Package "libsystemd0"

Name:	libsystemd0
Description:	systemd utility library
Latest version:	257.9-0ubuntu2.5
Release:	questing (25.10)
Level:	security
Repository:	main
Head package:	systemd
Homepage:	https://systemd.io

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "libsystemd0"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "libsystemd0" in Questing

Repository	Area	Version
base	main	257.9-0ubuntu2
updates	main	257.9-0ubuntu2.5

Changelog

Version: 257.9-0ubuntu2.5 2026-06-08 17:07:44 UTC

systemd (257.9-0ubuntu2.5) questing-security; urgency=medium * SECURITY UPDATE: escape-to-host via malformed optional config file - debian/patches/CVE-2026-40226-1.patch: nspawn: apply BindUser/Ephemeral from settings file only if trusted in src/nspawn/nspawn.c. - debian/patches/CVE-2026-40226-2.patch: nspawn: normalize pivot_root paths in src/nspawn/nspawn-mount.c. - CVE-2026-40226 * d/p/lp2155132-*: trim null bytes padding from verity.sig files (LP: #2155132) -- Marc Deslauriers <email address hidden> Fri, 05 Jun 2026 11:35:15 -0400

Source diff to previous version

CVE-2026-40226

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.

Version: 257.9-0ubuntu2.3 2026-03-24 02:08:09 UTC

Version: 257.9-0ubuntu2.3	2026-03-24 02:08:09 UTC
systemd (257.9-0ubuntu2.3) questing-security; urgency=medium * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves a leading slash in place - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina() - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently * SECURITY UPDATE: Local root execution via malicious hardware devices - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch - d/p/udev-fix-review-mixup.patch - No CVE number -- Nick Rosbrook <email address hidden> Fri, 13 Mar 2026 12:49:08 -0400

systemd (257.9-0ubuntu2.3) questing-security; urgency=medium * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves a leading slash in place - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina() - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently * SECURITY UPDATE: Local root execution via malicious hardware devices - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch - d/p/udev-fix-review-mixup.patch - No CVE number -- Nick Rosbrook <email address hidden> Fri, 13 Mar 2026 12:49:08 -0400

About - Send Feedback to @ubuntu_updates

Package "libsystemd0"

Links

Download "libsystemd0"

Other versions of "libsystemd0" in Questing

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates