Canonical
Latest Canonical news, announcements & analysis
Security
Ubuntu SSSD Flaw Creates Service Disruption
A vulnerability was discovered in Ubuntu's System Security Services Daemon (SSSD). A local attacker can exploit this by sending malformed data to the PAM passkey responder, causing it to crash. This results in a denial of service, preventing users from authenticating on affected systems.
Neeraj Dhiman ·
Security
Ubuntu Patches Flaw That Lets JPEGs Crash Apps
Ubuntu has patched a critical vulnerability in its GDK-PixBuf image library. A specially crafted JPEG file could crash an application, cause a denial of service, or even allow an attacker to execute arbitrary code on affected systems.
Neeraj Dhiman ·
Security
Ubuntu Patches Local Eavesdropping Vulnerability
Ubuntu has released a security update for its 20.04 LTS version, addressing a vulnerability in the xdg-dbus-proxy component. The flaw could allow a local attacker to intercept certain D-Bus messages by exploiting incorrect handling of policy rules. Users are advised to apply the patch promptly.
Neeraj Dhiman ·
Security
Security Flaw in Ubuntu Papers App
A remote code execution vulnerability was found in the Papers reference management app on Ubuntu. Attackers can exploit it by tricking users into opening a malicious PDF file, potentially allowing them to run arbitrary code. The flaw stems from how the application handles specific PDF actions.
Neeraj Dhiman ·
Security
NNCP Flaw Allows Remote File Access
A security vulnerability has been found in the NNCP file transfer utility. The flaw allows a remote attacker to bypass directory restrictions and read or write files anywhere on the system. This is a high-severity path traversal issue affecting users of this specific tool.
Neeraj Dhiman ·
Security
QEMU Flaw Puts Old Ubuntu Systems at Risk
A vulnerability in QEMU's iSCSI driver affects Ubuntu 14.04 LTS. Attackers could use it to crash systems or potentially execute code, posing a risk for users of the outdated operating system.
Neeraj Dhiman ·
Security
Texmaker Vulnerability Allows Code Execution
A security flaw has been discovered in the Texmaker LaTeX editor. The vulnerability stems from how the application handles TIFF image files, allowing a malicious image to cause a denial of service, leak sensitive information, or permit remote code execution on a user's system.
Neeraj Dhiman ·
Security
Ubuntu 20.04 Flaw Lets Attackers Crash Systems
A security flaw has been found in a core audio library on Ubuntu 20.04 LTS. Attackers could exploit it with a special file to crash applications or potentially run malicious code, requiring an immediate system update.
Neeraj Dhiman ·
Security
Media File Flaw Puts Legacy Ubuntu Servers at Risk
A security patch has been released for a critical GStreamer vulnerability affecting Ubuntu 16.04 LTS. Malicious AVI files could allow attackers to crash systems or run arbitrary code, making this update crucial for teams managing legacy infrastructure.
Neeraj Dhiman ·
Security
Ubuntu Patches OpenCC Library Vulnerability
Ubuntu has released a security update for its 18.04 LTS and 20.04 LTS versions. The patch addresses a denial-of-service vulnerability in the OpenCC library, which could be triggered by an attacker using specially crafted, truncated UTF-8 input to crash applications using the library.
Neeraj Dhiman ·
Security
Ubuntu Patches Critical Linux Kernel Flaws
Ubuntu has released security updates for the Linux kernel. The patches address several vulnerabilities, including a critical flaw known as 'Copy Fail' that could allow a local attacker to gain higher privileges or escape from a container environment. All users should update their systems promptly.
Neeraj Dhiman ·
Security
GStreamer Vulnerability Causes App Crashes
A security vulnerability has been discovered in GStreamer Good Plugins. Specially crafted MP4 audio files can cause applications using the framework to crash, leading to a denial-of-service condition. This affects systems relying on GStreamer for multimedia processing. Users should apply available security updates.
Neeraj Dhiman ·
Security
Libcaca flaw allows remote code execution
A security vulnerability has been discovered in the libcaca library. The flaw stems from incorrect handling of malformed files, which could allow an attacker to crash an application, causing a denial of service. In a worst-case scenario, this could lead to remote code execution.
Neeraj Dhiman ·
Security
Ubuntu Patches Key PostgreSQL Flaws
Ubuntu has issued a security notice for two PostgreSQL vulnerabilities. The first flaw could allow an attacker to execute arbitrary SQL functions due to an authorization issue. The second could lead to a server crash or denial of service from mishandled large user inputs. Updates are available.
Neeraj Dhiman ·
Security
Ubuntu Patches Multiple Linux Kernel Flaws
Ubuntu has released a security update for its low-latency Linux kernel, addressing several vulnerabilities. These flaws, found in the SMB, Netfilter, and io_uring subsystems, could potentially allow an attacker to compromise a system. The update is part of Ubuntu's regular maintenance and security program.
Neeraj Dhiman ·
Security
Security Flaw Found in Postorius
A cross-site scripting (XSS) vulnerability was discovered in Postorius, the web interface for Mailman 3. The flaw allows attackers to inject malicious HTML into message subjects on the 'Held messages' pop-up, which could lead to the exposure of sensitive administrator information.
Neeraj Dhiman ·
Security
Security flaw found in libeconf library
A security vulnerability has been discovered in libeconf, a configuration file parsing library used in Linux environments. The flaw could allow an attacker to cause a crash by sending improperly sized input, resulting in a denial of service. Ubuntu has issued a patch to address the issue.
Neeraj Dhiman ·
Security
New Linux Kernel Flaw Puts Secure Systems at Risk
Ubuntu has patched a security vulnerability in the Linux kernel's packet socket subsystem. The flaw could allow an attacker to compromise affected systems, posing a risk to enterprise and government users running FIPS-certified versions.
Neeraj Dhiman ·
Security
Critical Linux Kernel Flaw on GCP
A critical vulnerability, dubbed 'Copy Fail,' has been discovered in the Linux kernel for Google Cloud Platform. The flaw allows local attackers to escalate privileges or escape containers. Several other security issues were also patched, which could have allowed system compromise. Users should update their systems immediately.
Neeraj Dhiman ·
Security
Critical Flaws Found in Ubuntu 20.04 Networking Stack
Ubuntu 20.04 LTS systems are at risk due to critical flaws in their networking software. Attackers could exploit these vulnerabilities to run malicious code or cause a system crash, requiring immediate attention from security and IT teams.
Neeraj Dhiman ·
Security
Python Package Manager Pip Vulnerability Fixed
A denial-of-service vulnerability was found in pip, the Python package manager. The flaw, related to how its urllib3 library handles compressed data, could allow an attacker to crash development environments and CI/CD pipelines by consuming excessive resources. Ubuntu has released a patch to fix the issue.
Neeraj Dhiman ·
Security
Vulnerability Found In Key SSH Library
A security vulnerability has been discovered in libssh2, a popular library for the SSH2 protocol. The flaw relates to how the library handles username and password lengths during authentication. A remote attacker could exploit this issue to trigger a denial-of-service, potentially crashing affected applications.
Neeraj Dhiman ·
Security
Multiple Vulnerabilities Found in Apache Server
Multiple vulnerabilities have been discovered in the Apache HTTP Server, including issues that could lead to denial-of-service, authentication bypass, and server-side request forgery. The flaws affect several Ubuntu LTS versions, prompting security updates for systems running the popular web server software.
Neeraj Dhiman ·
Security
Critical Luanti Flaws Allow Code Execution
Two security vulnerabilities have been discovered in Luanti. The first (CVE-2026-40959) could allow an attacker to execute arbitrary code by bypassing sandbox restrictions. The second flaw could grant unintended access to insecure environments or the HTTP API, posing significant security risks to affected systems.
Neeraj Dhiman ·
Security
Critical QtSvg Flaws Patched in Ubuntu
Ubuntu has patched several critical vulnerabilities in its QtSvg library. The flaws could allow an attacker to cause a denial of service or potentially execute arbitrary code by tricking an application into processing a malicious SVG image. The patches affect multiple Long-Term Support (LTS) versions.
Neeraj Dhiman ·
Security
Ubuntu Patches Multiple Linux Kernel Flaws
Ubuntu has released a security update addressing several vulnerabilities discovered in the Linux kernel. The flaws affect various subsystems, including ARM64 and x86 architectures, drivers, and core frameworks. An attacker could potentially exploit these issues to compromise a system, making the update essential for users.
Neeraj Dhiman ·
Security
Ubuntu patches critical file deletion vulnerability
A security vulnerability has been patched in Evolution Data Server for Ubuntu 18.04 and 20.04 LTS. The flaw could allow an attacker to delete arbitrary files on the system by exploiting how the server handles its local cache. Updating is recommended to protect system integrity.
