Ubuntu 16.x — End of Life

EOL Actively exploited
EOL: Jul 20, 20172 releases in this series19 CVEs

Ubuntu 16.x — All releases

VersionReleasedActive supportEOL dateLatest patchStatus
16.10Oct 13, 2016Jul 20, 2017Jul 20, 201716.10EOL
16.04LTSApr 21, 2016Apr 2, 2021Apr 2, 202116.04.7EOL

CVEs affecting Ubuntu 16.x (19)

CVESeverityCVSSEPSSKEVCycleDescriptionPublished
CVE-2026-31431HIGH7.896.27% KEV 16.10In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla…Apr 22, 2026
CVE-2026-31431HIGH7.896.27% KEV 16.04In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla…Apr 22, 2026
CVE-2026-3888HIGH7.80.38%16.04Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private …Mar 17, 2026
CVE-2022-0492HIGH7.85.53% KEV 16.04A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. Th…Mar 3, 2022
CVE-2020-29372MEDIUM4.70.39%16.04An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition betwee…Nov 28, 2020
CVE-2019-18197HIGH7.54.45%16.04In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the rel…Oct 18, 2019
CVE-2019-16168MEDIUM6.54.25%16.04In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missin…Sep 9, 2019
CVE-2019-13118MEDIUM5.35.15%16.04In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an in…Jul 1, 2019
CVE-2019-13117MEDIUM5.36.46%16.04In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumb…Jul 1, 2019
CVE-2019-11068CRITICAL9.85.09%16.04libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permi…Apr 10, 2019
CVE-2019-7317MEDIUM5.39.39%16.04png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called und…Feb 4, 2019
CVE-2019-6109MEDIUM6.83.81%16.04An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (o…Jan 31, 2019
CVE-2018-10902HIGH7.80.52%16.04It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc …Aug 21, 2018
CVE-2018-13785MEDIUM6.54.47%16.04In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an i…Jul 9, 2018
CVE-2018-3639MEDIUM5.560.63%16.04Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addres…May 22, 2018
CVE-2017-5753MEDIUM5.693.84%16.04Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of …Jan 4, 2018
CVE-2016-9842HIGH8.85.20%16.04The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact v…May 23, 2017
CVE-2016-9841CRITICAL9.87.55%16.04inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointe…May 23, 2017
CVE-2016-9840HIGH8.84.79%16.04inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper point…May 23, 2017

Ubuntu 16.x is EOL — migrate to Ubuntu 17.x

Ubuntu 17.x is the next major release. Plan your upgrade before Ubuntu 16.x stops receiving security patches.

See Ubuntu 17.x

Frequently asked questions

Is Ubuntu 16 end of life?

Yes. All Ubuntu 16.x releases have reached end of life and no longer receive security patches. There are 19 known CVEs affecting Ubuntu 16.x, including 2 critical. Migrate to Ubuntu 17.x as soon as possible.

What CVEs affect Ubuntu 16?

There are 19 CVEs tracked for Ubuntu 16.x, including 2 critical severity issues and 3 listed in the CISA Known Exploited Vulnerabilities catalog. See the full list above with CVSS and EPSS scores.

What is the latest Ubuntu 16 version?

The latest Ubuntu 16.x patch release is 16.10, released on October 13, 2016. Always run the latest patch to benefit from all security fixes.

How to migrate from Ubuntu 16 to Ubuntu 17?

To migrate from Ubuntu 16 to Ubuntu 17: (1) review the official Ubuntu 17 migration guide for breaking changes, (2) update dependencies and configuration accordingly, (3) test thoroughly in a staging environment, (4) deploy with a rollback plan. Starting early gives you time to resolve compatibility issues before your current version reaches end of life.

Is it safe to run Ubuntu 16 in production?

No. Ubuntu 16 has reached end of life and security vulnerabilities are no longer patched. Critically, 3 CVEs affecting Ubuntu 16.x are in the CISA KEV catalog — meaning they are actively exploited in the wild. Upgrade to a supported version immediately.

Data sourced from endoflife.date · CVE data from NVD · EPSS from FIRST.org · KEV from CISA

© 2026 EOLCanary — Data from endoflife.date & NVD
Explore