On May 28 and 29, 2026, Ubuntu addressed critical security vulnerabilities in several popular packages, including the Apache HTTP Server, pip, QT WebEngine, GDAL, and Texmaker. The Apache HTTP Server update fixed a regression that had previously disrupted the loading of the mod_http2 module, while a pip fix for CVE-2025-66471 was temporarily rolled back due to installation issues. Additionally, vulnerabilities in the LibTIFF library were identified, which could potentially lead to crashes or arbitrary code execution in QT WebEngine, GDAL, and Texmaker. Users are encouraged to update their systems to ensure they have the latest security patches for affected packages

Apache HTTP Server and pip Regressions Resolved alongside QT WebEngine, GDAL, and Texmaker Vulnerabilities in Ubuntu

Ubuntu issued a batch of security notices on May 28 and 29, 2026 to patch critical flaws across several widely used packages. The Apache HTTP Server correction finally restores the mod_http2 module after an earlier update accidentally broke its loading process. Meanwhile, developers temporarily rolled back a pip fix for CVE-2025-66471 because the initial patch triggered installation failures on Ubuntu 22.04 through 26.04. A separate vulnerability in the LibTIFF library also required immediate attention since malformed TIFF metadata could crash QT WebEngine, GDAL, or Texmaker and potentially allow attackers to execute arbitrary code.

[USN-8338-2] Apache HTTP Server regression
[USN-8344-2] pip regression
[USN-8347-1] QT WebEngine vulnerability
[USN-8345-1] GDAL vulnerability
[USN-8346-1] Texmaker vulnerabilities

Apache HTTP Server and pip Regressions Resolved alongside QT WebEngine, GDAL, and Texmaker Vulnerabilities in Ubuntu @ Linux Compatible