StackPatch is liveSee product

Back to CVE digest
Ubuntu USN · USN-8202-1

jq vulnerabilities

Published: Thu, 23 Apr 2026 07:35

CVE-2026-32316CVE-2026-39956CVE-2026-40164CVE-2026-39979CVE-2026-33947CVE-2026-33948

Summary

Several security issues were fixed in jq.

Details

It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-32316) It was discovered that jq did not correctly handle recursion in certain circumstances. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-33947) It was discovered that jq did not correctly handle improperly terminated strings. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-33948) It was discovered that jq did not correctly handle checking certain variable types. An attacker could possibly use this issue to cause a denial of service or leak sensitive information. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-39956) It was discovered that jq did not correctly handle certain string formatting. An attacker could possibly use this issue to leak sensitive information or cause a denial of service. (CVE-2026-39979) It was discovered that jq used a fixed seed for hash table operations. An attacker could possibly use this issue to cause a denial of service. This issue was addressed in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-40164)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu bionic

  • jq1.5+dfsg-2ubuntu0.1~esm2apt_upgrade_esm

    Fixed at 1.5+dfsg-2ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y jq=1.5+dfsg-2ubuntu0.1~esm2

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • jq1.5+dfsg-2ubuntu0.1~esm2apt_upgrade_esm

    Fixed at 1.5+dfsg-2ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y jq=1.5+dfsg-2ubuntu0.1~esm2

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • libjq-dev1.5+dfsg-2ubuntu0.1~esm2apt_upgrade_esm

    Fixed at 1.5+dfsg-2ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y libjq-dev=1.5+dfsg-2ubuntu0.1~esm2

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

  • libjq11.5+dfsg-2ubuntu0.1~esm2apt_upgrade_esm

    Fixed at 1.5+dfsg-2ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.

    sudo pro attach <token>
sudo apt-get update
sudo apt-get install --only-upgrade -y libjq1=1.5+dfsg-2ubuntu0.1~esm2

    Sign up at https://ubuntu.com/pro. Free for personal + small-team use.

Ubuntu focal

  • jq1.6-1ubuntu0.20.04.1+esm2apt_upgrade

    Standard apt upgrade. Install 1.6-1ubuntu0.20.04.1+esm2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • jq1.6-1ubuntu0.20.04.1+esm2apt_upgrade

    Standard apt upgrade. Install 1.6-1ubuntu0.20.04.1+esm2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libjq-dev1.6-1ubuntu0.20.04.1+esm2apt_upgrade

    Standard apt upgrade. Install 1.6-1ubuntu0.20.04.1+esm2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libjq-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libjq11.6-1ubuntu0.20.04.1+esm2apt_upgrade

    Standard apt upgrade. Install 1.6-1ubuntu0.20.04.1+esm2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libjq1

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu jammy

  • jq1.6-2.1ubuntu3.2apt_upgrade

    Standard apt upgrade. Install 1.6-2.1ubuntu3.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • jq1.6-2.1ubuntu3.2apt_upgrade

    Standard apt upgrade. Install 1.6-2.1ubuntu3.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libjq-dev1.6-2.1ubuntu3.2apt_upgrade

    Standard apt upgrade. Install 1.6-2.1ubuntu3.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libjq-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libjq11.6-2.1ubuntu3.2apt_upgrade

    Standard apt upgrade. Install 1.6-2.1ubuntu3.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libjq1

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu noble

  • jq1.7.1-3ubuntu0.24.04.2apt_upgrade

    Standard apt upgrade. Install 1.7.1-3ubuntu0.24.04.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • jq1.7.1-3ubuntu0.24.04.2apt_upgrade

    Standard apt upgrade. Install 1.7.1-3ubuntu0.24.04.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libjq-dev1.7.1-3ubuntu0.24.04.2apt_upgrade

    Standard apt upgrade. Install 1.7.1-3ubuntu0.24.04.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libjq-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libjq11.7.1-3ubuntu0.24.04.2apt_upgrade

    Standard apt upgrade. Install 1.7.1-3ubuntu0.24.04.2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libjq1

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu questing

  • jq1.8.1-3ubuntu1.1apt_upgrade

    Standard apt upgrade. Install 1.8.1-3ubuntu1.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • jq1.8.1-3ubuntu1.1apt_upgrade

    Standard apt upgrade. Install 1.8.1-3ubuntu1.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libjq-dev1.8.1-3ubuntu1.1apt_upgrade

    Standard apt upgrade. Install 1.8.1-3ubuntu1.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libjq-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libjq11.8.1-3ubuntu1.1apt_upgrade

    Standard apt upgrade. Install 1.8.1-3ubuntu1.1 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libjq1

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu trusty

  • jq1.3-1.1ubuntu1.1+esm4apt_upgrade

    Standard apt upgrade. Install 1.3-1.1ubuntu1.1+esm4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • jq1.3-1.1ubuntu1.1+esm4apt_upgrade

    Standard apt upgrade. Install 1.3-1.1ubuntu1.1+esm4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Ubuntu xenial

  • jq1.5+dfsg-1ubuntu0.1+esm4apt_upgrade

    Standard apt upgrade. Install 1.5+dfsg-1ubuntu0.1+esm4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • jq1.5+dfsg-1ubuntu0.1+esm4apt_upgrade

    Standard apt upgrade. Install 1.5+dfsg-1ubuntu0.1+esm4 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8202-1?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8202-1 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first
Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →