Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2114995 | Accessibility fails in background selection | gnome-control-center |
| Launchpad | 2107454 | GNOME Shell crashed with SIGABRT at clutter_actor_finalize: assertion failed: (priv-\u003egrabs == NULL) on Xorg | mutter mutter |
| Launchpad | 2115973 | Accessibility issues in gnome-control-center | gnome-control-center gnome-control-center |
| Launchpad | 2078527 | sys.version from mod_python cannot be parsed by the python platform module | libapache2-mod-python |
| Launchpad | 2103668 | Onionshare fatally crashes after Tor connection (fix seems easy) | onionshare |
| CVE | CVE-2025-53020 | Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63 | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2025-49812 | In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2025-49630 | In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untruste | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2025-23048 | In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2024-47252 | Insufficient escaping of user-supplied data in mod_ssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape c | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2024-43204 | SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2024-42516 | HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hos | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2025-40777 | If a `named` caching resolver is configured with `serve-stale-enable` ... | bind9 bind9 bind9 bind9 |
| Launchpad | 2116954 | A button lacks the A11Y role | malcontent malcontent malcontent malcontent |
| Launchpad | 2100902 | Request to allow variable-sized MANA indirection table | linux-azure-nvidia linux-azure-nvidia |
| Launchpad | 2114218 | [Arm64] High reboot time for 96 core Linux VMs | linux-azure-nvidia linux-azure-nvidia |
| Launchpad | 2115453 | [GB200] MANA patch updates | linux-azure-nvidia linux-azure-nvidia |
| CVE | CVE-2024-11498 | There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to | jpeg-xl jpeg-xl |
| CVE | CVE-2024-11403 | There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JP | jpeg-xl jpeg-xl |
| CVE | CVE-2023-35790 | An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2. An integer underflow in patch decoding can lead to a denial of service, su | jpeg-xl jpeg-xl |
About
-
Send Feedback to @ubuntu_updates
