Home / mailingsPDF  

[USN-8202-2] jq vulnerabilities

Posted on 28 April 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8202-2
April 28, 2026

jq vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:


Summary:

Several security issues were fixed in jq.

Software Description:

Details:

USN-8202-1 fixed vulnerabilities in jq. This update provides the
corresponding update to Ubuntu 26.04 LTS.

Original advisory details:

It was discovered that jq did not correctly handle certain string
concatenations. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2026-32316)

It was discovered that jq did not correctly handle recursion in certain
circumstances. An attacker could possibly use this issue to cause a denial
of service. (CVE-2026-33947)

It was discovered that jq did not correctly handle improperly terminated
strings. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2026-33948)

It was discovered that jq did not correctly handle checking certain
variable types. An attacker could possibly use this issue to cause a
denial of service or leak sensitive information. (CVE-2026-39956)

It was discovered that jq did not correctly handle certain string
formatting. An attacker could possibly use this issue to leak sensitive
information or cause a denial of service. (CVE-2026-39979)

It was discovered that jq used a fixed seed for hash table operations. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2026-40164)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8202-2
https://ubuntu.com/security/notices/USN-8202-1
CVE-2026-32316, CVE-2026-33947, CVE-2026-33948, CVE-2026-39956,
CVE-2026-39979, CVE-2026-40164

--===============7272342036044447999==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :