|
|
Log in / Subscribe / Register

Ubuntu alert USN-8366-1 (luanti)



From:
              noreply+usn-bot--- via ubuntu-security-announce <ubuntu-security-announce@lists.ubuntu.com>


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-8366-1] Luanti vulnerabilities


Date:
              Tue, 02 Jun 2026 16:07:24 +0000


Message-ID:
              <E1wUReG-0004Fp-0X@lists.ubuntu.com>


Cc:
              noreply+usn-bot@canonical.com


==========================================================================
Ubuntu Security Notice USN-8366-1
June 02, 2026

luanti vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10

Summary:

Several security issues were fixed in Luanti.

Software Description:
- luanti: free and open-source voxel game engine

Details:

It was discovered that Luanti, when using LuaJIT, did not properly
enforce Lua sandbox restrictions. An attacker could possibly use
this issue to execute arbitrary code. (CVE-2026-40959)

It was discovered that Luanti did not properly restrict access to
insecure environments. An attacker could possibly use this issue to
obtain unintended access to the insecure environment or HTTP API.
(CVE-2026-40960)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  luanti                          5.10.0+dfsg-5+deb13u1build0.26.04.1
  luanti-data                     5.10.0+dfsg-5+deb13u1build0.26.04.1
  luanti-server                   5.10.0+dfsg-5+deb13u1build0.26.04.1

Ubuntu 25.10
  luanti                          5.10.0+dfsg-5+deb13u1build0.25.10.1
  luanti-data                     5.10.0+dfsg-5+deb13u1build0.25.10.1
  luanti-server                   5.10.0+dfsg-5+deb13u1build0.25.10.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8366-1
  CVE-2026-40959, CVE-2026-40960

Package Information:
  https://launchpad.net/ubuntu/+source/luanti/5.10.0+dfsg-5...
  https://launchpad.net/ubuntu/+source/luanti/5.10.0+dfsg-5...




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmoe/sgACgkQcpJm3tlz
hgHrPhAAoS4gRZC/ZIDWoXlF7uGyl1mIOhK5SW7MVutTcvI1CQV3wla3fKEM47ir
Brb48nt1/5N8vyJZHue7KNwLE/nsC0n10x1j/D5EokpjfisOI2EQUAuKBIyEfhrz
FpFmM4mJ6g+aWZNRVGPpzSCeXSyzOrBXddsZshbiyq9cE0TxidPbnSWGVV3HIawg
10H+Cfr/JUXL41G89F0UnWaN35svUeNVQAZm+NAlufW8waerQYADr+TUriihBhQ8
yDjgVxVd4K8io3wgY1x3hUhjrQynpNrgq+5IR3Sv3B5DGUDv/kSL8drqHr2A18ZG
OK709hUyqCn6gsKZlsCTo5GsKLibSCfu+yLp/uaTz+FfWdRuSyvZuQ8LsCfHifI3
4XJpwQBoCti+xfTaoIiP5tsB1xesZYoOcy9r9dNM3B/wKwI44LzdcwadMeEC9Ry7
FY/IwuYvjIrdx24jUp9C5m8CkCRoUoqAWAVnNYc9d2hk1bnLY0fQsIyQoGWH88Gn
iM61EGe9Rf2bJqmvitBNLBlK1+ziuqjE3JZJbZLOrvtfNsG24eYJB8NfSOEWdiP/
yLx0P/c0WS7W6dQ2M3XUUYfUZuJSkNkT7XhuE1z3qaBw94MCAlxF+pBQxIAmKc+g
pTRTuQk7dP4iCThRNlFvT6Hp+yOgLkHMX4d8LXYivZ5Q6eQP8rs=
=I+zN
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds