23272, CVE-2026-23278, CVE-2026-23392, CVE-2026-23428,
CVE-2026-23450, CVE-2026-23455, CVE-2026-31402, CVE-2026-31411,
CVE-2026-31418, CVE-2026-31436, CVE-2026-31448, CVE-2026-31478,
CVE-2026-31607, CVE-2026-31637, CVE-2026-31649, CVE-2026-31657,
CVE-2026-31659, CVE-2026-31668, CVE-2026-31669, CVE-2026-31682,
CVE-2026-31685, CVE-2026-31687, CVE-2026-31693, CVE-2026-43011,
CVE-2026-43037, CVE-2026-43038, CVE-2026-43071, CVE-2026-43114,
CVE-2026-43117, CVE-2026-43123, CVE-2026-43124, CVE-2026-43128,
CVE-2026-43130, CVE-2026-43132, CVE-2026-43133, CVE-2026-43134,
CVE-2026-43135, CVE-2026-43136, CVE-2026-43137, CVE-2026-43139,
CVE-2026-43140, CVE-2026-43141, CVE-2026-43143, CVE-2026-43145,
CVE-2026-43147, CVE-2026-43148, CVE-2026-43149, CVE-2026-43150,
CVE-2026-43152, CVE-2026-43153, CVE-2026-43156, CVE-2026-43157,
CVE-2026-43158, CVE-2026-43159, CVE-2026-43163, CVE-2026-43167,
CVE-2026-43168, CVE-2026-43169, CVE-2026-43170, CVE-2026-43171,
CVE-2026-43173, CVE-2026-43175, CVE-2026-43180, CVE-2026-43182,
CVE-2026-43183, CVE-2026-43184, CVE-2026-43186, CVE-2026-43187,
CVE-2026-43189, CVE-2026-43190, CVE-2026-43194, CVE-2026-43196,
CVE-2026-43199, CVE-2026-43200, CVE-2026-43201, CVE-2026-43202,
CVE-2026-43203, CVE-2026-43205, CVE-2026-43206, CVE-2026-43207,
CVE-2026-43209, CVE-2026-43211, CVE-2026-43212, CVE-2026-43214,
CVE-2026-43215, CVE-2026-43218, CVE-2026-43221, CVE-2026-43222,
CVE-2026-43223, CVE-2026-43225, CVE-2026-43226, CVE-2026-43227,
CVE-2026-43230, CVE-2026-43231, CVE-2026-43232, CVE-2026-43233,
CVE-2026-43236, CVE-2026-43238, CVE-2026-43239, CVE-2026-43241,
CVE-2026-43242, CVE-2026-43244, CVE-2026-43246, CVE-2026-43248,
CVE-2026-43249, CVE-2026-43250, CVE-2026-43251, CVE-2026-43253,
CVE-2026-43255, CVE-2026-43256, CVE-2026-43257, CVE-2026-43258,
CVE-2026-43261, CVE-2026-43262, CVE-2026-43264, CVE-2026-43266,
CVE-2026-43268, CVE-2026-43269, CVE-2026-43270, CVE-2026-43271,
CVE-2026-43273, CVE-2026-43275, CVE-2026-43277, CVE-2026-43278,
CVE-2026-43279, CVE-2026-43283, CVE-2026-43287, CVE-2026-43288,
CVE-2026-43289, CVE-2026-43291, CVE-2026-43295, CVE-2026-43296,
CVE-2026-43297, CVE-2026-43300, CVE-2026-43302, CVE-2026-43304,
CVE-2026-43312, CVE-2026-43313, CVE-2026-43314, CVE-2026-43315,
CVE-2026-43316, CVE-2026-43317, CVE-2026-43318, CVE-2026-43319,
CVE-2026-43320, CVE-2026-43341, CVE-2026-43378, CVE-2026-43383,
CVE-2026-43384, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414,
CVE-2026-43493, CVE-2026-43501, CVE-2026-45847, CVE-2026-45848,
CVE-2026-45849, CVE-2026-45851, CVE-2026-45852, CVE-2026-45856,
CVE-2026-45857, CVE-2026-45859, CVE-2026-45860, CVE-2026-45861,
CVE-2026-45862, CVE-2026-45864, CVE-2026-45865, CVE-2026-45866,
CVE-2026-45867, CVE-2026-45868, CVE-2026-45869, CVE-2026-45870,
CVE-2026-45871, CVE-2026-45872, CVE-2026-45873, CVE-2026-45875,
CVE-2026-45877, CVE-2026-45878, CVE-2026-45879, CVE-2026-45880,
CVE-2026-45881, CVE-2026-45882, CVE-2026-45883, CVE-2026-45884,
CVE-2026-45885, CVE-2026-45886, CVE-2026-45890, CVE-2026-45891,
CVE-2026-45893, CVE-2026-45895, CVE-2026-45902, CVE-2026-45904,
CVE-2026-45905, CVE-2026-45910, CVE-2026-45912, CVE-2026-45913,
CVE-2026-45914, CVE-2026-45915, CVE-2026-45916, CVE-2026-45917,
CVE-2026-45919, CVE-2026-45921, CVE-2026-45923, CVE-2026-45928,
CVE-2026-45935, CVE-2026-45936, CVE-2026-45938, CVE-2026-45941,
CVE-2026-45946, CVE-2026-45947, CVE-2026-45948, CVE-2026-45954,
CVE-2026-45957, CVE-2026-45960, CVE-2026-45962, CVE-2026-45964,
CVE-2026-45965, CVE-2026-45968, CVE-2026-45969, CVE-2026-45970,
