<?xml version='1.0' encoding='UTF-8'?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0"><channel><title>Ubuntu security notices</title><link>https://ubuntu.com/security/notices/rss.xml</link><description>Recent content on Ubuntu security notices</description><atom:link href="https://ubuntu.com/security/notices/rss.xml" rel="self"/><copyright>2026 Canonical Ltd. Ubuntu and Canonical are registered trademarks of Canonical Ltd.</copyright><docs>http://www.rssboard.org/rss-specification</docs><generator>Feedgen</generator><lastBuildDate>Tue, 14 Jul 2026 21:34:58 +0000</lastBuildDate><item><title>USN-8542-1: Dnsmasq vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8542-1</link><description>Yiwei Hou discovered that Dnsmasq incorrectly handled logging of DS or
DNSKEY. A remote attacker could possibly use this issue to cause a
denial of service. (CVE-2026-12725)

It was discovered that Dnsmasq incorrectly validated the length of
fixed-length DNS record fields when parsing NS section records. A remote
attacker could possibly use this issue to cause Dnsmasq to read out of
bounds, possibly exposing sensitive information. (CVE-2026-12969)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8542-1</guid><pubDate>Tue, 14 Jul 2026 17:43:48 +0000</pubDate></item><item><title>USN-8526-2: libheif vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8526-2</link><description>USN-8526-1 fixed vulnerabilities in libheif. This update provides the
corresponding updates for CVE-2026-47709 and CVE-2026-47714 in
Ubuntu 24.04 LTS.

Original advisory details:

 Junyi Liu discovered that libheif had a null pointer dereference in its
 image tiling interface. An attacker could possibly use this issue to
 cause a denial of service. (CVE-2026-47709)

 Calvin Young and Enoch Chow discovered that libheif had an integer
 overflow in its inline mask size calculation. An attacker could
 possibly use this issue to cause a denial of service or obtain sensitive
 information. (CVE-2026-47714)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8526-2</guid><pubDate>Tue, 14 Jul 2026 16:29:55 +0000</pubDate></item><item><title>USN-8541-1: Vim vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8541-1</link><description>Hirohito Higashi discovered that Vim incorrectly escaped class or trait
names when performing PHP omni-completion. An attacker could possibly
use this issue to trick a user into opening a specially crafted PHP
file and executing arbitrary commands. This issue only affected Ubuntu
22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 26.04 LTS. (CVE-2026-59856)

Hirohito Higashi discovered that Vim incorrectly handled sound-folding
of certain words when using a spell file. An attacker could possibly
use this issue to cause Vim to crash, resulting in a denial of service.
(CVE-2026-59857)

It was discovered that Vim incorrectly escaped certain tags file fields
when performing C omni-completion. An attacker could possibly use this
issue to trick a user into opening a specially crafted file and
executing arbitrary commands. (CVE-2026-59858)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8541-1</guid><pubDate>Tue, 14 Jul 2026 16:17:31 +0000</pubDate></item><item><title>USN-8540-1: OpenVPN vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8540-1</link><description>It was discovered that OpenVPN had a 1-byte buffer overrun when handling
NTLMv2 proxy responses. An attacker could use this issue to cause a denial
of service or possibly execute arbitrary code. This issue only affected
Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-11771)

It was discovered that OpenVPN incorrectly handled metadata when extracting
tls-crypt-v2 client keys. An attacker could possibly use this issue to
obtain sensitive information. (CVE-2026-12932)

It was discovered that OpenVPN had a use-after-free in the ack_write_buf
handling. An attacker could use this issue to cause OpenVPN to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-12996)

It was discovered that OpenVPN had a use-after-free in the tls_wrap_reneg
handling. An attacker could use this issue to cause OpenVPN to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-13117)

It was discovered that OpenVPN incorrectly validated authentication tokens
when external authentication was enabled. A remote attacker could possibly
use this issue to cause OpenVPN to crash, resulting in a denial of service.
This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS.
(CVE-2026-13122)

It was discovered that OpenVPN had a memory leak when handling tls-crypt-v2
client keys. A remote attacker with a valid tls-crypt-v2 client key could
possibly use this issue to cause OpenVPN to consume excessive resources,
leading to a denial of service. (CVE-2026-13698)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8540-1</guid><pubDate>Tue, 14 Jul 2026 15:40:18 +0000</pubDate></item><item><title>USN-8539-1: GnuTLS vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8539-1</link><description>Haruto Kimura discovered that GnuTLS did not properly apply permitted
name constraints in certain certificate validation paths. A remote
attacker could possibly use this issue to bypass certificate validation,
leading to a machine-in-the-middle attack. (CVE-2026-42011)

Oleh Konko discovered that GnuTLS incorrectly fell back to Common Name
checks for certain URI and SRV subject alternative names. A remote
attacker could possibly use this issue to bypass certificate validation,
leading to a machine-in-the-middle attack. (CVE-2026-42012)

Haruto Kimura and Joshua Rogers discovered that GnuTLS incorrectly fell
back to Common Name checks when subject alternative names were
oversized. A remote attacker could possibly use this issue to bypass
certificate validation, leading to a machine-in-the-middle attack.
(CVE-2026-42013)

Luigino Camastra and Joshua Rogers discovered that GnuTLS had a
use-after-free issue when changing PKCS#11 token security officer PINs
in certain cases. An attacker could possibly use this issue to cause
GnuTLS to crash, resulting in a denial of service, or execute arbitrary
code. (CVE-2026-42014)

