Releases: cloudfoundry/bosh-linux-stemcell-builder
ubuntu jammy v1.1250
Metadata:
BOSH Agent Version: 2.855.0
Kernel Version: 5.15.0.181.164
USNs:
Title: USN-8402-1 -- systemd vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8402-1
Priorities: low,medium
Description:
It was discovered that systemd-nspawn incorrectly handled certain optional configuration files. A local attacker could possibly use this issue to escape to the host system and execute arbitrary code. (CVE-2026-40226) It was discovered that systemd-resolved incorrectly validated DNSSEC records for signed domains. An attacker could possibly use this issue to manipulate DNS records. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-7008) Update Instructions: Run sudo pro fix USN-8402-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnss-myhostname - 249.11-0ubuntu3.21 libnss-mymachines - 249.11-0ubuntu3.21 libnss-resolve - 249.11-0ubuntu3.21 libnss-systemd - 249.11-0ubuntu3.21 libpam-systemd - 249.11-0ubuntu3.21 libsystemd-dev - 249.11-0ubuntu3.21 libsystemd0 - 249.11-0ubuntu3.21 libudev-dev - 249.11-0ubuntu3.21 libudev1 - 249.11-0ubuntu3.21 systemd - 249.11-0ubuntu3.21 systemd-container - 249.11-0ubuntu3.21 systemd-coredump - 249.11-0ubuntu3.21 systemd-journal-remote - 249.11-0ubuntu3.21 systemd-oomd - 249.11-0ubuntu3.21 systemd-repart - 249.11-0ubuntu3.21 systemd-standalone-sysusers - 249.11-0ubuntu3.21 systemd-standalone-tmpfiles - 249.11-0ubuntu3.21 systemd-sysv - 249.11-0ubuntu3.21 systemd-tests - 249.11-0ubuntu3.21 systemd-timesyncd - 249.11-0ubuntu3.21 udev - 249.11-0ubuntu3.21 No subscription required
CVEs:
Title: USN-8414-1 -- OpenSSL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8414-1
Priorities: high,low,medium
Description:
Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or obtain sensitive information. (CVE-2026-34180) Pavol Zacik and Alex Gaynor discovered that OpenSSL incorrectly accepted PKCS#12 files with short HMAC keys when using PBMAC1. An attacker could possibly use this issue to bypass integrity checks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-34181) Asim Viladi Oglu Manizada and Alex Gaynor discovered that OpenSSL could accept forged CMS AuthEnvelopedData messages. An attacker could possibly use this issue to bypass message authentication checks. (CVE-2026-34182) Abhinav Agarwal discovered that OpenSSL had unbounded memory growth in the QUIC PATH_CHALLENGE handler. A remote attacker could possibly use this issue to cause OpenSSL to use excessive resources, leading to a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-34183) Sunwoo Lee, Hyuk Lim, and Seunghyun Yoon discovered that OpenSSL had a NULL pointer dereference in QUIC server initial packet handling. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-42764) Mayank Jangid, Kushal Khemka, Hari Priandana, Bhabani Sankar Das, and Qifan Zhang discovered that OpenSSL had a possible NULL dereference in password- based CMS decryption. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-42766) Zhanpeng Liu, Guannan Wang, and Guancheng Li discovered that OpenSSL had a NULL pointer dereference in CRMF EncryptedValue decryption. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-42767) Alex Gaynor discovered that OpenSSL had a Bleichenbacher oracle in CMS_decrypt() and PKCS7_decrypt() with multiple RecipientInfo values. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-42768) Alex Gaynor discovered that OpenSSL had a trust-anchor substitution issue in CMP rootCaKeyUpdate processing. An attacker could possibly use this issue to bypass certificate trust validation. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-42769) Alex Gaynor discovered that OpenSSL used attacker-supplied parameters when validating FFC-DH peers. An attacker could possibly use this issue to weaken key validation and compromise security guarantees. (CVE-2026-42770) Alex Gaynor discovered that OpenSSL could ignore the IV in AES-OCB mode on the EVP_Cipher() path. An attacker could possibly use this issue to bypass cryptographic protections and obtain sensitive information. (CVE-2026-45445) Alex Gaynor discovered that OpenSSL had incorrect tag processing for empty messages in AES-GCM-SIV and AES-SIV modes. An attacker could possibly use this issue to bypass cryptographic integrity checks. (CVE-2026-45446) Thai Duong discovered that OpenSSL had a heap use-after-free in PKCS7_verify(). An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-45447) Zehua Qiao and Jinwen He discovered that OpenSSL had a possible heap buffer overflow in ASN.1 multibyte string conversion. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. (CVE-2026-7383) Bhabani Sankar Das discovered that OpenSSL had an out-of-bounds read in CMS password-based decryption. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-9076) Update Instructions: Run sudo pro fix USN-8414-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 3.0.2-0ubuntu1.25 libssl-doc - 3.0.2-0ubuntu1.25 libssl3 - 3.0.2-0ubuntu1.25 openssl - 3.0.2-0ubuntu1.25 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2026-42770
- https://ubuntu.com/security/CVE-2026-45447
- https://ubuntu.com/security/CVE-2026-34182
- https://ubuntu.com/security/CVE-2026-42769
- https://ubuntu.com/security/CVE-2026-34181
- https://ubuntu.com/security/CVE-2026-34183
- https://ubuntu.com/security/CVE-2026-42766
- https://ubuntu.com/security/CVE-2026-34180
- https://ubuntu.com/security/CVE-2026-7383
- https://ubuntu.com/security/CVE-2026-9076
- https://ubuntu.com/security/CVE-2026-42768
- https://ubuntu.com/security/CVE-2026-42764
- https://ubuntu.com/security/CVE-2026-45445
- https://ubuntu.com/security/CVE-2026-45446
- https://ubuntu.com/security/CVE-2026-42767
Title: USN-8415-1 -- Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8415-1
Priorities: medium
Description:
It was discovered that Vim incorrectly handled marked filenames in the netrw plugin. An attacker could possibly use this issue to execute arbitrary code. (CVE-2026-43961) It was discovered that Vim incorrectly handled filenames when decompressing certain archives. An attacker could possibly use this issue to execute arbitrary code. (CVE-2026-46483) Update Instructions: Run sudo pro fix USN-8415-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:8.2.3995-1ubuntu2.31 vim-athena - 2:8.2.3995-1ubuntu2.31 vim-common - 2:8.2.3995-1ubuntu2.31 vim-doc - 2:8.2.3995-1ubuntu2.31 vim-gtk - 2:8.2.3995-1ubuntu2.31 vim-gtk3 - 2:8.2.3995-1ubuntu2.31 vim-gui-common - 2:8.2.3995-1ubuntu2.31 vim-nox - 2:8.2.3995-1ubuntu2.31 vim-runtime - 2:8.2.3995-1ubuntu2.31 vim-tiny - 2:8.2.3995-1ubuntu2.31 xxd - 2:8.2.3995-1ubuntu2.31 No subscription required
CVEs:
What's Changed
- minor readme nit - less os version specific by @mkocher in #616
- use default augen behavior by @mkocher in #618
- Add resolute to contribution guide. by @aramprice in #621
- ci: fix oci image build by @mkocher in #622
- CI: remove (future) deprecated
--preserve-envflag by @aramprice in #625 - CI: use explicit list with
--preserve-envby @aramprice in #626 - CI: pass
SHLVLto make~ubuntu/.bash_logoutsucceed by @aramprice in #627 - Update PR template by @aramprice in #629
- Remove CentOS-specific code and assets by @neddp in #620
- Add instance storage discovery patterns in config by @Ivaylogi98 in #592
- Add NVMe support to Alicloud infrastructure configuration by @Ivaylogi98 in #635
- Revert "Harden monit-access-helper.sh cgroupv2 mount point detection" by @beyhan in #638
- Nit: fix spelling by @aramprice in #642
New Contributors
Full Changelog: ubuntu-jammy/v1.1234...ubuntu-jammy/v1.1250
Contributors
Assets 2
ubuntu noble v1.396
Metadata:
BOSH Agent Version: 2.852.0
Kernel Version: 6.8.0-124.124
USNs:
Title: USN-8319-1 -- Libgcrypt vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8319-1
Priorities: medium
Description:
