Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2146560 | [FFe + SRU] edk2: Introduce FirmwareSecvarUpdater for MS 2023 CA rollout | edk2 edk2 edk2 edk2 virt-firmware edk2 edk2 |
| Launchpad | 2155270 | d/tests/secvar_update.py: GPL-3.0-only license incompatible with virt-firmware GPL-2.0-only | edk2-hwe edk2 edk2-hwe edk2 |
| Launchpad | 2153530 | libvirt: excessive memory allocation / OOM when physical_package_id is large | libvirt-hwe libvirt libvirt-hwe libvirt libvirt libvirt libvirt libvirt libvirt libvirt |
| CVE | CVE-2026-6843 | A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a nam | nano nano nano nano nano nano nano nano nano nano nano nano nano nano nano nano |
| CVE | CVE-2026-6842 | A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead | nano nano nano nano nano nano nano nano nano nano nano nano nano nano nano nano |
| Launchpad | 2154265 | Unattended-Upgrade will upgrade 6.17.0-1023-oem kernel without nvidia-driver | linux-restricted-signatures-oem-6.17 linux-restricted-modules-oem-6.17 linux-meta-oem-6.17 linux-restricted-signatures-oem-6.17 linux-restricted-modules-oem-6.17 linux-meta-oem-6.17 linux-restricted-modules-oem-7.0 linux-restricted-signatures-oem-7.0 linux-restricted-modules-oem-7.0 |
| CVE | CVE-2026-5090 | Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quo | libtemplate-perl libtemplate-perl libtemplate-perl libtemplate-perl libtemplate-perl libtemplate-perl libtemplate-perl libtemplate-perl |
| CVE | CVE-2026-8368 | LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the re | libwww-perl libwww-perl libwww-perl libwww-perl libwww-perl libwww-perl libwww-perl libwww-perl |
| CVE | CVE-2026-42304 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to | twisted twisted twisted twisted twisted twisted twisted twisted |
| CVE | CVE-2026-44432 | urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portio | python-urllib3 python-urllib3 |
| CVE | CVE-2026-44431 | urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.conn | python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 |
| CVE | CVE-2026-37459 | An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UP | frr frr frr frr frr frr frr frr |
| CVE | CVE-2026-37458 | Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denia | frr frr frr frr frr frr frr frr frr frr frr frr frr frr frr frr |
| CVE | CVE-2026-37457 | An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 al | frr frr frr frr frr frr frr frr frr frr frr frr frr frr frr frr |
| CVE | CVE-2026-28532 | FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a | frr frr frr frr frr frr frr frr frr frr frr frr frr frr frr frr |
| Launchpad | 2154780 | [SRU] Include libcrypt-dev in build-essential for resolute | build-essential build-essential |
| Launchpad | 2150297 | nautilus have frequent crashes while navigating fast through directories on 26.04 release | gtk4 gtk4 |
| Launchpad | 2154281 | [SRU] [MRE] Update gtk4 to 4.22.4 | gtk4 gtk4 |
| CVE | CVE-2025-48924 | Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to | libcommons-lang-java libcommons-lang3-java libcommons-lang-java libcommons-lang-java libcommons-lang3-java libcommons-lang-java |
| CVE | CVE-2026-34293 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily ex | mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
About
-
Send Feedback to @ubuntu_updates
