UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2024-54661 readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. socat socat
CVE CVE-2026-41992 GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between diffe gzip gzip gzip gzip gzip gzip gzip gzip gzip gzip
CVE CVE-2026-41991 GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the u gzip gzip gzip gzip gzip gzip gzip gzip gzip gzip
CVE CVE-2026-56123 socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite ad socat socat socat socat
CVE CVE-2026-4224 When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stac python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-3644 The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-2297 The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-1299 The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allow python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2025-69534 Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled Assert python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2025-13462 The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-9669 bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same dec python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-8328 The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV ho python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-7774 tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive me python3.14 python3.14 python3.12 python3.12 python3.14 python3.14 python3.12 python3.12
CVE CVE-2026-6100 Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `M python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-6019 http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-5713 The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree" python3.14 python3.14 python3.14 python3.14
CVE CVE-2026-4786 Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser. python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-4519 The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behav python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-3276 unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-1502 CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10



About   -   Send Feedback to @ubuntu_updates