Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-48681 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | ironic ironic ironic ironic ironic ironic ironic ironic |
| CVE | CVE-2026-44917 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_templa | ironic ironic ironic ironic ironic ironic ironic ironic |
| CVE | CVE-2026-46447 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | ironic ironic ironic ironic ironic ironic ironic ironic |
| Launchpad | 2156398 | lpadmin breaks automatic installation | cups-pdf cups-pdf cups-pdf cups-pdf cups-pdf cups-pdf cups-pdf cups-pdf |
| Launchpad | 2154677 | [BPO] libreoffice 25.8.7 for jammy/noble | libreoffice libreoffice libreoffice libreoffice |
| Launchpad | 2154543 | [Security] ubuntu-kylin-software-center: root privilege escalation via command injection in D-Bus method copy_file_to_install | ubuntu-kylin-software-center ubuntu-kylin-software-center |
| CVE | CVE-2026-41283 | OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which | mistral mistral mistral mistral mistral mistral mistral mistral |
| CVE | CVE-2026-45591 | Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. | dotnet8 dotnet8 dotnet10 dotnet9 dotnet10 dotnet8 dotnet8 dotnet10 dotnet10 dotnet9 dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-45491 | Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally. | dotnet8 dotnet8 dotnet10 dotnet9 dotnet10 dotnet8 dotnet8 dotnet10 dotnet10 dotnet9 dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-47372 | Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is | libcrypt-saltedhash-perl libcrypt-saltedhash-perl |
| Launchpad | 2156327 | [SRU] Add quirks support for Elan touchpad 04F3:3355 | libinput libinput libinput libinput libinput libinput |
| Launchpad | 2156191 | [SRU] kwin_wayland does not use the NVIDIA GPU on Wayland when prime-select is set to nvidia | plasma-optimus |
| CVE | CVE-2026-8450 | HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's 2-arg open( | libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl libhttp-daemon-perl |
| Launchpad | 2152830 | Taint mismatch, Ustrncpy: string_is_ip_addressX 110 | exim4 exim4 exim4 exim4 |
| Launchpad | 2155665 | Removing package ubuntu-helper-virt-hwe breaks Apt | qemu-hwe qemu-hwe |
| CVE | CVE-2026-43513 | Improper Handling of Case Sensitivity vulnerability in LockOutRealm in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0. | tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 |
| CVE | CVE-2026-43512 | DEPRECATED: Authentication Bypass Issues vulnerability in digest authentication in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 t | tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 |
| CVE | CVE-2026-43515 | Improper Authorization vulnerability when multiple method constraints define an HTTP method for the same extension in Apache Tomcat. This issue affe | tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 |
| CVE | CVE-2026-42498 | Exposure of HTTP Authentication Header to unexpected hosts during WebSocket authentication vulnerability in Apache Tomcat. This issue affects Apache | tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 |
| CVE | CVE-2026-41293 | Improper Input Validation vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 1 | tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 tomcat9 tomcat10 |
About
-
Send Feedback to @ubuntu_updates