Neeraj Dhiman ·
Security
Ubuntu Patches EditorConfig Security Flaw
Ubuntu has released a security update for EditorConfig across multiple long-term support versions. The patch fixes a vulnerability that could allow a local attacker to crash the application with a crafted configuration file, causing a denial of service. Users should update their systems.
Neeraj Dhiman ·
Security
Ubuntu Kernel Flaw Allows Privilege Escalation
A significant vulnerability has been found in the OverlayFS component of Ubuntu's Linux kernel, specifically affecting versions used on Google Cloud Platform. The flaw could allow a local attacker to bypass permission checks and gain elevated system privileges, posing a serious security risk for affected servers.
Neeraj Dhiman ·
Security
Ubuntu Releases Critical Little CMS Patch
Ubuntu has released a security update for its Long-Term Support versions to address a vulnerability in the Little CMS color management engine. The flaw could allow an attacker to cause a denial of service or potentially execute arbitrary code using a specially crafted ICC profile.
Neeraj Dhiman ·
Security
Transmission Web UI Flaw Lets Attackers Trick Users
A clickjacking vulnerability was found in the Transmission BitTorrent client's web interface. Attackers can use it to trick users into performing unintended actions on servers running the software, such as changing settings or deleting data.
Neeraj Dhiman ·
Security
Ubuntu Patches Critical Sed Flaw
A critical vulnerability has been patched in the `sed` utility on Ubuntu 18.04 LTS and 20.04 LTS. The flaw allowed a local attacker to overwrite arbitrary files by exploiting how `sed` handles symbolic links during in-place edits, potentially leading to privilege escalation on affected systems.
Neeraj Dhiman ·
Security
Critical Dnsmasq Flaw Risks Downtime
A vulnerability has been found in Dnsmasq, a common network service for DNS and DHCP. When configured with a specific option, mishandled BOOTREPLY packets can allow a remote attacker to crash the service, causing a denial of service, or potentially execute arbitrary code on the system.
Neeraj Dhiman ·
Security
Ubuntu Pushes a Fix for Its Broken Rsync Patch
A recent Ubuntu security update for the rsync utility accidentally broke some of its core functions. A new patch has been released to fix this regression, which may have disrupted file synchronization and backup workflows for many teams.
Neeraj Dhiman ·
Security
Exim mail server vulnerability discovered
A security vulnerability has been found in the Exim mail transfer agent. The issue, caused by improper memory handling when the PROXY protocol is enabled, could allow a remote attacker to access sensitive information before SMTP authentication. The flaw affects systems where this specific configuration is used.
Neeraj Dhiman ·
Security
NVIDIA Tegra Kernel Vulnerability Discovered
Ubuntu has patched high-severity vulnerabilities in the Linux kernel for NVIDIA Tegra systems. The flaws, including one known as 'Copy Fail,' could allow a local attacker to gain higher privileges or potentially escape from a container, posing a significant risk to affected infrastructure.
Neeraj Dhiman ·
Security
tar-fs Flaw Exposes Ubuntu Servers
A critical path traversal vulnerability has been found in the `tar-fs` Node.js library on Ubuntu 22.04 LTS and 24.04 LTS. The flaw allows attackers to write or overwrite files outside the intended directory using a specially crafted tar archive, posing a significant security risk.
Neeraj Dhiman ·
Security
A Security Patch Broke Linux Printing Systems
Ubuntu has released a new patch for its CUPS printing system. This fixes a denial-of-service bug that was accidentally introduced by a critical security update just days earlier, highlighting the risks of patching.
Neeraj Dhiman ·
Security
Ubuntu Fixes Critical MySQL Vulnerabilities
Ubuntu has released a security update for MySQL on its 20.04 LTS version, addressing multiple vulnerabilities. This update provides necessary fixes previously available for newer Ubuntu versions. Users are advised to apply the patch to protect their database systems from potential security risks and ensure stability.
Neeraj Dhiman ·
Security
Ubuntu Issues Second Fix for Critical Exim Flaw
Ubuntu has released a second patch for the Exim mail server on version 22.04 LTS. The first fix for a critical vulnerability introduced a new bug, and this update corrects that error while keeping the original security fix intact.
Neeraj Dhiman ·