Ubuntu July 6 Server Security Updates Expanded: OpenSSH, PHP, GnuTLS, Gzip, socat, and More

Ubuntu's July 6 server security rollup now includes OpenSSH, PHP, GnuTLS, Gzip, socat, tar, Python, Request Tracker, SOGo, and Parsl updates.
Ubuntu July 6 server security updates for OpenSSH PHP GnuTLS Gzip socat tar Python Request Tracker SOGo and Parsl

Updated July 6, 2026 at 18:18 UTC: this FixItPhill tracker was expanded after the later Ubuntu Security Notices appeared in the radar pass. The original July 6 server rollup covered tar, Python, Request Tracker, SOGo, and Parsl. The current source-visible set also includes USN-8514-1 for OpenSSH, USN-8513-1 for PHP, USN-8502-1 for GnuTLS, USN-8512-1 for Gzip, and USN-8511-1 for socat.

For hosting teams, the practical point is that this is not one package family. It touches login tooling, PHP web workloads, TLS libraries, compression utilities, network relay tooling, archive handling, Python runtime components, web application dependencies, groupware, and workflow infrastructure. Treat it as a maintenance window, not a single package update.

What changed in the expanded watch

  • USN-8514-1 / OpenSSH: Canonical says OpenSSH could be made to overwrite files as the administrator. The notice references CVE-2026-35385. On servers, prioritize systems where administrators use legacy scp workflows or where SSH maintenance access is central to operations.
  • USN-8513-1 / PHP: PHP updates matter directly to WordPress, WooCommerce, billing portals, control panels, and customer application stacks. Confirm which PHP branches your panel or package vendor actually ships before closing the ticket.
  • USN-8502-1 / GnuTLS: GnuTLS sits under software that performs TLS negotiation, certificate validation, or secure client/server communication. Inventory mail, API, package, and automation paths that link against the affected libraries.
  • USN-8512-1 / Gzip: Compression tooling often looks low drama, but it is common in backup, log, package, and restore workflows. Update it on admin hosts, build hosts, and shared utility servers.
  • USN-8511-1 / socat: socat is used in forwarding, relay, diagnostic, and automation patterns. Treat exposed or privileged relay use as higher priority than one-off local troubleshooting installs.

Backup-first admin checklist

  1. Snapshot or back up the host before updating, especially when SSH, PHP, TLS libraries, and compression utilities are all in scope.
  2. Update from the approved Ubuntu, Ubuntu Pro, or vendor-managed repository for the exact release and support channel in use.
  3. Restart affected services after the packages land. For shared hosting, include PHP-FPM pools, web servers, mail services, panel services, and any long-running automation that links affected libraries.
  4. Check the running service versions after restart, not only the installed package metadata.
  5. For customer-facing systems, document the maintenance result: which USNs were applied, whether a reboot was needed, and which public services were smoke-tested afterward.

Why this stays one post

The radar pass already had a July 6 Ubuntu server article live, so this is an update to the existing coverage instead of a duplicate. The reader action is the same: verify the affected Ubuntu release, apply the official packages, restart dependent services, and record proof that the live service is running the updated code path.

Sources checked

Picture of admin

admin

Leave a Reply

Sign up for our Newsletter

Get the latest information on what is going on in the I.T. World.