CVE-2026-45972, CVE-2026-45973, CVE-2026-45974, CVE-2026-45976,
CVE-2026-45978, CVE-2026-45981, CVE-2026-45982, CVE-2026-45983,
CVE-2026-45984, CVE-2026-45988, CVE-2026-46043, CVE-2026-46115,
CVE-2026-46119, CVE-2026-46135, CVE-2026-46185, CVE-2026-46195,
CVE-2026-46243, CVE-2026-46244, CVE-2026-46246, CVE-2026-46247,
CVE-2026-46249, CVE-2026-46250, CVE-2026-46251, CVE-2026-46253,
CVE-2026-46254, CVE-2026-46255, CVE-2026-46259, CVE-2026-46260,
CVE-2026-46261, CVE-2026-46265, CVE-2026-46266, CVE-2026-46267,
CVE-2026-46270, CVE-2026-46289, CVE-2026-46328)
</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8492-4</guid><pubDate>Thu, 09 Jul 2026 08:10:03 +0000</pubDate></item><item><title>USN-8490-2: Linux kernel (Raspberry Pi) vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8490-2</link><description>Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
  - ARM64 architecture;
  - Block layer subsystem;
  - Cryptographic API;
  - DMA engine subsystem;
  - InfiniBand drivers;
  - STMicroelectronics network drivers;
  - Network drivers;
  - NVME drivers;
  - SCSI subsystem;
  - USB over IP driver;
  - File systems infrastructure;
  - Ext4 file system;
  - Network file system (NFS) server daemon;
  - SMB network file system;
  - Kernel thread helper (kthread);
  - IPv6 networking;
  - Tracing infrastructure;
  - Kernel exit() syscall;
  - Scatterlist API;
  - B.A.T.M.A.N. meshing protocol;
  - Ethernet bridge;
  - Ceph Core library;
  - IPv4 networking;
  - Multipath TCP;
  - Netfilter;
  - RxRPC session sockets;
  - SMC sockets;
  - X.25 network layer;
(CVE-2026-22984, CVE-2026-23272, CVE-2026-23278, CVE-2026-23392,
CVE-2026-23427, CVE-2026-23428, CVE-2026-23450, CVE-2026-23455,
CVE-2026-31402, CVE-2026-31418, CVE-2026-31436, CVE-2026-31448,
CVE-2026-31478, CVE-2026-31607, CVE-2026-31635, CVE-2026-31637,
CVE-2026-31649, CVE-2026-31657, CVE-2026-31659, CVE-2026-31668,
CVE-2026-31669, CVE-2026-31682, CVE-2026-31685, CVE-2026-31718,
CVE-2026-43011, CVE-2026-43037, CVE-2026-43038, CVE-2026-43071,
CVE-2026-43083, CVE-2026-43114, CVE-2026-43117, CVE-2026-43125,
CVE-2026-43186, CVE-2026-43197, CVE-2026-43304, CVE-2026-43341,
CVE-2026-43376, CVE-2026-43378, CVE-2026-43383, CVE-2026-43384,
CVE-2026-43402, CVE-2026-43406, CVE-2026-43407, CVE-2026-43414,
CVE-2026-43493, CVE-2026-43501, CVE-2026-45898, CVE-2026-45988,
CVE-2026-46039, CVE-2026-46043, CVE-2026-46115, CVE-2026-46119,
CVE-2026-46135, CVE-2026-46185, CVE-2026-46195, CVE-2026-46243,
CVE-2026-46244, CVE-2026-46266, CVE-2026-46289, CVE-2026-46316,
CVE-2026-46325)
</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8490-2</guid><pubDate>Thu, 09 Jul 2026 07:55:55 +0000</pubDate></item><item><title>USN-8518-1: mailcap vulnerability</title><link>https://ubuntu.com/security/notices/USN-8518-1</link><description>Aaron Rainbolt discovered that the cautious-launcher utility in the
mailcap package did not properly restrict the execution of certain
file types. An attacker could use this issue to escape a sandboxed
application and execute arbitrary code on the host operating system.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8518-1</guid><pubDate>Wed, 08 Jul 2026 17:15:41 +0000</pubDate></item><item><title>USN-8517-1: ClamAV vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8517-1</link><description>It was discovered that ClamAV incorrectly handled certain PE files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2026-20213, CVE-2026-20214,
CVE-2026-20217)

