UbuntuUpdates.org

Latest Changelogs for all releases

All releases Bionic Focal Jammy Noble Plucky Questing Resolute
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesbackportsproposedbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

cups Jun 8th 17:07
Release: questing Repo: main Level: security New version: 2.4.12-0ubuntu3.9
Packages in group:  cups-bsd cups-client cups-common cups-core-drivers cups-daemon cups-ipp-utils cups-ppdc cups-server-common libcups2-dev libcups2t64 libcupsimage2-dev (... see all)

  cups (2.4.12-0ubuntu3.9) questing-security; urgency=medium

  * SECURITY UPDATE: authorization bypass vulnerability
    - debian/patches/CVE-2026-27447-1.patch: The scheduler treated local user
      and group names as case-insensitive. in scheduler/auth.c.
    - debian/patches/CVE-2026-27447-2.patch: Fix cupsd crash if user does not
      exist on server in scheduler/auth.c.
    - debian/patches/CVE-2026-27447-3.patch: Fix unauthenticated print policies
      (Issue #1557) in scheduler/auth.c.
    - CVE-2026-27447
  * SECURITY UPDATE: RSS notifier path traversal issue
    - debian/patches/CVE-2026-34978.patch: Fix RSS notifier. in notifier/rss.c,
      scheduler/ipp.c.
    - CVE-2026-34978
  * SECURITY UPDATE: heap overflow in building filter option strings
    - debian/patches/CVE-2026-34979-1.patch: Expand allocation of options
      string. in scheduler/job.c.
    - debian/patches/CVE-2026-34979-2.patch: Fix get_options regression (Issue
      #1532) in scheduler/job.c, test/5.5-lp.sh.
    - CVE-2026-34979
  * SECURITY UPDATE: embedded newline issue in print jobs
    - debian/patches/CVE-2026-34980-1.patch: Filter out control characters from
      option values. in scheduler/job.c.
    - debian/patches/CVE-2026-34980-2.patch: Fix filter PPD keyword processing
      (Issue #1562) in scheduler/job.c.
    - CVE-2026-34980
  * SECURITY UPDATE: incorrectly accepts local certificates over the
    loopback interface
    - debian/patches/CVE-2026-34990-1.patch: Don't allow local certificates over
      the loopback interface, drop support for writing to plain files. in
      cups/auth.c, scheduler/auth.c, scheduler/client.c, scheduler/ipp.c,
      scheduler/job.c, test/4.2-cups-printer-ops.test, test/5.1-lpadmin.sh.
    - debian/patches/CVE-2026-34990-2.patch: Fix builds against GSSAPI
      (Kerberos) in cups/auth.c.
    - CVE-2026-34990
  * SECURITY UPDATE: integer underflow in _ppdCreateFromIPP()
    - debian/patches/CVE-2026-39314.patch: Range check job-password-supported.
      in cups/ppd-cache.c.
    - CVE-2026-39314
  * SECURITY UPDATE: use-after-free when temp printers are deleted
    - debian/patches/CVE-2026-39316.patch: Expire per-printer subscriptions
      before deleting. in scheduler/printers.c.
    - CVE-2026-39316
  * SECURITY UPDATE: OOB read via SNMP response
    - debian/patches/CVE-2026-41079.patch: Limit num_bytes for SNMP string
      values. in cups/snmp-private.h, cups/snmp.c.
    - CVE-2026-41079
  * Miscellaneous additional fixes:
    - debian/patches/misc-fix-1.patch: Improve page header validation in
      cupsRasterReadHeader in cups/raster-error.c, cups/raster-stream.c.
    - debian/patches/misc-fix-2.patch: Protect against a driver reporting a
      supply type with a trailing '-'. in scheduler/printers.c.
    - debian/patches/misc-fix-3.patch: Range check cupsBytesPerLine in
      rastertoepson. in filter/rastertoepson.c.
    - debian/patches/misc-fix-4.patch: Sanity check HWResolution when writing
      Apple Raste

 (See more...)
CVE-2026-27447 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd
CVE-2026-34978 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier a
CVE-2026-34979 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-ba
CVE-2026-34980 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-expos
CVE-2026-34990 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileg
More...

pillow Jun 8th 17:07
Release: noble Repo: universe Level: updates New version: 10.2.0-1ubuntu1.2
Packages in group:  python3-pil.imagetk

  pillow (10.2.0-1ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: integer overflow via large font advances
    - debian/patches/CVE-2026-42308.patch: Use long for glyph position in
      src/_imagingft.c.
    - CVE-2026-42308
  * SECURITY UPDATE: DoS via malicious PDF
    - debian/patches/CVE-2026-42310.patch: Raise an error if the trailer chain
      loops back on itself in src/PIL/PdfParser.py.
    - CVE-2026-42310