It was discovered that Libgcrypt incorrectly handled crafted ECDH ciphertext. An attacker could possibly use this issue to cause Libgcrypt to crash, resulting in a denial of service. (CVE-2026-41989) It was discovered that Libgcrypt incorrectly handled Dilithium signing. An attacker could possibly use this issue to cause Libgcrypt to crash, resulting in a denial of service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-41990) Update Instructions: Run sudo pro fix USN-8319-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt-mingw-w64-dev - 1.10.3-2ubuntu0.1 libgcrypt20 - 1.10.3-2ubuntu0.1 libgcrypt20-dev - 1.10.3-2ubuntu0.1 libgcrypt20-doc - 1.10.3-2ubuntu0.1 No subscription required
CVEs:
Title: USN-8373-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8373-1
Priorities: high,low,medium
Description:
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500, CVE-2026-45998, CVE-2026-46000) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contain a memory leak when handling AppArmor notifications. A local attacker could use this to cause resource exhaustion. (CVE-2026-47326) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contain a NULL pointer dereference when handling AppArmor notifications. A local attacker could use this to cause a kernel oops. (CVE-2026-47327) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained an invalid free when handling AppArmor notifications. A local attacker could use this to corrupt kernel memory. (CVE-2026-47328) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained insufficient validation of AppArmor notification responses. A local attacker could use this to allow crafted responses to be processed. (CVE-2026-47329) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 used an uninitialized variable when handling AppArmor notifications. A local attacker could use this to cause incorrect caching of data. (CVE-2026-47330) Tristan Madani discovered that Ubuntu Linux kernel 6.8 contained a use- after-free (UAF) bug. A local attacker could use this to cause memory corruption and, theoretically, arbitrary code execution. (CVE-2026-47331) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained an out-of-bounds (OOB) read when handling AppArmor notifications. A local attacker could use this to cause information disclosure of kernel memory. (CVE-2026-47332) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a out-of-bounds (OOB) read when handling AppArmor notifications. A local attacker could use this to cause kernel memory corruption and, theoretically, influence processing of AppArmor policies. (CVE-2026-47333) Tristan Madani discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained incorrect holding of locks when handling AppArmor notifications. A local attacker could use this to cause a kernel panic or deadlock. (CVE-2026-47334) Tristan Madani discovered that Ubuntu Linux kernel 6.8 contained a NULL pointer dereference when handling AppArmor notifications. A local attacker could use this to cause a kernel panic. (CVE-2026-47335) Tristan Madani discovered that Ubuntu Linux kernel 6.8 used an uninitialized variable when handling AppArmor AF_INET/AF_INET6 socket mediation. A local attacker could use this to influence processing of fine- grained network socket mediation. (CVE-2026-47336) Tristan Madani and Trevor Lawrence have each independently discovered that Ubuntu Linux kernel 6.8, 6.17 and 7.0 contained a NULL pointer dereference when handling AppArmor network socket mediation. A local attacker could use this to cause a kernel oops. (CVE-2026-47337) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RDS protocol; - RxRPC session sockets; (CVE-2026-31676, CVE-2026-43494) Update Instructions: Run sudo pro fix USN-8373-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-6.8.0-1026-nvidia-tegra - 6.8.0-1026.26 linux-buildinfo-6.8.0-1026-nvidia-tegra-rt - 6.8.0-1026.26 linux-headers-6.8.0-1026-nvidia-tegra - 6.8.0-1026.26 linux-headers-6.8.0-1026-nvidia-tegra-rt - 6.8.0-1026.26 linux-headers-nvidia-tegra - 6.8.0-1026.26 linux-headers-nvidia-tegra-6.8 - 6.8.0-1026.26 linux-headers-nvidia-tegra-rt - 6.8.0-1026.26 linux-headers-nvidia-tegra-rt-6.8 - 6.8.0-1026.26 linux-image-6.8.0-1026-nvidia-tegra - 6.8.0-1026.26 linux-image-6.8.0-1026-nvidia-tegra-rt - 6.8.0-1026.26 linux-image-nvidia-tegra - 6.8.0-1026.26 linux-image-nvidia-tegra-6.8 - 6.8.0-1026.26 linux-image-nvidia-tegra-rt - 6.8.0-1026.26 linux-image-nvidia-tegra-rt-6.8 - 6.8.0-1026.26 linux-image-uc-6.8.0-1026-nvidia-tegra - 6.8.0-1026.26 linux-image-uc-6.8.0-1026-nvidia-tegra-rt - 6.8.0-1026.26 linux-image-uc-nvidia-tegra - 6.8.0-1026.26 linux-image-uc-nvidia-tegra-6.8 - 6.8.0-1026.26 linux-image-uc-nvidia-tegra-rt - 6.8.0-1026.26 linux-image-uc-nvidia-tegra-rt-6.8 - 6.8.0-1026.26 linux-image-unsigned-6.8.0-1026-nvidia-tegra - 6.8.0-1026.26 linux-image-unsigned-6.8.0-1026-nvidia-tegra-rt - 6.8.0-1026.26 linux-modules-6.8.0-1026-nvidia-tegra - 6.8.0-1026.26 linux-modules-6.8.0-1026-nvidia-tegra-rt - 6.8.0-1026.26 linux-modules-extra-6.8.0-1026-nvidia-tegra - 6.8.0-1026.26 linux-modules-extra-6.8.0-1026-nvidia-tegra-rt - 6.8.0-1026.26 linux-nvidia-tegra - 6.8.0-1026.26 linux-nvidia-tegra-6.8 - 6.8.0-1026.26 linux-nvidia-tegra-headers-6.8.0-1026 - 6.8.0-1026.26 linux-nvidia-tegra-rt - 6.8.0-1026.26 linux-nvidia-tegra-rt-6.8 - 6.8.0-1026.26 linux-nvidia-tegra-tools-6.8.0-1026 - 6.8.0-1026.26 linux-tools-6.8.0-1026-nvidia-tegra - 6.8.0-1026.26 linux-tools-6.8.0-1026-nvidia-tegra-rt - 6.8.0-1026.26 linux-tools-nvidia-tegra - 6.8.0-1026.26 linux-tools-nvidia-tegra-6.8 - 6.8.0-1026.26 linux-tools-nvidia-tegra-rt - 6.8.0-1026.26 linux-tools-nvidia-tegra-rt-6.8 - 6.8.0-1026.26 No subscription required linux-buildinfo-6.8.0-1042-gkeop - 6.8.0-1042.45 linux-cloud-tools-6.8.0-1042-gkeop - 6.8.0-1042.45 linux-cloud-tools-gkeop - 6.8.0-1042.45 linux-cloud-tools-gkeop-6.8 - 6.8.0-1042.45 linux-gkeop - 6.8.0-1042.45 linux-gkeop-6.8 - 6.8.0-1042.45 linux-gkeop-cloud-tools-6.8.0-1042 - 6.8.0-1042.45 linux-gkeop-headers-6.8.0-1042 - 6.8.0-1042.45 linux-gkeop-tools-6.8.0-1042 - 6.8.0-1042.45 linux-headers-6.8.0-1042-gkeop - 6.8.0-1042.45 linux-headers-gkeop - 6.8.0-1042.45 linux-headers-gkeop-6.8 - 6.8.0-1042.45 linux-image-6.8.0-1042-gkeop - 6.8.0-1042.45 linux-image-gkeop - 6.8.0-1042.45 linux-image-gkeop-6.8 - 6.8.0-1042.45 linux-image-unsigned-6.8.0-1042-gkeop - 6.8.0-1042.45 linux-modules-6.8.0-1042-gkeop - 6.8.0-1042.45 linux-modules-extra-6.8.0-1042-gkeop - 6.8.0-1042.45 linux-modules-extra-gkeop - 6.8.0-1042.45 linux-modules-extra-gkeop-6.8 - 6.8.0-1042.45 linux-tools-6.8.0-1042-gkeop - 6.8.0-1042.45 linux-tools-gkeop - 6.8.0-1042.45 linux-tools-gkeop-6.8 - 6.8.0-1042.45 No subscription required linux-buildinfo-6.8.0-1054-oracle - 6.8.0-1054.55 linux-buildinfo-6.8.0-1054-oracle-64k - 6.8.0-1054.55 linux-headers-6.8.0-1054-oracle - 6.8.0-1054.55 linux-headers-6.8.0-1054-oracle-64k - 6.8.0-1054.55 linux-headers-oracle-6.8 - 6.8.0-1054.55 linux-headers-oracle-64k-6.8 - 6.8.0-1054.55 linux-headers-oracle-64k-lts-24.04 - 6.8.0-1054.55 linux-headers-oracle-lts-24.04 - 6.8.0-1054.55 linux-image-6.8.0-1054-oracle - 6.8.0-1054.55 linux-image-6.8.0-1054-oracle-64k - 6.8.0-1054.55 linux-image-oracle-6.8 - 6.8.0-1054.55 linux-image-oracle-64k-6.8 - 6.8.0-1054.55 linux-image-oracle-64k-lts-24.04 - 6.8.0-1054.55 linux-image-oracle-lts-24.04 - 6.8.0-1054.55 linux-image-unsigned-6.8.0-1054-oracle - 6.8.0-1054.55 linux-image-unsigned-6.8.0-1054-oracle-64k - 6.8.0-1054.55 linux-modules-6.8.0-1054-oracle - 6.8.0-1054.55 linux-modules-6.8.0-1054-oracle-64k - 6.8.0-1054.55 linux-modules-extra-6.8.0-1054-oracle - 6.8.0-1054.55 linux-modules-extra-6.8.0-1054-oracle-64k - 6.8.0-1054.55 linux-oracle-6.8 - 6.8.0-1054.55 linux-oracle-64k-6.8 - 6.8.0-1054.55 linux-oracle-64k-lts-24.04 - 6.8.0-1054.55 linux-oracle-headers-6.8.0-1054 - 6.8.0-1054.55 linux-oracle-lts-24.04 - 6.8.0-1054.55 linux-oracle-tools-6.8.0-1054 - 6.8.0-1054.55 linux-tools-6.8.0-1054-oracle - 6.8.0-1054.55 linux-tools-6.8.0-1054-oracle-64k - 6.8.0-1054.55 linux-tools-oracle-6.8 - 6.8.0-1054.55 linux-tools-oracle-64k-6.8 - 6.8.0-1054.55 linux-tools-oracle-64k-lts-24.04 - 6.8.0-1054.55 linux-tools-oracle-lts-24.04 - 6.8.0-1054.55 No subscription required linux-buildinfo-6.8.0-1055-nvidi...