It was discovered that ClamAV incorrectly handled certain 7z archive
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2026-20215)

It was discovered that ClamAV incorrectly handled extraction limits for
certain InstallShield archives. A remote attacker could possibly use this
issue to cause ClamAV to use excessive resources, leading to a denial of
service. (CVE-2026-20216)

It was discovered that ClamAV incorrectly handled certain ALZ archive
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2026-20243)

It was discovered that ClamAV incorrectly handled certain DMG files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2026-20244)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8517-1</guid><pubDate>Wed, 08 Jul 2026 14:07:06 +0000</pubDate></item><item><title>USN-8516-1: Apache HTTP Server vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8516-1</link><description>It was discovered that Apache HTTP Server's mod_ldap module incorrectly
handled memory when processing per-directory configurations. An attacker
could use this issue to cause the server to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2026-29167)

It was discovered that Apache HTTP Server's mod_proxy_ftp module
incorrectly handled HTML generation for FTP directory listings. A remote
attacker could possibly use this issue to inject arbitrary web script or
HTML. (CVE-2026-29170)

It was discovered that Apache HTTP Server's mod_proxy_html module
incorrectly handled certain content from an untrusted backend. A remote
attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-34355)

It was discovered that Apache HTTP Server incorrectly handled
ProxyPassReverseCookie directives with a malicious backend server. A remote
attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-34356)

It was discovered that Apache HTTP Server's mod_dav_fs module incorrectly
handled certain path operations. An authenticated user could possibly use
this issue to manipulate trusted WebDAV property databases or cause a
denial of service. (CVE-2026-42535)

It was discovered that Apache HTTP Server's mod_xml2enc module incorrectly
handled certain content from an untrusted backend. A remote attacker could
possibly use this issue to cause Apache HTTP Server to crash, resulting in
a denial of service. (CVE-2026-42536)

It was discovered that Apache HTTP Server incorrectly handled response
headers when multiple content languages were configured. A remote attacker
could possibly use this issue to obtain sensitive information.
(CVE-2026-43951)

It was discovered that Apache HTTP Server incorrectly restricted certain
file functions in expressions within .htaccess files. A local attacker with
.htaccess write access could possibly use this issue to obtain sensitive
information. (CVE-2026-44119)

It was discovered that Apache HTTP Server's mod_ssl module incorrectly
handled OCSP responses from an attacker-controlled server. A remote
attacker could possibly use this issue to obtain sensitive information or
cause a denial of service. (CVE-2026-44185)

It was discovered that Apache HTTP Server's mod_proxy_ftp module
incorrectly handled responses from an attacker-controlled backend FTP
server. A remote attacker could possibly use this issue to cause Apache
HTTP Server to stop responding, resulting in a denial of service.
(CVE-2026-44186)

It was discovered that Apache HTTP Server incorrectly handled crafted
regular expressions in the server configuration. An attacker could possibly
use this issue to execute arbitrary code or cause a denial of service.
(CVE-2026-44631)

