Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2023-0645 | An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recom | jpeg-xl jpeg-xl |
| Launchpad | 2112466 | /usr/share/apport/apport:FileNotFoundError:/usr/share/apport/apport@600:get_pid_info on /proc/\u003cpid\u003e | apport apport apport apport apport apport apport apport apport apport apport apport apport apport apport apport apport apport apport apport |
| CVE | CVE-2025-5745 | The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 with | glibc glibc glibc glibc |
| CVE | CVE-2025-5702 | The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 witho | glibc glibc glibc glibc glibc glibc glibc glibc |
| CVE | CVE-2025-6395 | A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a templa | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2025-32990 | A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads ce | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2025-32989 | A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) exten | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2025-32988 | A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternati | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2025-38075 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may | linux linux |
| CVE | CVE-2025-38048 | In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN syzbot | linux linux |
| CVE | CVE-2025-38072 | In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in nd_label_data_init() If a faulty CXL memo | linux linux |
| CVE | CVE-2025-38068 | In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the | linux linux |
| CVE | CVE-2025-38066 | In the Linux kernel, the following vulnerability has been resolved: dm cache: prevent BUG_ON by blocking retries on failed device resumes A cache d | linux linux |
| CVE | CVE-2025-38065 | In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of i_size | linux linux |
| CVE | CVE-2025-38044 | In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set device_caps for 417 The video_device for the MPEG encoder d | linux linux |
| CVE | CVE-2025-38043 | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_ffa: Set dma_mask for ffa devices Set dma_mask for FFA devices, o | linux linux |
| CVE | CVE-2025-38061 | In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgen_thread_write() H | linux linux |
| CVE | CVE-2025-38037 | In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry | linux linux |
| CVE | CVE-2025-38035 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: don't restore null sk_state_change queue->state_change is set as par | linux linux |
| CVE | CVE-2025-38034 | In the Linux kernel, the following vulnerability has been resolved: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref btrfs_pre | linux linux |
About
-
Send Feedback to @ubuntu_updates