ubuntu jammy v1.1234
Metadata:
BOSH Agent Version: 2.852.0
Kernel Version: 5.15.0.181.164
USNs:
Title: USN-8319-1 -- Libgcrypt vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8319-1
Priorities: medium
Description:
It was discovered that Libgcrypt incorrectly handled crafted ECDH ciphertext. An attacker could possibly use this issue to cause Libgcrypt to crash, resulting in a denial of service. (CVE-2026-41989) It was discovered that Libgcrypt incorrectly handled Dilithium signing. An attacker could possibly use this issue to cause Libgcrypt to crash, resulting in a denial of service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-41990) Update Instructions: Run sudo pro fix USN-8319-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libgcrypt-mingw-w64-dev - 1.9.4-3ubuntu3.2 libgcrypt20 - 1.9.4-3ubuntu3.2 libgcrypt20-dev - 1.9.4-3ubuntu3.2 libgcrypt20-doc - 1.9.4-3ubuntu3.2 No subscription required
CVEs:
Title: USN-8362-1 -- XZ Utils vulnerability
URL: https://ubuntu.com/security/notices/USN-8362-1
Priorities: low
Description:
It was discovered that XZ Utils did not properly manage memory when attempting to append data to a decoded index that contained no records. An attacker could possibly use this issue to cause XZ Utils to crash, resulting in a denial of service, or execute arbitrary code. Update Instructions: Run sudo pro fix USN-8362-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: liblzma-dev - 5.2.5-2ubuntu1.1 liblzma-doc - 5.2.5-2ubuntu1.1 liblzma5 - 5.2.5-2ubuntu1.1 xz-utils - 5.2.5-2ubuntu1.1 xzdec - 5.2.5-2ubuntu1.1 No subscription required
CVEs:
Title: USN-8379-1 -- urllib3 vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8379-1
Priorities: medium
Description:
It was discovered that urllib3 incorrectly handled cross-origin redirects in ProxyManager. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-44431) It was discovered that urllib3 incorrectly handled decompression of specially crafted responses. A remote attacker could possibly use this issue to cause urllib3 to consume resources, leading to a denial of service. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-44432) Update Instructions: Run sudo pro fix USN-8379-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-urllib3 - 1.26.5-1~exp1ubuntu0.7 No subscription required
CVEs:
Title: USN-8388-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8388-1
Priorities: high,medium
Description:
It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the RxRPC networking subsystem when processing paged fragments. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43284, CVE-2026-43500) It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. (CVE-2026-43503, CVE-2026-46300) Qualys discovered that a race condition existed in the ptrace subsystem of the Linux kernel when privileged processes are exiting. An unprivileged local attacker could use this issue to expose sensitive information. (CVE-2026-46333) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RDS protocol; (CVE-2026-43494) Update Instructions: Run sudo pro fix USN-8388-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.15.0-1050-nvidia-tegra-igx - 5.15.0-1050.50 linux-buildinfo-5.15.0-1050-nvidia-tegra-igx-rt - 5.15.0-1050.50 linux-headers-5.15.0-1050-nvidia-tegra-igx - 5.15.0-1050.50 linux-headers-5.15.0-1050-nvidia-tegra-igx-rt - 5.15.0-1050.50 linux-image-5.15.0-1050-nvidia-tegra-igx - 5.15.0-1050.50 linux-image-5.15.0-1050-nvidia-tegra-igx-rt - 5.15.0-1050.50 linux-image-uc-5.15.0-1050-nvidia-tegra-igx - 5.15.0-1050.50 linux-image-uc-5.15.0-1050-nvidia-tegra-igx-rt - 5.15.0-1050.50 linux-image-unsigned-5.15.0-1050-nvidia-tegra-igx - 5.15.0-1050.50 linux-image-unsigned-5.15.0-1050-nvidia-tegra-igx-rt - 5.15.0-1050.50 linux-modules-5.15.0-1050-nvidia-tegra-igx - 5.15.0-1050.50 linux-modules-5.15.0-1050-nvidia-tegra-igx-rt - 5.15.0-1050.50 linux-modules-extra-5.15.0-1050-nvidia-tegra-igx - 5.15.0-1050.50 linux-nvidia-tegra-igx-headers-5.15.0-1050 - 5.15.0-1050.50 linux-nvidia-tegra-igx-tools-5.15.0-1050 - 5.15.0-1050.50 linux-tools-5.15.0-1050-nvidia-tegra-igx - 5.15.0-1050.50 linux-tools-5.15.0-1050-nvidia-tegra-igx-rt - 5.15.0-1050.50 No subscription required linux-buildinfo-5.15.0-1061-nvidia-tegra - 5.15.0-1061.61 linux-buildinfo-5.15.0-1061-nvidia-tegra-rt - 5.15.0-1061.61 linux-headers-5.15.0-1061-nvidia-tegra - 5.15.0-1061.61 linux-headers-5.15.0-1061-nvidia-tegra-rt - 5.15.0-1061.61 linux-image-5.15.0-1061-nvidia-tegra - 5.15.0-1061.61 linux-image-5.15.0-1061-nvidia-tegra-rt - 5.15.0-1061.61 linux-image-unsigned-5.15.0-1061-nvidia-tegra - 5.15.0-1061.61 linux-image-unsigned-5.15.0-1061-nvidia-tegra-rt - 5.15.0-1061.61 linux-modules-5.15.0-1061-nvidia-tegra - 5.15.0-1061.61 linux-modules-5.15.0-1061-nvidia-tegra-rt - 5.15.0-1061.61 linux-modules-extra-5.15.0-1061-nvidia-tegra - 5.15.0-1061.61 linux-nvidia-tegra-headers-5.15.0-1061 - 5.15.0-1061.61 linux-nvidia-tegra-tools-5.15.0-1061 - 5.15.0-1061.61 linux-tools-5.15.0-1061-nvidia-tegra - 5.15.0-1061.61 linux-tools-5.15.0-1061-nvidia-tegra-rt - 5.15.0-1061.61 No subscription required linux-buildinfo-5.15.0-1092-gkeop - 5.15.0-1092.100 linux-cloud-tools-5.15.0-1092-gkeop - 5.15.0-1092.100 linux-gkeop-cloud-tools-5.15.0-1092 - 5.15.0-1092.100 linux-gkeop-headers-5.15.0-1092 - 5.15.0-1092.100 linux-gkeop-tools-5.15.0-1092 - 5.15.0-1092.100 linux-headers-5.15.0-1092-gkeop - 5.15.0-1092.100 linux-image-5.15.0-1092-gkeop - 5.15.0-1092.100 linux-image-unsigned-5.15.0-1092-gkeop - 5.15.0-1092.100 linux-modules-5.15.0-1092-gkeop - 5.15.0-1092.100 linux-modules-extra-5.15.0-1092-gkeop - 5.15.0-1092.100 linux-tools-5.15.0-1092-gkeop - 5.15.0-1092.100 No subscription required linux-buildinfo-5.15.0-1101-intel-iot-realtime - 5.15.0-1101.103 linux-cloud-tools-5.15.0-1101-intel-iot-realtime - 5.15.0-1101.103 linux-headers-5.15.0-1101-intel-iot-realtime - 5.15.0-1101.103 linux-image-5.15.0-1101-intel-iot-realtime - 5.15.0-1101.103 linux-image-uc-5.15.0-1101-intel-iot-realtime - 5.15.0-1101.103 linux-image-unsigned-5.15.0-1101-intel-iot-realtime - 5.15.0-1101.103 linux-intel-iot-realtime-cloud-tools-5.15.0-1101 - 5.15.0-1101.103 linux-intel-iot-realtime-cloud-tools-common - 5.15.0-1101.103 linux-intel-iot-realtime-headers-5.15.0-1101 - 5.15.0-1101.103 linux-intel-iot-realtime-tools-5.15.0-1101 - 5.15.0-1101.103 linux-intel-iot-realtime-tools-common - 5.15.0-1101.103 linux-intel-iot-realtime-tools-host - 5.15.0-1101.103 linux-modules-5.15.0-1101-intel-iot-realtime - 5.15.0-1101.103 linux-modules-extra-5.15.0-1101-intel-iot-realtime - 5.15.0-1101.103 linux-tools-5.15.0-1101-intel-iot-realtime - 5.15.0-1101.103 No subscription required linux-buildinfo-5.15.0-1101-kvm - 5.15.0-1101.106 linux-headers-5.15.0-1101-kvm - 5.15.0-1101.106 linux-image-5.15.0-1101-kvm - 5.15.0-1101.106 linux-image-unsigned-5.15.0-1101-kvm - 5.15.0-1101.106 linux-kvm-headers-5.15.0-1101 - 5.15.0-1101.106 linux-kvm-tools-5.15.0-1101 - 5.15.0-1101.106 linux-modules-5.15.0-1101-kvm - 5.15.0-1101.106 linux-tools-5.15.0-1101-kvm - 5.15.0-1101.106 No subscription required linux-buildinfo-5.15.0-1103-ibm - 5.15.0-1103.106 linux-buildinfo-5.15.0-1103-raspi - 5.15.0-1103.106 linux-headers-5.15.0-1103-ibm - 5.15.0-1103.106 linux-headers-5.15.0-1103-raspi - 5.15.0-1103.106 linux-ibm-cloud-tools-common - 5.15.0-1103.106 linux-ibm-headers-5.15.0-1103 - 5.15.0-1103.106 linux-ibm-source-5.15.0 - 5.15.0-1103.106 linux-ibm-tools-5.15.0-1103 - 5.15.0-1103.106 linux-ibm-tools-common - 5.15.0-1103.106 linux-image-5.15.0-1103-ibm - 5.15.0-1103.106 linux-image-5.15.0-1103-raspi - 5.15.0-1103.106 linux-image-unsigned-5.15.0-1103-ibm - 5.15.0-1103.106 linux-modules-5.15.0-1103-ibm - 5.15.0-1103.106 linux-modules-5.15.0-1103-raspi - 5.15.0-1103.106 linux-modules-extra-5.15.0-1103-ibm - 5.15.0-1103.106 linux-modules-extra-5.15.0-1103-raspi - 5.15.0-1103.106 linux-raspi-headers-5.15.0-1103 - 5.15.0-1103.106 linux-raspi-tools-5.15.0-1103 - 5.15.0-1103.106 linux-tools-5.15.0-1103-ibm - 5.15.0-1103.106 linux-tools-5.15.0-1103-raspi - 5.15.0-1103.106 No subscription required linux-buildinfo-5.15.0-1104-nvidia - 5.15.0-1104.105 linux-buildinfo-5.15.0-1104-nvidia-lowlatency - 5.15.0-1104.105 linux-cloud-tools-5.15.0-1104-nvidia - 5.15.0-1104.105 linux-cloud-tools-5.15.0-1104-nvidia-lowlatency - 5.15.0-1104.105 linux-headers-5.15.0-1104-nvidia - 5.15.0-1104.105 linux-headers-5.15.0-1104-nvidia-lowlatency - 5.15.0-1104.105 linux-image-5.15.0-1104-nvidia - 5.15.0-1104.105 linux-image-5.15.0-1104-nvidia-lowlatency - 5.15.0-1104.105 linux-image-unsigned-5.15.0-1104-nvidia - 5.15.0-1104.105 linux-image-unsigned-5.15.0-1104-nvidia-lowlatency - 5.15.0-1104.105 linux-modules-5.15.0-1104-nvidia - 5.15.0-1104.10...