It was discovered that Apache HTTP Server's mod_http2 module had a
use-after-free vulnerability when file handles were exhausted. A remote
attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-48913)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8516-1</guid><pubDate>Wed, 08 Jul 2026 13:49:49 +0000</pubDate></item><item><title>USN-8515-1: Addressable vulnerability</title><link>https://ubuntu.com/security/notices/USN-8515-1</link><description>It was discovered that Addressable incorrectly handled certain URI
templates, generating regular expressions vulnerable to catastrophic
backtracking. An attacker could use this issue to craft a URI that, when matched
against a vulnerable template, causes excessive resource consumption,
leading to a denial of service.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8515-1</guid><pubDate>Tue, 07 Jul 2026 10:46:24 +0000</pubDate></item><item><title>USN-8514-1: OpenSSH vulnerability</title><link>https://ubuntu.com/security/notices/USN-8514-1</link><description>It was discovered that OpenSSH incorrectly handled file permissions when
downloading files as root using the legacy scp protocol without the
preserve-mode option. An attacker could use this to install setuid or setgid
files on a system, possibly leading to privilege escalation.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8514-1</guid><pubDate>Mon, 06 Jul 2026 14:32:58 +0000</pubDate></item><item><title>USN-8502-1: GnuTLS vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8502-1</link><description>It was discovered that GnuTLS had a timing side-channel when processing
malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker
could possibly use this issue to recover sensitive information. This
issue only affected Ubuntu 18.04 LTS. (CVE-2024-0553)

Bing Shi discovered that GnuTLS incorrectly handled decoding certain
DER-encoded certificates. A remote attacker could possibly use this
issue to cause GnuTLS to consume resources, leading to a denial of
service. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-12243)

Luigino Camastra discovered that GnuTLS incorrectly handled certain
PKCS11 token labels. A remote attacker could use this issue to cause
GnuTLS to crash, resulting in a denial of service, or possibly execute
arbitrary code. The default compiler options for affected releases
should reduce the vulnerability to a denial of service. (CVE-2025-9820)

Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious
certificates containing a large number of name constraints and subject
alternative names. A remote attacker could possibly use this issue to
cause GnuTLS to consume resources, resulting in a denial of service.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2025-14831)

Oleh Konko and Joshua Rogers discovered that GnuTLS did not properly
handle case-insensitive name constraints in certain cases. A remote
attacker could possibly use this issue to bypass certificate validation,
leading to a machine-in-the-middle attack. (CVE-2026-3833)

Joshua Rogers discovered that GnuTLS did not properly handle very short
premaster secrets in certain RSA key exchange cases with PKCS#11-backed
server keys. A remote attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2026-5260)

Joshua Rogers discovered that GnuTLS did not properly handle malformed
DTLS handshake fragments in certain cases. A remote attacker could
possibly use this issue to obtain sensitive information, or cause a
denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2026-33845)

Haruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did
not properly validate DTLS handshake fragment lengths in certain cases.
A remote attacker could possibly use this issue to cause GnuTLS to
crash, resulting in a denial of service, or execute arbitrary code.
(CVE-2026-33846)

Joshua Rogers discovered that GnuTLS did not properly order DTLS packets
with duplicate sequence numbers in certain cases. A remote attacker
could possibly use this issue to cause GnuTLS to crash, resulting in a
denial of service. (CVE-2026-42009)

Joshua Rogers discovered that GnuTLS did not properly handle usernames
containing NUL characters in certain RSA-PSK configurations. A remote
attacker could possibly use this issue to bypass authentication and gain
unintended access to services. This issue only affected Ubuntu 20.04
LTS. (CVE-2026-42010)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8502-1</guid><pubDate>Mon, 06 Jul 2026 13:37:09 +0000</pubDate></item><item><title>USN-8513-1: PHP vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8513-1</link><description>It was discovered that PHP incorrectly handled SOAP object deduplication
when processing apache:Map nodes with duplicate keys. An attacker could
possibly use this to cause a use-after-free, resulting in remote code
execution. (CVE-2026-6722)

It was discovered that PHP incorrectly handled SOAP request persistence when
configured with SOAP_PERSISTENCE_SESSION. An attacker could possibly use this
to cause a use-after-free, resulting in memory corruption, information
disclosure, or a denial of service. (CVE-2026-7261)

It was discovered that the PDO Firebird driver in PHP improperly handled NUL
bytes when quoting SQL query strings. An attacker could possibly use this to
perform SQL injection when attacker-controlled values are embedded in SQL
statements. (CVE-2025-14179)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8513-1</guid><pubDate>Mon, 06 Jul 2026 13:22:54 +0000</pubDate></item><item><title>USN-8512-1: Gzip vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8512-1</link><description>It was discovered that Gzip's gzexe utility handled temporary files in an
insecure manner. When the mktemp utility was not available, gzexe
constructed a temporary file path based on the process ID, which could be
predicted. A local attacker could possibly use this issue to overwrite
arbitrary files via a symlink attack. (CVE-2026-41991)

It was discovered that Gzip incorrectly handled certain compressed files.
An attacker could possibly use this issue to obtain sensitive information
or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8512-1</guid><pubDate>Mon, 06 Jul 2026 12:52:06 +0000</pubDate></item></channel></rss>