<?xml version='1.0' encoding='UTF-8'?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0"><channel><title>Ubuntu security notices</title><link>https://ubuntu.com/security/notices/rss.xml</link><description>Recent content on Ubuntu security notices</description><atom:link href="https://ubuntu.com/security/notices/rss.xml" rel="self"/><copyright>2026 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.</copyright><docs>http://www.rssboard.org/rss-specification</docs><generator>Feedgen</generator><lastBuildDate>Wed, 08 Jul 2026 21:37:43 +0000</lastBuildDate><item><title>USN-8518-1: mailcap vulnerability</title><link>https://ubuntu.com/security/notices/USN-8518-1</link><description>Aaron Rainbolt discovered that the cautious-launcher utility in the
mailcap package did not properly restrict the execution of certain
file types. An attacker could use this issue to escape a sandboxed
application and execute arbitrary code on the host operating system.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8518-1</guid><pubDate>Wed, 08 Jul 2026 17:15:41 +0000</pubDate></item><item><title>USN-8517-1: ClamAV vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8517-1</link><description>It was discovered that ClamAV incorrectly handled certain PE files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2026-20213, CVE-2026-20214,
CVE-2026-20217)

It was discovered that ClamAV incorrectly handled certain 7z archive
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2026-20215)

It was discovered that ClamAV incorrectly handled extraction limits for
certain InstallShield archives. A remote attacker could possibly use this
issue to cause ClamAV to use excessive resources, leading to a denial of
service. (CVE-2026-20216)

It was discovered that ClamAV incorrectly handled certain ALZ archive
files. A remote attacker could possibly use this issue to cause ClamAV to
crash, resulting in a denial of service. (CVE-2026-20243)

It was discovered that ClamAV incorrectly handled certain DMG files. A
remote attacker could possibly use this issue to cause ClamAV to crash,
resulting in a denial of service. (CVE-2026-20244)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8517-1</guid><pubDate>Wed, 08 Jul 2026 14:07:06 +0000</pubDate></item><item><title>USN-8516-1: Apache HTTP Server vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8516-1</link><description>It was discovered that Apache HTTP Server's mod_ldap module incorrectly
handled memory when processing per-directory configurations. An attacker
could use this issue to cause the server to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2026-29167)

It was discovered that Apache HTTP Server's mod_proxy_ftp module
incorrectly handled HTML generation for FTP directory listings. A remote
attacker could possibly use this issue to inject arbitrary web script or
HTML. (CVE-2026-29170)

It was discovered that Apache HTTP Server's mod_proxy_html module
incorrectly handled certain content from an untrusted backend. A remote
attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-34355)

It was discovered that Apache HTTP Server incorrectly handled
ProxyPassReverseCookie directives with a malicious backend server. A remote
attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-34356)

It was discovered that Apache HTTP Server's mod_dav_fs module incorrectly
handled certain path operations. An authenticated user could possibly use
this issue to manipulate trusted WebDAV property databases or cause a
denial of service. (CVE-2026-42535)

It was discovered that Apache HTTP Server's mod_xml2enc module incorrectly
handled certain content from an untrusted backend. A remote attacker could
possibly use this issue to cause Apache HTTP Server to crash, resulting in
a denial of service. (CVE-2026-42536)

It was discovered that Apache HTTP Server incorrectly handled response
headers when multiple content languages were configured. A remote attacker
could possibly use this issue to obtain sensitive information.
(CVE-2026-43951)

It was discovered that Apache HTTP Server incorrectly restricted certain
file functions in expressions within .htaccess files. A local attacker with
.htaccess write access could possibly use this issue to obtain sensitive
information. (CVE-2026-44119)

It was discovered that Apache HTTP Server's mod_ssl module incorrectly
handled OCSP responses from an attacker-controlled server. A remote
attacker could possibly use this issue to obtain sensitive information or
cause a denial of service. (CVE-2026-44185)

It was discovered that Apache HTTP Server's mod_proxy_ftp module
incorrectly handled responses from an attacker-controlled backend FTP
server. A remote attacker could possibly use this issue to cause Apache
HTTP Server to stop responding, resulting in a denial of service.
(CVE-2026-44186)

It was discovered that Apache HTTP Server incorrectly handled crafted
regular expressions in the server configuration. An attacker could possibly
use this issue to execute arbitrary code or cause a denial of service.
(CVE-2026-44631)

It was discovered that Apache HTTP Server's mod_http2 module had a
use-after-free vulnerability when file handles were exhausted. A remote
attacker could possibly use this issue to cause Apache HTTP Server to
crash, resulting in a denial of service. (CVE-2026-48913)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8516-1</guid><pubDate>Wed, 08 Jul 2026 13:49:49 +0000</pubDate></item><item><title>USN-8515-1: Addressable vulnerability</title><link>https://ubuntu.com/security/notices/USN-8515-1</link><description>It was discovered that Addressable incorrectly handled certain URI
templates, generating regular expressions vulnerable to catastrophic
backtracking. An attacker could use this issue to craft a URI that, when matched
against a vulnerable template, causes excessive resource consumption,
leading to a denial of service.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8515-1</guid><pubDate>Tue, 07 Jul 2026 10:46:24 +0000</pubDate></item><item><title>USN-8514-1: OpenSSH vulnerability</title><link>https://ubuntu.com/security/notices/USN-8514-1</link><description>It was discovered that OpenSSH incorrectly handled file permissions when
downloading files as root using the legacy scp protocol without the
preserve-mode option. An attacker could use this to install setuid or setgid
files on a system, possibly leading to privilege escalation.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8514-1</guid><pubDate>Mon, 06 Jul 2026 14:32:58 +0000</pubDate></item><item><title>USN-8502-1: GnuTLS vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8502-1</link><description>It was discovered that GnuTLS had a timing side-channel when processing
malformed ciphertexts in RSA-PSK ClientKeyExchange. A remote attacker
could possibly use this issue to recover sensitive information. This
issue only affected Ubuntu 18.04 LTS. (CVE-2024-0553)

Bing Shi discovered that GnuTLS incorrectly handled decoding certain
DER-encoded certificates. A remote attacker could possibly use this
issue to cause GnuTLS to consume resources, leading to a denial of
service. This issue only affected Ubuntu 18.04 LTS. (CVE-2024-12243)

Luigino Camastra discovered that GnuTLS incorrectly handled certain
PKCS11 token labels. A remote attacker could use this issue to cause
GnuTLS to crash, resulting in a denial of service, or possibly execute
arbitrary code. The default compiler options for affected releases
should reduce the vulnerability to a denial of service. (CVE-2025-9820)

Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious
certificates containing a large number of name constraints and subject
alternative names. A remote attacker could possibly use this issue to
cause GnuTLS to consume resources, resulting in a denial of service.
This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2025-14831)

Oleh Konko and Joshua Rogers discovered that GnuTLS did not properly
handle case-insensitive name constraints in certain cases. A remote
attacker could possibly use this issue to bypass certificate validation,
leading to a machine-in-the-middle attack. (CVE-2026-3833)

Joshua Rogers discovered that GnuTLS did not properly handle very short
premaster secrets in certain RSA key exchange cases with PKCS#11-backed
server keys. A remote attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2026-5260)

Joshua Rogers discovered that GnuTLS did not properly handle malformed
DTLS handshake fragments in certain cases. A remote attacker could
possibly use this issue to obtain sensitive information, or cause a
denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2026-33845)

Haruto Kimura, Oscar Reparaz, and Zou Dikai discovered that GnuTLS did
not properly validate DTLS handshake fragment lengths in certain cases.
A remote attacker could possibly use this issue to cause GnuTLS to
crash, resulting in a denial of service, or execute arbitrary code.
(CVE-2026-33846)

Joshua Rogers discovered that GnuTLS did not properly order DTLS packets
with duplicate sequence numbers in certain cases. A remote attacker
could possibly use this issue to cause GnuTLS to crash, resulting in a
denial of service. (CVE-2026-42009)

Joshua Rogers discovered that GnuTLS did not properly handle usernames
containing NUL characters in certain RSA-PSK configurations. A remote
attacker could possibly use this issue to bypass authentication and gain
unintended access to services. This issue only affected Ubuntu 20.04
LTS. (CVE-2026-42010)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8502-1</guid><pubDate>Mon, 06 Jul 2026 13:37:09 +0000</pubDate></item><item><title>USN-8513-1: PHP vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8513-1</link><description>It was discovered that PHP incorrectly handled SOAP object deduplication
when processing apache:Map nodes with duplicate keys. An attacker could
possibly use this to cause a use-after-free, resulting in remote code
execution. (CVE-2026-6722)

It was discovered that PHP incorrectly handled SOAP request persistence when
configured with SOAP_PERSISTENCE_SESSION. An attacker could possibly use this
to cause a use-after-free, resulting in memory corruption, information
disclosure, or a denial of service. (CVE-2026-7261)

It was discovered that the PDO Firebird driver in PHP improperly handled NUL
bytes when quoting SQL query strings. An attacker could possibly use this to
perform SQL injection when attacker-controlled values are embedded in SQL
statements. (CVE-2025-14179)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8513-1</guid><pubDate>Mon, 06 Jul 2026 13:22:54 +0000</pubDate></item><item><title>USN-8512-1: Gzip vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8512-1</link><description>It was discovered that Gzip's gzexe utility handled temporary files in an
insecure manner. When the mktemp utility was not available, gzexe
constructed a temporary file path based on the process ID, which could be
predicted. A local attacker could possibly use this issue to overwrite
arbitrary files via a symlink attack. (CVE-2026-41991)

It was discovered that Gzip incorrectly handled certain compressed files.
An attacker could possibly use this issue to obtain sensitive information
or cause Gzip to crash, resulting in a denial of service. (CVE-2026-41992)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8512-1</guid><pubDate>Mon, 06 Jul 2026 12:52:06 +0000</pubDate></item><item><title>USN-8511-1: socat vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8511-1</link><description>It was discovered that socat incorrectly handled the SOCKS5 proxy server
reply parser. A remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2026-56123)

It was discovered that socat incorrectly handled a sample script. A local
attacker could possibly use this issue to overwrite arbitrary files. This
issue only affected Ubuntu 24.04 LTS. (CVE-2024-54661)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8511-1</guid><pubDate>Mon, 06 Jul 2026 12:37:17 +0000</pubDate></item><item><title>USN-8510-1: tar vulnerability</title><link>https://ubuntu.com/security/notices/USN-8510-1</link><description>It was discovered that tar incorrectly handled symlinks when extracting
archives. An attacker could possibly use this issue to overwrite arbitrary
files.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8510-1</guid><pubDate>Mon, 06 Jul 2026 11:57:49 +0000</pubDate></item></channel></rss>