UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-44064 An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or c netatalk netatalk
CVE CVE-2026-44062 A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitr netatalk netatalk
CVE CVE-2026-44060 An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a c netatalk netatalk
CVE CVE-2026-44055 A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execut netatalk netatalk
CVE CVE-2026-44052 Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files t netatalk netatalk
CVE CVE-2026-44051 An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite netatalk netatalk
CVE CVE-2026-44050 A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute netatalk netatalk
CVE CVE-2026-44049 An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker t netatalk netatalk
CVE CVE-2026-44048 A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to netatalk netatalk
CVE CVE-2026-44047 An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorize netatalk netatalk
CVE CVE-2026-40199 Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentin libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl
CVE CVE-2026-40198 Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that un libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl
Launchpad 2155874 rsync 3.4.4 security regression bugfix tracking bug rsync rsync rsync rsync rsync rsync rsync rsync
CVE CVE-2026-3608 Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA list isc-kea isc-kea isc-kea isc-kea
CVE CVE-2026-41079 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can cups cups cups cups cups cups cups cups
CVE CVE-2026-39316 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free v cups cups cups cups cups cups cups cups
CVE CVE-2026-39314 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underfl cups cups cups cups cups cups cups cups
CVE CVE-2026-34990 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileg cups cups cups cups cups cups cups cups
CVE CVE-2026-34980 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-expos cups cups cups cups cups cups cups cups
CVE CVE-2026-34979 OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-ba cups cups cups cups cups cups cups cups



About   -   Send Feedback to @ubuntu_updates