ubuntu noble v1.383
Metadata:
BOSH Agent Version: 2.849.0
Kernel Version: 6.8.0-117.117
USNs:
Title: USN-8246-1 -- Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8246-1
Priorities: medium
Description:
Michał Majchrowicz discovered that Vim’s zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-35177) It was discovered that Vim’s netbeans interface did not properly sanitize certain strings. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-39881) It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-41411) Update Instructions: Run sudo pro fix USN-8246-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:9.1.0016-1ubuntu7.13 vim-athena - 2:9.1.0016-1ubuntu7.13 vim-common - 2:9.1.0016-1ubuntu7.13 vim-doc - 2:9.1.0016-1ubuntu7.13 vim-gtk3 - 2:9.1.0016-1ubuntu7.13 vim-gui-common - 2:9.1.0016-1ubuntu7.13 vim-motif - 2:9.1.0016-1ubuntu7.13 vim-nox - 2:9.1.0016-1ubuntu7.13 vim-runtime - 2:9.1.0016-1ubuntu7.13 vim-tiny - 2:9.1.0016-1ubuntu7.13 xxd - 2:9.1.0016-1ubuntu7.13 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2026-41411
- https://ubuntu.com/security/CVE-2026-39881
- https://ubuntu.com/security/CVE-2026-35177
Title: USN-8249-1 -- dpkg vulnerability
URL: https://ubuntu.com/security/notices/USN-8249-1
Priorities: medium
Description:
Yashashree Gund discovered that the dpkg dpkg-deb tool incorrectly handled certain zstd-compressed .deb archives. If a user or automated system were tricked into manipulating a specially crafted .deb archive, a remote attacker could possibly use this issue to cause dpkg-deb to stop responding, resulting in a denial of service. Update Instructions: Run sudo pro fix USN-8249-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: dpkg - 1.22.6ubuntu6.6 dpkg-dev - 1.22.6ubuntu6.6 dselect - 1.22.6ubuntu6.6 libdpkg-dev - 1.22.6ubuntu6.6 libdpkg-perl - 1.22.6ubuntu6.6 No subscription required
CVEs:
Title: USN-8251-1 -- libpng vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8251-1
Priorities: medium
Description:
It was discovered that libpng incorrectly handled memory when processing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-33416) It was discovered that libpng incorrectly handled expanding 8-bit paletted rows to RGB or RGBA on ARM processors. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-33636) It was discovered that libpng incorrectly handled certain setter APIs. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-34757) Update Instructions: Run sudo pro fix USN-8251-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng-dev - 1.6.43-5ubuntu0.6 libpng-tools - 1.6.43-5ubuntu0.6 libpng16-16t64 - 1.6.43-5ubuntu0.6 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2026-33416
- https://ubuntu.com/security/CVE-2026-34757
- https://ubuntu.com/security/CVE-2026-33636
Title: USN-8254-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8254-1
Priorities: high,medium
Description:
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; - Netfilter; (CVE-2026-23112, CVE-2026-23231, CVE-2026-23273) Update Instructions: Run sudo pro fix USN-8254-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-6.8.0-1038-gkeop - 6.8.0-1038.41 linux-cloud-tools-6.8.0-1038-gkeop - 6.8.0-1038.41 linux-cloud-tools-gkeop - 6.8.0-1038.41 linux-cloud-tools-gkeop-6.8 - 6.8.0-1038.41 linux-gkeop - 6.8.0-1038.41 linux-gkeop-6.8 - 6.8.0-1038.41 linux-gkeop-cloud-tools-6.8.0-1038 - 6.8.0-1038.41 linux-gkeop-headers-6.8.0-1038 - 6.8.0-1038.41 linux-gkeop-tools-6.8.0-1038 - 6.8.0-1038.41 linux-headers-6.8.0-1038-gkeop - 6.8.0-1038.41 linux-headers-gkeop - 6.8.0-1038.41 linux-headers-gkeop-6.8 - 6.8.0-1038.41 linux-image-6.8.0-1038-gkeop - 6.8.0-1038.41 linux-image-gkeop - 6.8.0-1038.41 linux-image-gkeop-6.8 - 6.8.0-1038.41 linux-image-unsigned-6.8.0-1038-gkeop - 6.8.0-1038.41 linux-modules-6.8.0-1038-gkeop - 6.8.0-1038.41 linux-modules-extra-6.8.0-1038-gkeop - 6.8.0-1038.41 linux-modules-extra-gkeop - 6.8.0-1038.41 linux-modules-extra-gkeop-6.8 - 6.8.0-1038.41 linux-tools-6.8.0-1038-gkeop - 6.8.0-1038.41 linux-tools-gkeop - 6.8.0-1038.41 linux-tools-gkeop-6.8 - 6.8.0-1038.41 No subscription required linux-buildinfo-6.8.0-1050-oracle - 6.8.0-1050.51 linux-buildinfo-6.8.0-1050-oracle-64k - 6.8.0-1050.51 linux-headers-6.8.0-1050-oracle - 6.8.0-1050.51 linux-headers-6.8.0-1050-oracle-64k - 6.8.0-1050.51 linux-headers-oracle-6.8 - 6.8.0-1050.51 linux-headers-oracle-64k-6.8 - 6.8.0-1050.51 linux-headers-oracle-64k-lts-24.04 - 6.8.0-1050.51 linux-headers-oracle-lts-24.04 - 6.8.0-1050.51 linux-image-6.8.0-1050-oracle - 6.8.0-1050.51 linux-image-6.8.0-1050-oracle-64k - 6.8.0-1050.51 linux-image-oracle-6.8 - 6.8.0-1050.51 linux-image-oracle-64k-6.8 - 6.8.0-1050.51 linux-image-oracle-64k-lts-24.04 - 6.8.0-1050.51 linux-image-oracle-lts-24.04 - 6.8.0-1050.51 linux-image-unsigned-6.8.0-1050-oracle - 6.8.0-1050.51 linux-image-unsigned-6.8.0-1050-oracle-64k - 6.8.0-1050.51 linux-modules-6.8.0-1050-oracle - 6.8.0-1050.51 linux-modules-6.8.0-1050-oracle-64k - 6.8.0-1050.51 linux-modules-extra-6.8.0-1050-oracle - 6.8.0-1050.51 linux-modules-extra-6.8.0-1050-oracle-64k - 6.8.0-1050.51 linux-oracle-6.8 - 6.8.0-1050.51 linux-oracle-64k-6.8 - 6.8.0-1050.51 linux-oracle-64k-lts-24.04 - 6.8.0-1050.51 linux-oracle-headers-6.8.0-1050 - 6.8.0-1050.51 linux-oracle-lts-24.04 - 6.8.0-1050.51 linux-oracle-tools-6.8.0-1050 - 6.8.0-1050.51 linux-tools-6.8.0-1050-oracle - 6.8.0-1050.51 linux-tools-6.8.0-1050-oracle-64k - 6.8.0-1050.51 linux-tools-oracle-6.8 - 6.8.0-1050.51 linux-tools-oracle-64k-6.8 - 6.8.0-1050.51 linux-tools-oracle-64k-lts-24.04 - 6.8.0-1050.51 linux-tools-oracle-lts-24.04 - 6.8.0-1050.51 No subscription required linux-buildinfo-6.8.0-1051-gke - 6.8.0-1051.57 linux-buildinfo-6.8.0-1051-gke-64k - 6.8.0-1051.57 linux-gke - 6.8.0-1051.57 linux-gke-6.8 - 6.8.0-1051.57 linux-gke-64k - 6.8.0-1051.57 linux-gke-64k-6.8 - 6.8.0-1051.57 linux-gke-headers-6.8.0-1051 - 6.8.0-1051.57 linux-gke-tools-6.8.0-1051 - 6.8.0-1051.57 linux-headers-6.8.0-1051-gke - 6.8.0-1051.57 linux-headers-6.8.0-1051-gke-64k - 6.8.0-1051.57 linux-headers-gke - 6.8.0-1051.57 linux-headers-gke-6.8 - 6.8.0-1051.57 linux-headers-gke-64k - 6.8.0-1051.57 linux-headers-gke-64k-6.8 - 6.8.0-1051.57 linux-image-6.8.0-1051-gke - 6.8.0-1051.57 linux-image-6.8.0-1051-gke-64k - 6.8.0-1051.57 linux-image-gke - 6.8.0-1051.57 linux-image-gke-6.8 - 6.8.0-1051.57 linux-image-gke-64k - 6.8.0-1051.57 linux-image-gke-64k-6.8 - 6.8.0-1051.57 linux-image-unsigned-6.8.0-1051-gke - 6.8.0-1051.57 linux-image-unsigned-6.8.0-1051-gke-64k - 6.8.0-1051.57 linux-modules-6.8.0-1051-gke - 6.8.0-1051.57 linux-modules-6.8.0-1051-gke-64k - 6.8.0-1051.57 linux-modules-extra-6.8.0-1051-gke - 6.8.0-1051.57 linux-modules-extra-6.8.0-1051-gke-64k - 6.8.0-1051.57 linux-modules-iwlwifi-6.8.0-1051-gke - 6.8.0-1051.57 linux-modules-iwlwifi-gke - 6.8.0-1051.57 linux-modules-iwlwifi-gke-6.8 - 6.8.0-1051.57 linux-tools-6.8.0-1051-gke - 6.8.0-1051.57 linux-tools-6.8.0-1051-gke-64k - 6.8.0-1051.57 linux-tools-gke - 6.8.0-1051.57 linux-tools-gke-6.8 - 6.8.0-1051.57 linux-tools-gke-64k - 6.8.0-1051.57 linux-tools-gke-64k-6.8 - 6.8.0-1051.57 No subscription required linux-buildinfo-6.8.0-1052-ibm - 6.8.0-1052.52 linux-headers-6.8.0-1052-ibm - 6.8.0-1052.52 linux-headers-ibm - 6.8.0-1052.52 linux-headers-ibm-6.8 - 6.8.0-1052.52 linux-headers-ibm-classic - 6.8.0-1052.52 linux-headers-ibm-lts-24.04 - 6.8.0-1052.52 linux-ibm - 6.8.0-1052.52 linux-ibm-6.8 - 6.8.0-1052.52 linux-ibm-classic - 6.8.0-1052.52 linux-ibm-headers-6.8.0-1052 - 6.8.0-1052.52 linux-ibm-lts-24.04 - 6.8.0-1052.52 linux-ibm-tools-6.8.0-1052 - 6.8.0-1052.52 linux-image-6.8.0-1052-ibm - 6.8.0-1052.52 linux-image-ibm - 6.8.0-1052.52 linux-image-ibm-6.8 - 6.8.0-1052.52 linux-image-ibm-classic - 6.8.0-1052.52 linux-image-ibm-lts-24.04 - 6.8.0-1052.52 linux-image-unsigned-6.8.0-1052-ibm - 6.8.0-1052.52 linux-modules-6.8.0-1052-ibm - 6.8.0-1052.52 linux-modules-extra-6.8.0-1052-ibm - 6.8.0-1052.52 linux-modules-iwlwifi-6.8.0-1052-ibm - 6.8.0-1052.52 linux-modules-iwlwifi-ibm - 6.8.0-1052.52 linux-modules-iwlwifi-ibm-6.8 - 6.8.0-1052.52 linux-modules-iwlwifi-ibm-classic - 6.8.0-1052.52 linux-modules-iwlwifi-ibm-lts-24.04 - 6.8.0-1052.52 linux-tools-6.8.0-1052-ibm - 6.8.0-1052.52 linux-tools-ibm - 6.8.0-1052.52 linux-tools-ibm-6.8 - 6.8.0-1052.52 linux-tools-ibm-classic - 6.8.0-1052.52 linux-tools-ibm-lts-24.04 - 6.8.0-1052.52 No subscription required linux-aws-6.8 - 6.8.0-1053.56 linux-aws-64k-6.8 - 6.8.0-1053.56 linux-aws-64k-lts-24.04 - 6.8.0-1053.56 linux-aws-cloud-tools-6.8.0-1053 - 6.8.0-1053.56 linu...
