Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-23534 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec | freerdp2 freerdp2 |
| CVE | CVE-2026-23533 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX Cle | freerdp2 freerdp2 |
| CVE | CVE-2026-23532 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP c | freerdp2 freerdp2 |
| CVE | CVE-2026-23531 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompre | freerdp2 freerdp2 |
| CVE | CVE-2026-23530 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWi | freerdp2 freerdp2 |
| CVE | CVE-2026-0915 | Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-v | glibc glibc glibc glibc glibc glibc |
| CVE | CVE-2026-0861 | Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 | glibc glibc glibc glibc glibc glibc |
| CVE | CVE-2025-15281 | Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return un | glibc glibc glibc glibc glibc glibc |
| CVE | CVE-2026-24061 | telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment variable. | inetutils inetutils |
| CVE | CVE-2025-28164 | Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function. | libpng1.6 libpng1.6 |
| CVE | CVE-2025-28162 | Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer (AS | libpng1.6 libpng1.6 |
| CVE | CVE-2025-2816 | The Page View Count plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing cap | libpng1.6 libpng1.6 |
| CVE | CVE-2026-21968 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4 | mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-21964 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.0-8.0.44 | mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-21948 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4 | mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-21941 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4 | mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-21937 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4 | mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-21936 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 an | mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| Launchpad | 2138915 | [SRU] ath12k: WCN7850 hw2.0 firmware updates to enable Wi-Fi 7 | linux-firmware |
| Launchpad | 2138721 | intel_ipu7_isys.isys intel_ipu7.isys.40: stream start time out | linux-firmware |
About
-
Send Feedback to @ubuntu_updates