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2026 13:41:17 -0400
CVE-2026-42308 Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track
CVE-2026-42310 Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to ha

poppler Jun 8th 17:07
Release: noble Repo: universe Level: updates New version: 24.02.0-1ubuntu9.9
Packages in group:  libpoppler-glib-dev libpoppler-qt5-1t64 libpoppler-qt5-dev libpoppler-qt6-3t64 libpoppler-qt6-dev

  poppler (24.02.0-1ubuntu9.9) noble-security; urgency=medium

  * SECURITY UPDATE: integer overflow in Splash backend
    - debian/patches/CVE-2026-10118.patch: SplashOutputDev: Fix integer overflow
      in tilingPatternFill in poppler/SplashOutputDev.cc.
    - CVE-2026-10118

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2026 10:46:44 -0400
CVE-2026-10118 A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered

nginx Jun 8th 17:07
Release: noble Repo: universe Level: updates New version: 1.24.0-2ubuntu7.10
Packages in group:  libnginx-mod-http-geoip libnginx-mod-http-perl libnginx-mod-stream-geoip nginx-dev nginx-extras nginx-full nginx-light

  nginx (1.24.0-2ubuntu7.10) noble-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 Bomb denial of service
    - debian/patches/CVE-2026-49975.patch: Added max_headers directive. in
      src/http/ngx_http_core_module.c, src/http/ngx_http_core_module.h,
      src/http/ngx_http_request.c, src/http/ngx_http_request.h,
      src/http/v2/ngx_http_v2.c.
    - CVE-2026-49975

 -- Marc Deslauriers <email address hidden> Fri, 05 Jun 2026 07:37:34 -0400

transmission Jun 8th 17:07
Release: noble Repo: universe Level: security New version: 4.0.5-1ubuntu0.1
Packages in group:  transmission-cli transmission-daemon transmission-qt

  transmission (4.0.5-1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: clickjacking weakness in WebUI
    - debian/patches/CVE-2026-38978.patch: fix: add clickjack safeguards when
      serving http responses in libtransmission/rpc-server.cc.
    - CVE-2026-38978

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2026 09:37:03 -0400
CVE-2026-38978 transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths.

pillow Jun 8th 17:07
Release: noble Repo: main Level: updates New version: 10.2.0-1ubuntu1.2
Packages in group:  python3-pil python-pil-doc

  pillow (10.2.0-1ubuntu1.2) noble-security; urgency=medium

  * SECURITY UPDATE: integer overflow via large font advances
    - debian/patches/CVE-2026-42308.patch: Use long for glyph position in
      src/_imagingft.c.
    - CVE-2026-42308
  * SECURITY UPDATE: DoS via malicious PDF
    - debian/patches/CVE-2026-42310.patch: Raise an error if the trailer chain
      loops back on itself in src/PIL/PdfParser.py.
    - CVE-2026-42310

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2026 13:41:17 -0400
CVE-2026-42308 Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track
CVE-2026-42310 Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to ha

poppler Jun 8th 17:07
Release: noble Repo: main Level: updates New version: 24.02.0-1ubuntu9.9
Packages in group:  gir1.2-poppler-0.18 libpoppler134 libpoppler-cpp0t64 libpoppler-cpp-dev libpoppler-dev libpoppler-glib8t64 libpoppler-glib-doc libpoppler-private-dev poppler-utils

  poppler (24.02.0-1ubuntu9.9) noble-security; urgency=medium

  * SECURITY UPDATE: integer overflow in Splash backend
    - debian/patches/CVE-2026-10118.patch: SplashOutputDev: Fix integer overflow
      in tilingPatternFill in poppler/SplashOutputDev.cc.
    - CVE-2026-10118

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2026 10:46:44 -0400
CVE-2026-10118 A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered

nginx Jun 8th 17:07
Release: noble Repo: main Level: updates New version: 1.24.0-2ubuntu7.10
Packages in group:  libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-stream nginx-common nginx-core nginx-doc

  nginx (1.24.0-2ubuntu7.10) noble-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 Bomb denial of service
    - debian/patches/CVE-2026-49975.patch: Added max_headers directive. in
      src/http/ngx_http_core_module.c, src/http/ngx_http_core_module.h,
      src/http/ngx_http_request.c, src/http/ngx_http_request.h,
      src/http/v2/ngx_http_v2.c.
    - CVE-2026-49975

