UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
Launchpad 2114995 Accessibility fails in background selection gnome-control-center
Launchpad 2107454 GNOME Shell crashed with SIGABRT at clutter_actor_finalize: assertion failed: (priv-\u003egrabs == NULL) on Xorg mutter mutter
Launchpad 2115973 Accessibility issues in gnome-control-center gnome-control-center gnome-control-center
Launchpad 2078527 sys.version from mod_python cannot be parsed by the python platform module libapache2-mod-python
Launchpad 2103668 Onionshare fatally crashes after Tor connection (fix seems easy) onionshare
CVE CVE-2025-53020 Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2025-49812 In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2025-49630 In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untruste apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2025-23048 In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2024-47252 Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape c apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2024-43204 SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.  Requires an apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2024-42516 HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hos apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2
CVE CVE-2025-40777 If a `named` caching resolver is configured with `serve-stale-enable` ... bind9 bind9 bind9 bind9
Launchpad 2116954 A button lacks the A11Y role malcontent malcontent malcontent malcontent
Launchpad 2100902 Request to allow variable-sized MANA indirection table linux-azure-nvidia linux-azure-nvidia
Launchpad 2114218 [Arm64] High reboot time for 96 core Linux VMs linux-azure-nvidia linux-azure-nvidia
Launchpad 2115453 [GB200] MANA patch updates linux-azure-nvidia linux-azure-nvidia
CVE CVE-2024-11498 There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to jpeg-xl jpeg-xl
CVE CVE-2024-11403 There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JP jpeg-xl jpeg-xl
CVE CVE-2023-35790 An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, su jpeg-xl jpeg-xl



About   -   Send Feedback to @ubuntu_updates