Critical DoS Vulnerability in XZ Utils Affects Multiple Ubuntu Releases

A significant denial of service vulnerability has been identified in XZ Utils, affecting multiple versions of Ubuntu, including 25.10, 24.04 LTS, and older LTS versions down to 14.04. The vulnerability arises from improper memory management when appending data to a decoded index without records. An attacker could exploit this flaw to crash XZ Utils or execute arbitrary code, posing a serious risk to users. The issue has been assigned CVE-2026, and users are advised to update their systems to the latest package versions to mitigate the risk. A standard system update will apply the necessary patches. Ubuntu Pro users are particularly encouraged to ensure their systems are updated, as they have access to extended security coverage. The vulnerability was disclosed on June 2, 2026, and is now publicly known.

Key Points: • XZ Utils vulnerability could allow denial of service or arbitrary code execution. • Affected Ubuntu versions include 25.10 and several LTS releases down to 14.04. • Users are advised to update their systems to mitigate the risk.