Zou Dikai discovered that GnuTLS did not properly validate PKCS#12 bag
sizes in certain cases. An attacker could possibly use this issue to
cause GnuTLS to crash, resulting in a denial of service, or execute
arbitrary code. (CVE-2026-42015)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8539-1</guid><pubDate>Tue, 14 Jul 2026 15:16:35 +0000</pubDate></item><item><title>USN-8538-1: alsa-lib vulnerability</title><link>https://ubuntu.com/security/notices/USN-8538-1</link><description>It was discovered that alsa-lib incorrectly handled certain ALSA
configuration text. An attacker could use this issue to cause alsa-lib to
crash, resulting in a denial of service, or possibly execute arbitrary
code.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8538-1</guid><pubDate>Tue, 14 Jul 2026 12:02:59 +0000</pubDate></item><item><title>USN-8537-1: httplib2 vulnerability</title><link>https://ubuntu.com/security/notices/USN-8537-1</link><description>It was discovered that httplib2 performed unbounded decompression of HTTP
response bodies when the server used gzip or deflate Content-Encoding. A
remote attacker could possibly use this issue to cause httplib2 to use
excessive resources, leading to a denial of service.</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8537-1</guid><pubDate>Tue, 14 Jul 2026 11:56:56 +0000</pubDate></item><item><title>USN-8536-1: MariaDB vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8536-1</link><description>It was discovered that MariaDB did not properly validate parameters
supplied by a joiner node during a State Snapshot Transfer using the
mariabackup method. An attacker could possibly use this issue to execute
arbitrary shell commands on the donor node. (CVE-2026-44168)

It was discovered that MariaDB did not properly enforce the SHOW CREATE
ROUTINE privilege when a user obtained access to a stored routine via a
role. An authenticated user could possibly use this issue to obtain
sensitive information. (CVE-2026-44169)

It was discovered that MariaDB's mbstream utility did not properly validate
paths when unpacking archives. An attacker could possibly use this issue to
write files outside of the intended target directory. (CVE-2026-44171)

It was discovered that MariaDB's mysql_real_escape_string() function
incorrectly handled the big5 character set. An attacker could possibly use
this issue to perform SQL injection attacks. (CVE-2026-44172)

It was discovered that MariaDB did not properly check the FILE privilege
when the FROM clause of a SELECT ... INTO OUTFILE or SELECT ... INTO
DUMPFILE statement contained only subqueries. An authenticated user could
possibly use this issue to write files to unintended locations.
(CVE-2026-44173)

It was discovered that MariaDB did not properly validate parameters
supplied by a joiner node during a State Snapshot Transfer using the rsync
method. An attacker could possibly use this issue to execute arbitrary
shell commands on the donor node. (CVE-2026-48163)

It was discovered that MariaDB allowed a high-privileged user to set
certain Galera system variables to values containing shell commands, which
were then executed by the server process. An authenticated user could
possibly use this issue to execute arbitrary shell commands.
(CVE-2026-48165)

It was discovered that MariaDB executed shell commands embedded in the name
of a joiner node when wsrep_notify_cmd was enabled. A remote attacker could
possibly use this issue to execute arbitrary shell commands.
(CVE-2026-49261)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8536-1</guid><pubDate>Tue, 14 Jul 2026 11:45:03 +0000</pubDate></item><item><title>USN-8535-1: PipeWire vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8535-1</link><description>It was discovered that PipeWire accepted unbounded Content-Length values
in its RAOP module. A remote attacker could possibly use this issue to cause
a denial of service. This issue only affected Ubuntu 24.04 LTS.
(CVE-2026-14324)

It was discovered that PipeWire performed multiple unbounded stack
allocations in its PulseAudio protocol server. A local attacker could
possibly use this issue to cause a denial of service. (CVE-2026-14330)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8535-1</guid><pubDate>Mon, 13 Jul 2026 15:54:16 +0000</pubDate></item><item><title>USN-8534-1: LibreOffice vulnerabilities</title><link>https://ubuntu.com/security/notices/USN-8534-1</link><description>It was discovered that LibreOffice incorrectly handled importing DXF
drawings. An attacker could use this issue to cause LibreOffice to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-6039)

It was discovered that LibreOffice incorrectly handled certain ODF number
formats. An attacker could use this issue to cause LibreOffice to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. (CVE-2026-6040)

It was discovered that LibreOffice incorrectly handled importing EMF+
graphics. An attacker could use this issue to cause LibreOffice to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-6045)

It was discovered that LibreOffice incorrectly handled importing PPT
presentations. An attacker could use this issue to cause LibreOffice to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2026-8356)

It was discovered that LibreOffice Calc incorrectly handled compiling
certain formulas. An attacker could use this issue to cause LibreOffice to
crash, resulting in a denial of service, or possily execute arbitrary code.
(CVE-2026-8357)

It was discovered that LibreOffice Calc incorrectly handled importing
spreadsheet tracked changes. An attacker could use this issue to cause
LibreOffice to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2026-8358)</description><guid isPermaLink="false">https://ubuntu.com/security/notices/USN-8534-1</guid><pubDate>Mon, 13 Jul 2026 15:04:25 +0000</pubDate></item></channel></rss>