StackPatch is liveSee product

Back to CVE digest
Ubuntu USN · USN-8202-2

jq vulnerabilities

Published: Tue, 28 Apr 2026 04:18

CVE-2026-33948CVE-2026-40164CVE-2026-32316CVE-2026-39979CVE-2026-33947CVE-2026-39956

Summary

Several security issues were fixed in jq.

Details

USN-8202-1 fixed vulnerabilities in jq. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: It was discovered that jq did not correctly handle certain string concatenations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-32316) It was discovered that jq did not correctly handle recursion in certain circumstances. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-33947) It was discovered that jq did not correctly handle improperly terminated strings. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2026-33948) It was discovered that jq did not correctly handle checking certain variable types. An attacker could possibly use this issue to cause a denial of service or leak sensitive information. (CVE-2026-39956) It was discovered that jq did not correctly handle certain string formatting. An attacker could possibly use this issue to leak sensitive information or cause a denial of service. (CVE-2026-39979) It was discovered that jq used a fixed seed for hash table operations. An attacker could possibly use this issue to cause a denial of service. (CVE-2026-40164)

Recommended actions per Ubuntu release

StackPatch playbook auto-generated per release codename and per affected package.

Ubuntu resolute

  • jq1.8.1-4ubuntu2apt_upgrade

    Standard apt upgrade. Install 1.8.1-4ubuntu2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • jq1.8.1-4ubuntu2apt_upgrade

    Standard apt upgrade. Install 1.8.1-4ubuntu2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y jq

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libjq-dev1.8.1-4ubuntu2apt_upgrade

    Standard apt upgrade. Install 1.8.1-4ubuntu2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libjq-dev

    Most apt upgrades restart their service automatically. needrestart lists anything else.

  • libjq11.8.1-4ubuntu2apt_upgrade

    Standard apt upgrade. Install 1.8.1-4ubuntu2 from the apt repo.

    sudo apt-get update
sudo apt-get install --only-upgrade -y libjq1

    Most apt upgrades restart their service automatically. needrestart lists anything else.

Are YOU affected by USN-8202-2?

5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8202-2 (and any other live CVE) applies. Anonymous, no signup.

curl https://mindsparkstack.com/scan.sh | bash
Form-based quickscan Read the bash source first
Want this automated for your servers?

StackPatch runs this match against YOUR installed packages every hour

Free 1-server / $99 lifetime founder seat (50 only) / $19+/mo monthly. Indie pricing.

Buy lifetime →See StackPatch →Live audit log →