 -- Marc Deslauriers <email address hidden> Fri, 05 Jun 2026 07:37:34 -0400

transmission Jun 8th 17:07
Release: noble Repo: main Level: security New version: 4.0.5-1ubuntu0.1
Packages in group:  transmission-common transmission-gtk

  transmission (4.0.5-1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: clickjacking weakness in WebUI
    - debian/patches/CVE-2026-38978.patch: fix: add clickjack safeguards when
      serving http responses in libtransmission/rpc-server.cc.
    - CVE-2026-38978

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2026 09:37:03 -0400
CVE-2026-38978 transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths.

isc-kea Jun 8th 17:07
Release: noble Repo: main Level: security New version: 2.4.1-3ubuntu0.2
Packages in group:  kea kea-admin kea-common kea-ctrl-agent kea-dev kea-dhcp4-server kea-dhcp6-server kea-dhcp-ddns-server kea-doc python3-kea-connector

  isc-kea (2.4.1-3ubuntu0.2) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted message to API socket or HA listener
    - debian/patches/CVE-2026-3608.patch: Restrict number of recursive calls
      when parsing config in src/lib/cc/data.cc, src/lib/cc/data.h,
      src/lib/cc/tests/data_unittests.cc, src/lib/process/redact_config.cc,
      src/lib/process/redact_config.h,
      src/lib/process/tests/d_cfg_mgr_unittests.cc.
    - CVE-2026-3608

 -- Marc Deslauriers <email address hidden> Fri, 05 Jun 2026 15:06:29 -0400
CVE-2026-3608 Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA list

cups Jun 8th 17:07
Release: noble Repo: main Level: security New version: 2.4.7-1.2ubuntu7.13
Packages in group:  cups-bsd cups-client cups-common cups-core-drivers cups-daemon cups-ipp-utils cups-ppdc cups-server-common libcups2-dev libcups2t64 libcupsimage2-dev (... see all)

  cups (2.4.7-1.2ubuntu7.13) noble-security; urgency=medium

  * SECURITY UPDATE: authorization bypass vulnerability
    - debian/patches/CVE-2026-27447-1.patch: The scheduler treated local user
      and group names as case-insensitive. in scheduler/auth.c.
    - debian/patches/CVE-2026-27447-2.patch: Fix cupsd crash if user does not
      exist on server in scheduler/auth.c.
    - debian/patches/CVE-2026-27447-3.patch: Fix unauthenticated print policies
      (Issue #1557) in scheduler/auth.c.
    - CVE-2026-27447
  * SECURITY UPDATE: RSS notifier path traversal issue
    - debian/patches/CVE-2026-34978.patch: Fix RSS notifier. in notifier/rss.c,
      scheduler/ipp.c.
    - CVE-2026-34978
  * SECURITY UPDATE: heap overflow in building filter option strings
    - debian/patches/CVE-2026-34979-1.patch: Expand allocation of options
      string. in scheduler/job.c.
    - debian/patches/CVE-2026-34979-2.patch: Fix get_options regression (Issue
      #1532) in scheduler/job.c, test/5.5-lp.sh.
    - CVE-2026-34979
  * SECURITY UPDATE: embedded newline issue in print jobs
    - debian/patches/CVE-2026-34980-1.patch: Filter out control characters from
      option values. in scheduler/job.c.
    - debian/patches/CVE-2026-34980-2.patch: Fix filter PPD keyword processing
      (Issue #1562) in scheduler/job.c.
    - CVE-2026-34980
  * SECURITY UPDATE: incorrectly accepts local certificates over the
    loopback interface
    - debian/patches/CVE-2026-34990-1.patch: Don't allow local certificates over
      the loopback interface, drop support for writing to plain files. in
      cups/auth.c, scheduler/auth.c, scheduler/client.c, scheduler/ipp.c,
      scheduler/job.c, test/4.2-cups-printer-ops.test, test/5.1-lpadmin.sh.
    - debian/patches/CVE-2026-34990-2.patch: Fix builds against GSSAPI
      (Kerberos) in cups/auth.c.
    - CVE-2026-34990
  * SECURITY UPDATE: integer underflow in _ppdCreateFromIPP()
    - debian/patches/CVE-2026-39314.patch: Range check job-password-supported.
      in cups/ppd-cache.c.
    - CVE-2026-39314
  * SECURITY UPDATE: use-after-free when temp printers are deleted
    - debian/patches/CVE-2026-39316.patch: Expire per-printer subscriptions
      before deleting. in scheduler/printers.c.
    - CVE-2026-39316
  * SECURITY UPDATE: OOB read via SNMP response
    - debian/patches/CVE-2026-41079.patch: Limit num_bytes for SNMP string
      values. in cups/snmp-private.h, cups/snmp.c.
    - CVE-2026-41079
  * Miscellaneous additional fixes:
    - debian/patches/misc-fix-1.patch: Improve page header validation in
      cupsRasterReadHeader in cups/raster-error.c, cups/raster-stream.c.
    - debian/patches/misc-fix-2.patch: Protect against a driver reporting a
      supply type with a trailing '-'. in scheduler/printers.c.
    - debian/patches/misc-fix-3.patch: Range check cupsBytesPerLine in
      rastertoepson. in filter/rastertoepson.c.
    - debian/patches/misc-fix-4.patch: Sanity check HWResolution when writing
      Apple Raster

