Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2152830 | Taint mismatch, Ustrncpy: string_is_ip_addressX 110 | exim4 exim4 |
| Launchpad | 2155665 | Removing package ubuntu-helper-virt-hwe breaks Apt | qemu-hwe qemu-hwe |
| CVE | CVE-2026-43513 | Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0. | tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 |
| CVE | CVE-2026-43512 | DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 t | tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 |
| CVE | CVE-2026-43515 | Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affe | tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 |
| CVE | CVE-2026-42498 | Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache | tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 |
| CVE | CVE-2026-41293 | Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 1 | tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 |
| CVE | CVE-2026-41284 | Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2 | tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 |
| Launchpad | 2155241 | [SRU] libreoffice 26.2.4 for resolute | libreoffice libreoffice |
| CVE | CVE-2026-9076 | Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ... | openssl openssl openssl openssl openssl openssl openssl openssl |
| CVE | CVE-2026-7383 | Issue summary: A signed integer overflow when sizing the destination b ... | openssl openssl openssl openssl openssl openssl openssl openssl |
| CVE | CVE-2026-45447 | Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ... | openssl openssl openssl openssl openssl openssl openssl openssl |
| CVE | CVE-2026-45446 | Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ... | openssl openssl openssl openssl openssl openssl openssl openssl |
| CVE | CVE-2026-45445 | Issue summary: When an application drives an AES-OCB context through t ... | openssl openssl openssl openssl openssl openssl openssl openssl |
| CVE | CVE-2026-42770 | Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X ... | openssl openssl openssl openssl openssl openssl openssl openssl |
| CVE | CVE-2026-42769 | Issue Summary: An error in the callback used to verify the certificate ... | openssl openssl openssl openssl |
| CVE | CVE-2026-42768 | Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnera ... | openssl openssl openssl openssl |
| CVE | CVE-2026-42767 | Issue summary: An attacker-controlled CMP (Certificate Management Prot ... | openssl openssl openssl openssl openssl openssl openssl openssl |
| CVE | CVE-2026-42766 | Issue summary: A specially crafted password-encrypted CMS message can ... | openssl openssl openssl openssl openssl openssl openssl openssl |
| CVE | CVE-2026-42764 | Issue summary: Receiving a QUIC initial packet with an invalid token m ... | openssl openssl openssl openssl |
About
-
Send Feedback to @ubuntu_updates
