Karna

First up with Flatpak 1.16.4 is a fix for CVE-2026-34078, which is a security issue allowing a complete sandbox escape leading to host file access and code execution in the host context. Ouch. The issue is due to Flatpak portal accepting paths in the sandbox-expose options that can be app-controlled symlinks pointing at arbitrary paths. Due to this apps can access all host files and can be used as a primitive for gaining code execution in the host context. Disabling Flatpak Portal is another way to workaround this issue but can cause app problems.

CVE-2026-34079 is also fixed and is for preventing arbitrary file deletion on the host file-system. CVE-2026-34079 stems from caching for ld.so removing outdated cache files without checking that the app controlled path to the outdated cache is in the cache directory.

How to check if you are impacted To get the version of the sudo package installed, run the following command: dpkg -l 'sudo*' | grep ^ii The following table lists the fixed versions of the sudo package in all supported Ubuntu releases: Release Package Fixed version Questing Quokka (25.10) sudo 1.9.17p2-1ubuntu1.1 sudo-ldap 1.9.17p2-1ubuntu1.1 sudo-rs Not affected Noble Numbat (24.04 LTS) sudo 1.9.15p5-3ubuntu5.24.04.2 sudo-ldap 1.9.15p5-3ubuntu5.24.04.2 Jammy Jellyfish (22.04 LTS) sudo 1.9.9-1ubuntu2.6 sudo-ldap 1.9.9-1ubuntu2.6 Focal Fossa (20.04 LTS) sudo Not affected sudo-ldap Not affected Bionic Beaver (18.04 LTS) sudo Not affected sudo-ldap Not affected Xenial Xerus (16.05 LTS) sudo Not affected sudo-ldap Not affected Trusty Tahr (14.04 LTS) sudo Not affected sudo-ldap Not affected Affected sudo versions How to address We recommend you upgrade all packages: sudo apt update && sudo apt upgrade If this is not possible, the sudo userspace mitigations can be installed directly and does not require a reboot to apply: sudo apt update sudo apt install sudo The unattended-upgrades feature is enabled by default for Ubuntu Xenial Xerus (16.04 LTS) onwards. This service:   Applies new security updates every 24 hours automatically. If you have this enabled, the patches above will be automatically applied within 24 hours of being available.

Distro developers began discussing ways to reduce the size of firmware updates last year. Now, in Ubuntu 26.04, it’s introducing meta-packaging to spread Linux firmware across 17 smaller packages in the resolute archives. This resolves a bug filed in 2022. The sub-packages are: linux-firmware-mellanox-spectrum linux-firmware-intel-wireless linux-firmware-intel-graphics linux-firmware-amd-graphics linux-firmware-nvidia-graphics linux-firmware-intel-misc linux-firmware-broadcom-wireless linux-firmware-netronome linux-firmware-misc linux-firmware-qlogic linux-firmware-marvell-wireless linux-firmware-mediatek linux-firmware-marvell-prestera linux-firmware-realtek linux-firmware-qualcomm-wireless linux-firmware-qualcomm-graphics linux-firmware-qualcomm-misc

Linux Mastodon App Tuba Gets a Huge Update