UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-41283 OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which mistral mistral mistral mistral
CVE CVE-2026-45591 Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. dotnet8 dotnet8 dotnet10 dotnet9 dotnet10 dotnet8 dotnet8 dotnet10 dotnet10 dotnet9 dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-45491 Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally. dotnet8 dotnet8 dotnet10 dotnet9 dotnet10 dotnet8 dotnet8 dotnet10 dotnet10 dotnet9 dotnet10 dotnet8 dotnet10 dotnet8
CVE CVE-2026-47372 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is libcrypt-saltedhash-perl libcrypt-saltedhash-perl
Launchpad 2156327 [SRU] Add quirks support for Elan touchpad 04F3:3355 libinput libinput libinput libinput libinput libinput
Launchpad 2156191 [SRU] kwin_wayland does not use the NVIDIA GPU on Wayland when prime-select is set to nvidia plasma-optimus
CVE CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open( libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl
Launchpad 2152830 Taint mismatch, Ustrncpy: string_is_ip_addressX 110 exim4 exim4 exim4 exim4
Launchpad 2155665 Removing package ubuntu-helper-virt-hwe breaks Apt qemu-hwe qemu-hwe
CVE CVE-2026-43513 Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0. tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10
CVE CVE-2026-43512 DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 t tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10
CVE CVE-2026-43515 Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affe tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10
CVE CVE-2026-42498 Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10
CVE CVE-2026-41293 Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 1 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10
CVE CVE-2026-41284 Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10
Launchpad 2155241 [SRU] libreoffice 26.2.4 for resolute libreoffice libreoffice
CVE CVE-2026-9076 Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key ... openssl openssl openssl openssl openssl openssl openssl openssl
CVE CVE-2026-7383 Issue summary: A signed integer overflow when sizing the destination b ... openssl openssl openssl openssl openssl openssl openssl openssl
CVE CVE-2026-45447 Issue summary: A specially crafted PKCS#7 or S/MIME signed message cou ... openssl openssl openssl openssl openssl openssl openssl openssl
CVE CVE-2026-45446 Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-S ... openssl openssl openssl openssl openssl openssl openssl openssl


About   -   Send Feedback to @ubuntu_updates