ubuntu jammy v1.1218
Metadata:
BOSH Agent Version: 2.848.0
Kernel Version: 5.15.0.179.163
USNs:
Title: USN-8246-1 -- Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8246-1
Priorities: medium
Description:
Michał Majchrowicz discovered that Vim’s zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-35177) It was discovered that Vim’s netbeans interface did not properly sanitize certain strings. An attacker could possibly use this issue to execute arbitrary commands. This issue only affected Ubuntu 26.04 LTS. (CVE-2026-39881) It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-41411) Update Instructions: Run sudo pro fix USN-8246-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:8.2.3995-1ubuntu2.29 vim-athena - 2:8.2.3995-1ubuntu2.29 vim-common - 2:8.2.3995-1ubuntu2.29 vim-doc - 2:8.2.3995-1ubuntu2.29 vim-gtk - 2:8.2.3995-1ubuntu2.29 vim-gtk3 - 2:8.2.3995-1ubuntu2.29 vim-gui-common - 2:8.2.3995-1ubuntu2.29 vim-nox - 2:8.2.3995-1ubuntu2.29 vim-runtime - 2:8.2.3995-1ubuntu2.29 vim-tiny - 2:8.2.3995-1ubuntu2.29 xxd - 2:8.2.3995-1ubuntu2.29 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2026-41411
- https://ubuntu.com/security/CVE-2026-39881
- https://ubuntu.com/security/CVE-2026-35177
Title: USN-8251-1 -- libpng vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8251-1
Priorities: medium
Description:
It was discovered that libpng incorrectly handled memory when processing certain PNG files. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-33416) It was discovered that libpng incorrectly handled expanding 8-bit paletted rows to RGB or RGBA on ARM processors. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-33636) It was discovered that libpng incorrectly handled certain setter APIs. An attacker could possibly use this issue to obtain sensitive information. (CVE-2026-34757) Update Instructions: Run sudo pro fix USN-8251-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng-dev - 1.6.37-3ubuntu0.5 libpng-tools - 1.6.37-3ubuntu0.5 libpng16-16 - 1.6.37-3ubuntu0.5 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2026-33416
- https://ubuntu.com/security/CVE-2026-34757
- https://ubuntu.com/security/CVE-2026-33636
Title: USN-8255-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8255-1
Priorities: high,medium
Description:
Stonejiajia, Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-2640) Shir Tamari and Sagi Tzadik discovered that the OverlayFS implementation in the Ubuntu Linux kernel did not properly perform permission checks in certain situations. A local attacker could possibly use this to gain elevated privileges. (CVE-2023-32629) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - NVME drivers; (CVE-2026-23112, CVE-2026-23273) Update Instructions: Run sudo pro fix USN-8255-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.15.0-1047-nvidia-tegra-igx - 5.15.0-1047.47 linux-buildinfo-5.15.0-1047-nvidia-tegra-igx-rt - 5.15.0-1047.47 linux-headers-5.15.0-1047-nvidia-tegra-igx - 5.15.0-1047.47 linux-headers-5.15.0-1047-nvidia-tegra-igx-rt - 5.15.0-1047.47 linux-image-5.15.0-1047-nvidia-tegra-igx - 5.15.0-1047.47 linux-image-5.15.0-1047-nvidia-tegra-igx-rt - 5.15.0-1047.47 linux-image-uc-5.15.0-1047-nvidia-tegra-igx - 5.15.0-1047.47 linux-image-uc-5.15.0-1047-nvidia-tegra-igx-rt - 5.15.0-1047.47 linux-image-unsigned-5.15.0-1047-nvidia-tegra-igx - 5.15.0-1047.47 linux-image-unsigned-5.15.0-1047-nvidia-tegra-igx-rt - 5.15.0-1047.47 linux-modules-5.15.0-1047-nvidia-tegra-igx - 5.15.0-1047.47 linux-modules-5.15.0-1047-nvidia-tegra-igx-rt - 5.15.0-1047.47 linux-modules-extra-5.15.0-1047-nvidia-tegra-igx - 5.15.0-1047.47 linux-nvidia-tegra-igx-headers-5.15.0-1047 - 5.15.0-1047.47 linux-nvidia-tegra-igx-tools-5.15.0-1047 - 5.15.0-1047.47 linux-tools-5.15.0-1047-nvidia-tegra-igx - 5.15.0-1047.47 linux-tools-5.15.0-1047-nvidia-tegra-igx-rt - 5.15.0-1047.47 No subscription required linux-buildinfo-5.15.0-1058-nvidia-tegra - 5.15.0-1058.58 linux-buildinfo-5.15.0-1058-nvidia-tegra-rt - 5.15.0-1058.58 linux-headers-5.15.0-1058-nvidia-tegra - 5.15.0-1058.58 linux-headers-5.15.0-1058-nvidia-tegra-rt - 5.15.0-1058.58 linux-image-5.15.0-1058-nvidia-tegra - 5.15.0-1058.58 linux-image-5.15.0-1058-nvidia-tegra-rt - 5.15.0-1058.58 linux-image-unsigned-5.15.0-1058-nvidia-tegra - 5.15.0-1058.58 linux-image-unsigned-5.15.0-1058-nvidia-tegra-rt - 5.15.0-1058.58 linux-modules-5.15.0-1058-nvidia-tegra - 5.15.0-1058.58 linux-modules-5.15.0-1058-nvidia-tegra-rt - 5.15.0-1058.58 linux-modules-extra-5.15.0-1058-nvidia-tegra - 5.15.0-1058.58 linux-nvidia-tegra-headers-5.15.0-1058 - 5.15.0-1058.58 linux-nvidia-tegra-tools-5.15.0-1058 - 5.15.0-1058.58 linux-tools-5.15.0-1058-nvidia-tegra - 5.15.0-1058.58 linux-tools-5.15.0-1058-nvidia-tegra-rt - 5.15.0-1058.58 No subscription required linux-buildinfo-5.15.0-1089-gkeop - 5.15.0-1089.97 linux-cloud-tools-5.15.0-1089-gkeop - 5.15.0-1089.97 linux-gkeop-cloud-tools-5.15.0-1089 - 5.15.0-1089.97 linux-gkeop-headers-5.15.0-1089 - 5.15.0-1089.97 linux-gkeop-tools-5.15.0-1089 - 5.15.0-1089.97 linux-headers-5.15.0-1089-gkeop - 5.15.0-1089.97 linux-image-5.15.0-1089-gkeop - 5.15.0-1089.97 linux-image-unsigned-5.15.0-1089-gkeop - 5.15.0-1089.97 linux-modules-5.15.0-1089-gkeop - 5.15.0-1089.97 linux-modules-extra-5.15.0-1089-gkeop - 5.15.0-1089.97 linux-tools-5.15.0-1089-gkeop - 5.15.0-1089.97 No subscription required linux-buildinfo-5.15.0-1098-intel-iot-realtime - 5.15.0-1098.100 linux-cloud-tools-5.15.0-1098-intel-iot-realtime - 5.15.0-1098.100 linux-headers-5.15.0-1098-intel-iot-realtime - 5.15.0-1098.100 linux-image-5.15.0-1098-intel-iot-realtime - 5.15.0-1098.100 linux-image-uc-5.15.0-1098-intel-iot-realtime - 5.15.0-1098.100 linux-image-unsigned-5.15.0-1098-intel-iot-realtime - 5.15.0-1098.100 linux-intel-iot-realtime-cloud-tools-5.15.0-1098 - 5.15.0-1098.100 linux-intel-iot-realtime-cloud-tools-common - 5.15.0-1098.100 linux-intel-iot-realtime-headers-5.15.0-1098 - 5.15.0-1098.100 linux-intel-iot-realtime-tools-5.15.0-1098 - 5.15.0-1098.100 linux-intel-iot-realtime-tools-common - 5.15.0-1098.100 linux-intel-iot-realtime-tools-host - 5.15.0-1098.100 linux-modules-5.15.0-1098-intel-iot-realtime - 5.15.0-1098.100 linux-modules-extra-5.15.0-1098-intel-iot-realtime - 5.15.0-1098.100 linux-tools-5.15.0-1098-intel-iot-realtime - 5.15.0-1098.100 No subscription required linux-buildinfo-5.15.0-1098-kvm - 5.15.0-1098.103 linux-headers-5.15.0-1098-kvm - 5.15.0-1098.103 linux-image-5.15.0-1098-kvm - 5.15.0-1098.103 linux-image-unsigned-5.15.0-1098-kvm - 5.15.0-1098.103 linux-kvm-headers-5.15.0-1098 - 5.15.0-1098.103 linux-kvm-tools-5.15.0-1098 - 5.15.0-1098.103 linux-modules-5.15.0-1098-kvm - 5.15.0-1098.103 linux-tools-5.15.0-1098-kvm - 5.15.0-1098.103 No subscription required linux-buildinfo-5.15.0-1100-ibm - 5.15.0-1100.103 linux-headers-5.15.0-1100-ibm - 5.15.0-1100.103 