 (See more...)
CVE-2026-27447 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd
CVE-2026-34978 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier a
CVE-2026-34979 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-ba
CVE-2026-34980 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-expos
CVE-2026-34990 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileg
More...

pillow Jun 8th 17:07
Release: jammy Repo: universe Level: updates New version: 9.0.1-1ubuntu0.4
Packages in group:  python3-pil.imagetk

  pillow (9.0.1-1ubuntu0.4) jammy-security; urgency=medium

  * SECURITY UPDATE: integer overflow via large font advances
    - debian/patches/CVE-2026-42308.patch: Use long for glyph position in
      src/_imagingft.c.
    - CVE-2026-42308
  * SECURITY UPDATE: DoS via malicious PDF
    - debian/patches/CVE-2026-42310.patch: Raise an error if the trailer chain
      loops back on itself in src/PIL/PdfParser.py.
    - CVE-2026-42310

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2026 15:53:49 -0400
CVE-2026-42308 Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track
CVE-2026-42310 Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to ha

poppler Jun 8th 17:07
Release: jammy Repo: universe Level: updates New version: 22.02.0-2ubuntu0.13
Packages in group:  libpoppler-qt5-1 libpoppler-qt5-dev

  poppler (22.02.0-2ubuntu0.13) jammy-security; urgency=medium

  * SECURITY UPDATE: integer overflow in Splash backend
    - debian/patches/CVE-2026-10118.patch: SplashOutputDev: Fix integer overflow
      in tilingPatternFill in poppler/SplashOutputDev.cc.
    - CVE-2026-10118

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2026 10:47:37 -0400
CVE-2026-10118 A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered

nginx Jun 8th 17:07
Release: jammy Repo: universe Level: updates New version: 1.18.0-6ubuntu14.13
Packages in group:  libnginx-mod-http-auth-pam libnginx-mod-http-cache-purge libnginx-mod-http-dav-ext libnginx-mod-http-echo libnginx-mod-http-fancyindex libnginx-mod-http-geoip libnginx-mod-http-headers-more-filter libnginx-mod-http-ndk libnginx-mod-http-perl libnginx-mod-http-subs-filter libnginx-mod-http-uploadprogress (... see all)

  nginx (1.18.0-6ubuntu14.13) jammy-security; urgency=medium

  * SECURITY UPDATE: HTTP/2 Bomb denial of service
    - debian/patches/CVE-2026-49975.patch: Added max_headers directive. in
      src/http/ngx_http_core_module.c, src/http/ngx_http_core_module.h,
      src/http/ngx_http_request.c, src/http/ngx_http_request.h,
      src/http/v2/ngx_http_v2.c.
    - CVE-2026-49975

 -- Marc Deslauriers <email address hidden> Fri, 05 Jun 2026 07:38:10 -0400

transmission Jun 8th 17:07
Release: jammy Repo: universe Level: security New version: 3.00-2ubuntu2.2
Packages in group:  transmission-cli transmission-daemon transmission-qt

  transmission (3.00-2ubuntu2.2) jammy-security; urgency=medium

  * SECURITY UPDATE: clickjacking weakness in WebUI
    - debian/patches/CVE-2026-38978.patch: fix: add clickjack safeguards when
      serving http responses in libtransmission/rpc-server.c.
    - CVE-2026-38978

 -- Marc Deslauriers <email address hidden> Thu, 04 Jun 2026 09:41:36 -0400
CVE-2026-38978 transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths.


About   -   Send Feedback to @ubuntu_updates