Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2055825 | fips-updates: upgrade from 20.04 to 22.04 fails | ubuntu-release-upgrader ubuntu-release-upgrader |
| CVE | CVE-2026-55200 | libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bo | libssh2 libssh2 |
| CVE | CVE-2026-55199 | libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src | libssh2 libssh2 libssh2 |
| CVE | CVE-2025-15661 | libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that | libssh2 libssh2 libssh2 |
| Launchpad | 2153395 | [SRU] Fix resource assignment in gc1101 firmware | linux-firmware-amd-graphics |
| Launchpad | 2147396 | AMD Ryzen did not response after system enter suspend | linux-firmware-amd-graphics |
| CVE | CVE-2026-11526 | GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle. GD::Ima | libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl |
| CVE | CVE-2026-8632 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalati | hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip |
| CVE | CVE-2026-8631 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalati | hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip |
| CVE | CVE-2026-41401 | libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers | libyang libyang libyang libyang libyang libyang |
| CVE | CVE-2026-12318 | Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | nss nss nss nss nss nss nss nss nss nss |
| CVE | CVE-2026-49271 | libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed | libheif libheif libheif libheif |
| CVE | CVE-2026-11824 | SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a cras | sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 |
| CVE | CVE-2026-11822 | SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, | sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 |
| Launchpad | 2147329 | [SRU] openvswitch 3.3.9 point release | openvswitch openvswitch |
| Launchpad | 2154006 | [SRU] openvswitch 2.17.12 point release | openvswitch openvswitch |
| Launchpad | 2154007 | [SRU] openvswitch 3.6.3 point release | openvswitch openvswitch |
| Launchpad | 2157880 | [SRU] libadwaita 1.9.1 | libadwaita-1 |
| Launchpad | 2156488 | [SRU][Resolute] volume control broken when AVRCP connects before AVDTP due to uninitialised target volume | bluez bluez |
| Launchpad | 2156411 | [SRU][Resolute] GATT cached db hash is not updating when adding services to existing connection | bluez bluez |
About
-
Send Feedback to @ubuntu_updates