linux-ibm-cloud-tools-common - 5.15.0-1100.103 linux-ibm-headers-5.15.0-1100 - 5.15.0-1100.103 linux-ibm-source-5.15.0 - 5.15.0-1100.103 linux-ibm-tools-5.15.0-1100 - 5.15.0-1100.103 linux-ibm-tools-common - 5.15.0-1100.103 linux-image-5.15.0-1100-ibm - 5.15.0-1100.103 linux-image-unsigned-5.15.0-1100-ibm - 5.15.0-1100.103 linux-modules-5.15.0-1100-ibm - 5.15.0-1100.103 linux-modules-extra-5.15.0-1100-ibm - 5.15.0-1100.103 linux-tools-5.15.0-1100-ibm - 5.15.0-1100.103 No subscription required linux-buildinfo-5.15.0-1101-nvidia - 5.15.0-1101.102 linux-buildinfo-5.15.0-1101-nvidia-lowlatency - 5.15.0-1101.102 linux-cloud-tools-5.15.0-1101-nvidia - 5.15.0-1101.102 linux-cloud-tools-5.15.0-1101-nvidia-lowlatency - 5.15.0-1101.102 linux-headers-5.15.0-1101-nvidia - 5.15.0-1101.102 linux-headers-5.15.0-1101-nvidia-lowlatency - 5.15.0-1101.102 linux-image-5.15.0-1101-nvidia - 5.15.0-1101.102 linux-image-5.15.0-1101-nvidia-lowlatency - 5.15.0-1101.102 linux-image-unsigned-5.15.0-1101-nvidia - 5.15.0-1101.102 linux-image-unsigned-5.15.0-1101-nvidia-lowlatency - 5.15.0-1101.102 linux-modules-5.15.0-1101-nvidia - 5.15.0-1101.102 linux-modules-5.15.0-1101-nvidia-lowlatency - 5.15.0-1101.102 linux-modules-extra-5.15.0-1101-nvidia - 5.15.0-1101.102 linux-modules-nvidia-fs-5.15.0-1101-nvidia - 5.15.0-1101.102 linux-modules-nvidia-fs-5.15.0-1101-nvidia-lowlatency - 5.15.0-1101.102 linux-nvidia-cloud-tools-5.15.0-1101 - 5.15.0-1101.102 linux-nvidia-cloud-tools-common - 5.15.0-1101.102 linux-nvidia-headers-5.15.0-1101 - 5.15.0-1101.102 linux-nvidia-tools-5.15.0-1101 - 5.15.0-1101.102 linux-nvidia-tools-common - 5.15.0-1101.102 linux-nvidia-tools-host - 5.15.0-1101.102 linux-tools-5.15.0-1101-nvidia - 5.15.0-1101.102 linux-tools-5.15.0-1101-nvidia-lowlatency - 5.15.0-1101.102 No subscription req...
ubuntu noble v1.364
Metadata:
BOSH Agent Version: 2.845.0
Kernel Version: 6.8.0-111.111
Contains a mitigation for GHSA-2274-3hgr-wxv6, also known as https://copy.fail/
Contains a mitigation for CVE-2026-43500 and CVE-2026-43284, also known as https://github.com/V4bel/dirtyfrag.
Note: The Dirty Frag mitigation removes the esp4 and esp6 modules required by IPSec, rendering it unusable on this stemcell.
USNs:
Title: USN-8213-1 -- Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8213-1
Priorities: medium
Description:
Michał Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-35177) It was discovered that Vim's netbeans interface did not properly sanitize certain strings. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-39881) Update Instructions: Run sudo pro fix USN-8213-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:9.1.0016-1ubuntu7.12 vim-athena - 2:9.1.0016-1ubuntu7.12 vim-common - 2:9.1.0016-1ubuntu7.12 vim-doc - 2:9.1.0016-1ubuntu7.12 vim-gtk3 - 2:9.1.0016-1ubuntu7.12 vim-gui-common - 2:9.1.0016-1ubuntu7.12 vim-motif - 2:9.1.0016-1ubuntu7.12 vim-nox - 2:9.1.0016-1ubuntu7.12 vim-runtime - 2:9.1.0016-1ubuntu7.12 vim-tiny - 2:9.1.0016-1ubuntu7.12 xxd - 2:9.1.0016-1ubuntu7.12 No subscription required
CVEs:
Title: USN-8222-1 -- OpenSSH vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8222-1
Priorities: medium
Description:
Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol (-O) option. This could result in certain files being installed setuid or setgid, contrary to expectations. (CVE-2026-35385) Florian Kohnhäuser discovered that OpenSSH incorrectly handled shell metacharacters in usernames within a command line. When untrusted usernames and non-default configurations using % in ssh_config are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2026-35386) Christos Papakonstantinou discovered that OpenSSH incorrectly handled parsing the PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms options. This could result in unintended ECDSA algorithms being used, contrary to expectations. (CVE-2026-35387) Michalis Vasileiadis discovered that OpenSSH incorrectly handled proxy-mode multiplexing sessions. This could result in no confirmation being asked, contrary to expectations. (CVE-2026-35388) Vladimir Tokarev discovered that OpenSSH incorrectly handled certificates with the principal name containing a comma character when using user-trusted CA keys in authorized_keys and an authorized_keys principals="" option that lists more than one principal. This could result in inappropriate principal matching, contrary to expectations. (CVE-2026-35414) Update Instructions: Run sudo pro fix USN-8222-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:9.6p1-3ubuntu13.16 openssh-server - 1:9.6p1-3ubuntu13.16 openssh-sftp-server - 1:9.6p1-3ubuntu13.16 openssh-tests - 1:9.6p1-3ubuntu13.16 ssh - 1:9.6p1-3ubuntu13.16 ssh-askpass-gnome - 1:9.6p1-3ubuntu13.16 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2026-35388
- https://ubuntu.com/security/CVE-2026-35385
- https://ubuntu.com/security/CVE-2026-35387
- https://ubuntu.com/security/CVE-2026-35414
- https://ubuntu.com/security/CVE-2026-35386
Title: USN-8226-1 -- kmod update
URL: https://ubuntu.com/security/notices/USN-8226-1
Priorities: high
Description:
It was discovered that the Linux kernel algif_aead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algif_aead module as a measure to mitigate the issue until kernel updates are made available. See the following URL for more information https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available Update Instructions: Run sudo pro fix USN-8226-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: kmod - 31+20240202-2ubuntu7.2 libkmod-dev - 31+20240202-2ubuntu7.2 libkmod2 - 31+20240202-2ubuntu7.2 No subscription required
CVEs:
Title: USN-8229-1 -- sed vulnerability
URL: https://ubuntu.com/security/notices/USN-8229-1
Priorities: medium
Description:
Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files. Update Instructions: Run sudo pro fix USN-8229-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sed - 4.9-2ubuntu0.24.04.1 No subscription required
CVEs:
Title: USN-8233-1 -- nghttp2 vulnerability
URL: https://ubuntu.com/security/notices/USN-8233-1
Priorities: medium
Description:
Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service. Update Instructions: Run sudo pro fix USN-8233-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnghttp2-14 - 1.59.0-1ubuntu0.3 libnghttp2-dev - 1.59.0-1ubuntu0.3 libnghttp2-doc - 1.59.0-1ubuntu0.3 nghttp2 - 1.59.0-1ubuntu0.3 nghttp2-client - 1.59.0-1ubuntu0.3 nghttp2-proxy - 1.59.0-1ubuntu0.3 nghttp2-server - 1.59.0-1ubuntu0.3 No subscription required
CVEs:
ubuntu jammy v1.1202
Metadata:
BOSH Agent Version: 2.845.0
Kernel Version: 5.15.0.177.162
Contains a mitigation for CVE-2026-43500 and GHSA-mmw8-mxmc-8w2r, also known as https://github.com/V4bel/dirtyfrag.
Note: The Dirty Frag mitigation removes the esp4 and esp6 modules required by IPSec, rendering it unusable on this stemcell.
