Ubuntu Security Notices USN-8078-1 USN-8078-1: Zutty vulnerability Publication date 5 March 2026 Overview Zutty could be made to execute arbitrary commands. Releases 22.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages zutty - X terminal emulator Details Carter Sande discovered that Zutty did not correctly echo invalid input to the console on DECRQSS. An attacker could possibly use this issue to execute arbitrary commands. Carter Sande discovered that Zutty did not correctly echo invalid input to the console on DECRQSS. An attacker could possibly use this issue to execute arbitrary commands. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 22.04 LTS jammy zutty – 0.11.2.20220109.192032+dfsg1-1ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2022-41138 CVE-2022-41138