USNs:
Title: USN-8222-1 -- OpenSSH vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8222-1
Priorities: medium
Description:
Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol (-O) option. This could result in certain files being installed setuid or setgid, contrary to expectations. (CVE-2026-35385) Florian Kohnhäuser discovered that OpenSSH incorrectly handled shell metacharacters in usernames within a command line. When untrusted usernames and non-default configurations using % in ssh_config are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2026-35386) Christos Papakonstantinou discovered that OpenSSH incorrectly handled parsing the PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms options. This could result in unintended ECDSA algorithms being used, contrary to expectations. (CVE-2026-35387) Michalis Vasileiadis discovered that OpenSSH incorrectly handled proxy-mode multiplexing sessions. This could result in no confirmation being asked, contrary to expectations. (CVE-2026-35388) Vladimir Tokarev discovered that OpenSSH incorrectly handled certificates with the principal name containing a comma character when using user-trusted CA keys in authorized_keys and an authorized_keys principals="" option that lists more than one principal. This could result in inappropriate principal matching, contrary to expectations. (CVE-2026-35414) Update Instructions: Run sudo pro fix USN-8222-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:8.9p1-3ubuntu0.15 openssh-server - 1:8.9p1-3ubuntu0.15 openssh-sftp-server - 1:8.9p1-3ubuntu0.15 openssh-tests - 1:8.9p1-3ubuntu0.15 ssh - 1:8.9p1-3ubuntu0.15 ssh-askpass-gnome - 1:8.9p1-3ubuntu0.15 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2026-35388
- https://ubuntu.com/security/CVE-2026-35385
- https://ubuntu.com/security/CVE-2026-35387
- https://ubuntu.com/security/CVE-2026-35414
- https://ubuntu.com/security/CVE-2026-35386
Title: USN-8226-1 -- kmod update
URL: https://ubuntu.com/security/notices/USN-8226-1
Priorities: high
Description:
It was discovered that the Linux kernel algif_aead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algif_aead module as a measure to mitigate the issue until kernel updates are made available. See the following URL for more information https://ubuntu.com/blog/copy-fail-vulnerability-fixes-available Update Instructions: Run sudo pro fix USN-8226-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: kmod - 29-1ubuntu1.1 libkmod-dev - 29-1ubuntu1.1 libkmod2 - 29-1ubuntu1.1 No subscription required
CVEs:
Title: USN-8227-1 -- curl vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8227-1
Priorities: low,medium
Description:
It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-4873) It was discovered that curl incorrectly reused certain HTTP Negotiate connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5545) It was discovered that curl incorrectly reused certain SMB connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5773) It was discovered that curl could leak proxy credentials when handling redirects in some configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6253) It was discovered that curl could leak cookies because of stale custom cookie host handling in some requests. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6276) It was discovered that curl could leak .netrc credentials when reusing proxy connections in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6429) It was discovered that curl could leak Digest authentication state when switching proxies in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-7168) Update Instructions: Run sudo pro fix USN-8227-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.81.0-1ubuntu1.24 libcurl3-gnutls - 7.81.0-1ubuntu1.24 libcurl3-nss - 7.81.0-1ubuntu1.24 libcurl4 - 7.81.0-1ubuntu1.24 libcurl4-doc - 7.81.0-1ubuntu1.24 libcurl4-gnutls-dev - 7.81.0-1ubuntu1.24 libcurl4-nss-dev - 7.81.0-1ubuntu1.24 libcurl4-openssl-dev - 7.81.0-1ubuntu1.24 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2026-6276
- https://ubuntu.com/security/CVE-2026-5773
- https://ubuntu.com/security/CVE-2026-7168
- https://ubuntu.com/security/CVE-2026-5545
- https://ubuntu.com/security/CVE-2026-6253
- https://ubuntu.com/security/CVE-2026-6429
- https://ubuntu.com/security/CVE-2026-4873
Title: USN-8229-1 -- sed vulnerability
URL: https://ubuntu.com/security/notices/USN-8229-1
Priorities: medium
Description:
Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files. Update Instructions: Run sudo pro fix USN-8229-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: sed - 4.8-1ubuntu2.1 No subscription required
CVEs:
Title: USN-8233-1 -- nghttp2 vulnerability
URL: https://ubuntu.com/security/notices/USN-8233-1
Priorities: medium
Description:
Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service. Update Instructions: Run sudo pro fix USN-8233-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libnghttp2-14 - 1.43.0-1ubuntu0.3 libnghttp2-dev - 1.43.0-1ubuntu0.3 libnghttp2-doc - 1.43.0-1ubuntu0.3 nghttp2 - 1.43.0-1ubuntu0.3 nghttp2-client - 1.43.0-1ubuntu0.3 nghttp2-proxy - 1.43.0-1ubuntu0.3 nghttp2-server - 1.43.0-1ubuntu0.3 No subscription required
CVEs:
ubuntu jammy v1.1193
Contains a mitigation for CVE-2026-31431, also known as https://copy.fail/
Metadata:
BOSH Agent Version: 2.841.0
Kernel Version: 5.15.0.177.162
USNs:
Title: USN-8193-1 -- libcap vulnerability
URL: https://ubuntu.com/security/notices/USN-8193-1
Priorities: medium
Description:
Ali Raza discovered that libcap incorrectly handled file capability updates. A local attacker could possibly use this issue to inject or strip capabilities into arbitrary executables and escalate privileges. Update Instructions: Run sudo pro fix USN-8193-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libcap-dev - 1:2.44-1ubuntu0.22.04.3 libcap2 - 1:2.44-1ubuntu0.22.04.3 libcap2-bin - 1:2.44-1ubuntu0.22.04.3 libpam-cap - 1:2.44-1ubuntu0.22.04.3 No subscription required
CVEs:
Title: USN-8213-1 -- Vim vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8213-1
Priorities: medium
Description:
Michał Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. An attacker could possibly use this issue to delete sensitive data or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-35177) It was discovered that Vim's netbeans interface did not properly sanitize certain strings. An attacker could possibly use this issue to execute arbitrary commands. (CVE-2026-39881) Update Instructions: Run sudo pro fix USN-8213-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: vim - 2:8.2.3995-1ubuntu2.28 vim-athena - 2:8.2.3995-1ubuntu2.28 vim-common - 2:8.2.3995-1ubuntu2.28 vim-doc - 2:8.2.3995-1ubuntu2.28 vim-gtk - 2:8.2.3995-1ubuntu2.28 vim-gtk3 - 2:8.2.3995-1ubuntu2.28 vim-gui-common - 2:8.2.3995-1ubuntu2.28 vim-nox - 2:8.2.3995-1ubuntu2.28 vim-runtime - 2:8.2.3995-1ubuntu2.28 vim-tiny - 2:8.2.3995-1ubuntu2.28 xxd - 2:8.2.3995-1ubuntu2.28 No subscription required
CVEs:
Full Changelog: ubuntu-jammy/v1.1183...ubuntu-jammy/v1.1193
ubuntu jammy v1.1183
Metadata:
BOSH Agent Version: 2.838.0
Kernel Version: 5.15.0.176.161
USNs:
Title: USN-8147-1 -- libarchive vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8147-1
Priorities: low,medium,negligible
Description:
It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-20696) It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5914) It was discovered that libarchive incorrectly handled certain WARC archive files. If a user or automated system were tricked into processing a specially crafted WARC archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5916) It was discovered that libarchive incorrectly handled certain file names when handling prefixes and suffixes. An attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5917) It was discovered that libarchive could read past the end of file streams when processing input to bsdtar. An attacker could possibly use this issue to cause memory corruption or a denial of service. (CVE-2025-5918) It was discovered that libarchive incorrectly handled certain TAR archive files. If a user or automated system were tricked into processing a specially crafted TAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-25724) HyungJung Joo discovered that libarchive did not properly limit memory allocation when processing substitution rules in bsdtar. An attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. (CVE-2025-60753) Elhanan Haenel discovered that libarchive could enter an infinite loop when processing crafted RAR5 archives. An attacker could possibly use this issue to cause excessive CPU consumption, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-4111) Update Instructions: Run sudo pro fix USN-8147-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libarchive-dev - 3.6.0-1ubuntu1.6 libarchive-tools - 3.6.0-1ubuntu1.6 libarchive13 - 3.6.0-1ubuntu1.6 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2019-19221
- https://ubuntu.com/security/CVE-2025-25724
- https://ubuntu.com/security/CVE-2025-5916
- https://ubuntu.com/security/CVE-2025-5917
- https://ubuntu.com/security/CVE-2026-4111
- https://ubuntu.com/security/CVE-2024-20696
- https://ubuntu.com/security/CVE-2025-5914
- https://ubuntu.com/security/CVE-2025-60753
- https://ubuntu.com/security/CVE-2025-5918
Title: USN-8155-1 -- OpenSSL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8155-1
Priorities: low,medium
Description:
Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected preferred key exchange group when used as a TLS 1.3 server. This could result in a less preferred key exchange being used, contrary to expectations. This issue only affected Ubuntu 25.10. (CVE-2026-2673) Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory operations when used as a DANE client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-28387) Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory operations when processing a delta CRL. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-28388) Nathan Sportsman, Daniel Rhea, and Jaeho Nam discovered that OpenSSL incorrectly handled certain memory operations when processing a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-28389) Muhammad Daffa, Joshua Rogers, and Chanho Kim discovered that OpenSSL incorrectly handled processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-28390) Quoc Tran discovered that OpenSSL incorrectly handled hexadecimal conversion on 32-bit platforms. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-31789) Simo Sorce discovered that OpenSSL incorrectly handled failures in RSA KEM RSASVE Encapsulation. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-31790) Update Instructions: Run sudo pro fix USN-8155-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 3.0.2-0ubuntu1.23 libssl-doc - 3.0.2-0ubuntu1.23 libssl3 - 3.0.2-0ubuntu1.23 openssl - 3.0.2-0ubuntu1.23 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2026-28387
- https://ubuntu.com/security/CVE-2026-2673
- https://ubuntu.com/security/CVE-2026-31790
- https://ubuntu.com/security/CVE-2026-28388
- https://ubuntu.com/security/CVE-2026-28389
- https://ubuntu.com/security/CVE-2026-31789
- https://ubuntu.com/security/CVE-2026-28390
Title: USN-8159-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8159-1
Priorities: high,medium
Description:
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - Netfilter; - Network traffic control; (CVE-2025-37849, CVE-2026-23060, CVE-2026-23074, CVE-2026-23111) Update Instructions: Run sudo pro fix USN-8159-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-buildinfo-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-headers-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-headers-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-image-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-image-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-image-uc-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-image-uc-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-image-unsigned-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-image-unsigned-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-modules-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-modules-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-modules-extra-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-nvidia-tegra-igx-headers-5.15.0-1045 - 5.15.0-1045.45 linux-nvidia-tegra-igx-tools-5.15.0-1045 - 5.15.0-1045.45 linux-tools-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-tools-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 No subscription required linux-buildinfo-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-buildinfo-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 linux-headers-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-headers-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 linux-image-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-image-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 linux-image-unsigned-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-image-unsigned-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 linux-modules-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-modules-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 linux-modules-extra-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-nvidia-tegra-headers-5.15.0-1056 - 5.15.0-1056.56 linux-nvidia-tegra-tools-5.15.0-1056 - 5.15.0-1056.56 linux-tools-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-tools-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 No subscription required linux-buildinfo-5.15.0-1068-xilinx-zynqmp - 5.15.0-1068.72 linux-headers-5.15.0-1068-xilinx-zynqmp - 5.15.0-1068.72 linux-image-5.15.0-1068-xilinx-zynqmp - 5.15.0-1068.72 linux-modules-5.15.0-1068-xilinx-zynqmp - 5.15.0-1068.72 linux-tools-5.15.0-1068-xilinx-zynqmp - 5.15.0-1068.72 linux-xilinx-zynqmp-headers-5.15.0-1068 - 5.15.0-1068.72 linux-xilinx-zynqmp-tools-5.15.0-1068 - 5.15.0-1068.72 No subscription required linux-buildinfo-5.15.0-1087-gkeop - 5.15.0-1087.95 linux-cloud-tools-5.15.0-1087-gkeop - 5.15.0-1087.95 linux-gkeop-cloud-tools-5.15.0-1087 - 5.15.0-1087.95 linux-gkeop-headers-5.15.0-1087 - 5.15.0-1087.95 linux-gkeop-tools-5.15.0-1087 - 5.15.0-1087.95 linux-headers-5.15.0-1087-gkeop - 5.15.0-1087.95 linux-image-5.15.0-1087-gkeop - 5.15.0-1087.95 linux-image-unsigned-5.15.0-1087-gkeop - 5.15.0-1087.95 linux-modules-5.15.0-1087-gkeop - 5...
ubuntu noble v1.333
Metadata:
BOSH Agent Version: 2.840.0
Kernel Version: 6.8.0-110.110
USNs:
Title: USN-8124-1 -- Bind vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8124-1
Priorities: medium
Description:
Samy Medjahed discovered that Bind incorrectly handled insecure delegation validation. A remote attacker could possibly use this issue to cause excessive NSEC3 iterations, consuming CPU resources, and leading to a denial of service. (CVE-2026-1519) Vitaly Simonovich discovered that Bind incorrectly handled memory when preparing DNSSEC proofs of non-existence. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-3104) Vitaly Simonovich discovered that Bind incorrectly handled authenticated queries containing TKEY records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-3119) It was discovered that Bind incorrectly handled DNS queries signed with SIG(0). A remote attacker could possibly use this issue to bypass ACLs. This issue only affected Ubuntu 25.10. (CVE-2026-3591) Update Instructions: Run sudo pro fix USN-8124-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.18.39-0ubuntu0.24.04.3 bind9-dev - 1:9.18.39-0ubuntu0.24.04.3 bind9-dnsutils - 1:9.18.39-0ubuntu0.24.04.3 bind9-doc - 1:9.18.39-0ubuntu0.24.04.3 bind9-host - 1:9.18.39-0ubuntu0.24.04.3 bind9-libs - 1:9.18.39-0ubuntu0.24.04.3 bind9-utils - 1:9.18.39-0ubuntu0.24.04.3 bind9utils - 1:9.18.39-0ubuntu0.24.04.3 dnsutils - 1:9.18.39-0ubuntu0.24.04.3 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2026-3104
- https://ubuntu.com/security/CVE-2026-3119
- https://ubuntu.com/security/CVE-2026-1519
- https://ubuntu.com/security/CVE-2026-3591
Title: USN-8129-1 -- pyasn1 vulnerability
URL: https://ubuntu.com/security/notices/USN-8129-1
Priorities: medium
Description:
It was discovered that pyasn1 incorrectly handled recursion when decoding ASN.1 data. An attacker could use this issue to cause pyasn1 to consume resources, leading to a denial of service. Update Instructions: Run sudo pro fix USN-8129-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-pyasn1-doc - 0.4.8-4ubuntu0.2 python3-pyasn1 - 0.4.8-4ubuntu0.2 No subscription required
CVEs:
Title: USN-8133-1 -- PyJWT vulnerability
URL: https://ubuntu.com/security/notices/USN-8133-1
Priorities: medium
Description:
It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC specification expectations. A remote attacker could possibly use this issue to bypass certain authentication checks and restrictions. Update Instructions: Run sudo pro fix USN-8133-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-jwt - 2.7.0-1ubuntu0.1 No subscription required
CVEs:
Title: USN-8147-1 -- libarchive vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8147-1
Priorities: low,medium,negligible
Description:
It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-20696) It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5914) It was discovered that libarchive incorrectly handled certain WARC archive files. If a user or automated system were tricked into processing a specially crafted WARC archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5916) It was discovered that libarchive incorrectly handled certain file names when handling prefixes and suffixes. An attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5917) It was discovered that libarchive could read past the end of file streams when processing input to bsdtar. An attacker could possibly use this issue to cause memory corruption or a denial of service. (CVE-2025-5918) It was discovered that libarchive incorrectly handled certain TAR archive files. If a user or automated system were tricked into processing a specially crafted TAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-25724) HyungJung Joo discovered that libarchive did not properly limit memory allocation when processing substitution rules in bsdtar. An attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. (CVE-2025-60753) Elhanan Haenel discovered that libarchive could enter an infinite loop when processing crafted RAR5 archives. An attacker could possibly use this issue to cause excessive CPU consumption, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-4111) Update Instructions: Run sudo pro fix USN-8147-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libarchive-dev - 3.7.2-2ubuntu0.6 libarchive-tools - 3.7.2-2ubuntu0.6 libarchive13t64 - 3.7.2-2ubuntu0.6 No subscription required
CVEs:
- https://ubuntu.com/security/CVE-2019-19221
- https://ubuntu.com/security/CVE-2025-25724
- https://ubuntu.com/security/CVE-2025-5916
- https://ubuntu.com/security/CVE-2025-5917
- https://ubuntu.com/security/CVE-2026-4111
- https://ubuntu.com/security/CVE-2024-20696
- https://ubuntu.com/security/CVE-2025-5914
- https://ubuntu.com/security/CVE-2025-60753
- https://ubuntu.com/security/CVE-2025-5918
Title: USN-8148-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8148-1
Priorities: high,medium
Description:
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Cryptographic API; - Netfilter; - Network traffic control; (CVE-2026-23060, CVE-2026-23074, CVE-2026-23111) Update Instructions: Run sudo pro fix USN-8148-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-6.8.0-1036-gkeop - 6.8.0-1036.39 linux-cloud-tools-6.8.0-1036-gkeop - 6.8.0-1036.39 linux-cloud-tools-gkeop - 6.8.0-1036.39 linux-cloud-tools-gkeop-6.8 - 6.8.0-1036.39 linux-gkeop - 6.8.0-1036.39 linux-gkeop-6.8 - 6.8.0-1036.39 linux-gkeop-cloud-tools-6.8.0-1036 - 6.8.0-1036.39 linux-gkeop-headers-6.8.0-1036 - 6.8.0-1036.39 linux-gkeop-tools-6.8.0-1036 - 6.8.0-1036.39 linux-headers-6.8.0-1036-gkeop - 6.8.0-1036.39 linux-headers-gkeop - 6.8.0-1036.39 linux-headers-gkeop-6.8 - 6.8.0-1036.39 linux-image-6.8.0-1036-gkeop - 6.8.0-1036.39 linux-image-gkeop - 6.8.0-1036.39 linux-image-gkeop-6.8 - 6.8.0-1036.39 linux-image-unsigned-6.8.0-1036-gkeop - 6.8.0-1036.39 linux-modules-6.8.0-1036-gkeop - 6.8.0-1036.39 linux-modules-extra-6.8.0-1036-gkeop - 6.8.0-1036.39 linux-modules-extra-gkeop - 6.8.0-1036.39 linux-modules-extra-gkeop-6.8 - 6.8.0-1036.39 linux-tools-6.8.0-1036-gkeop - 6.8.0-1036.39 linux-tools-gkeop - 6.8.0-1036.39 linux-tools-gkeop-6.8 - 6.8.0-1036.39 No subscription required linux-buildinfo-6.8.0-1049-gke - 6.8.0-1049.54 linux-buildinfo-6.8.0-1049-gke-64k - 6.8.0-1049.54 linux-gke - 6.8.0-1049.54 linux-gke-6.8 - 6.8.0-1049.54 linux-gke-64k - 6.8.0-1049.54 linux-gke-64k-6.8 - 6.8.0-1049.54 linux-gke-headers-6.8.0-1049 - 6.8.0-1049.54 linux-gke-tools-6.8.0-1049 - 6.8.0-1049.54 linux-headers-6.8.0-1049-gke - 6.8.0-1049.54 linux-headers-6.8.0-1049-gke-64k - 6.8.0-1049.54 linux-headers-gke - 6.8.0-1049.54 linux-headers-gke-6.8 - 6.8.0-1049.54 linux-headers-gke-64k - 6.8.0-1049.54 linux-headers-gke-64k-6.8 - 6.8.0-1049.54 linux-image-6.8.0-1049-gke - 6.8.0-1049.54 linux-image-6.8.0-1049-gke-64k - 6.8.0-1049.54 linux-image-gke - 6.8.0-1049.54 linux-image-gke-6.8 - 6.8.0-1049.54 linux-image-gke-64k - 6.8.0-1049.54 linux-image-gke-64k-6.8 - 6.8.0-1049.54 linux-image-unsigned-6.8.0-1049-gke - 6.8.0-1049.54 linux-image-unsigned-6.8.0-1049-gke-64k - 6.8.0-1049.54 linux-modules-6.8.0-1049-gke - 6.8.0-1049.54 linux-modules-6.8.0-1049-gke-64k - 6.8.0-1049.54 linux-modules-extra-6.8.0-1049-gke - 6.8.0-1049.54 linux-modules-extra-6.8.0-1049-gke-64k - 6.8.0-1049.54 linux-modules-iwlwifi-6.8.0-1049-gke - 6.8.0-1049.54 linux-modules-iwlwifi-gke - 6.8.0-1049.54 linux-modules-iwlwifi-gke-6.8 - 6.8.0-1049.54 linux-tools-6.8.0-1049-gke - 6.8.0-1049.54 linux-tools-6.8...