Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2144719 | 2026.02.04 new upstream release | wireless-regdb wireless-regdb wireless-regdb wireless-regdb wireless-regdb |
| Launchpad | 2142615 | [SRU] Smartcard logon not possible in Remmina (RDP) | remmina remmina remmina remmina |
| CVE | CVE-2026-4438 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 t | glibc glibc |
| CVE | CVE-2026-4437 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 t | glibc glibc |
| Debian | 1129746 | glibc is not built with -fstack-clash-protection (despite it being in dpkg-buildflags) | glibc glibc |
| Launchpad | 2145679 | glibc 2.43 ftbfs | glibc glibc |
| Launchpad | 2122100 | Rust coreutils `date` causes glibc to FTBFS | glibc glibc |
| Launchpad | 2142067 | static-pie binaries crash on riscv64 with glibc 2.43 on resolute. | glibc glibc |
| Launchpad | 2147117 | [SRU] Workers return 500 when SSL is enabled | gunicorn |
| CVE | CVE-2026-5107 | A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the compon | frr frr frr frr frr frr frr frr frr frr frr frr |
| CVE | CVE-2006-10003 | XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the s | libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl |
| CVE | CVE-2006-10002 | XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crash | libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl |
| CVE | CVE-2026-4897 | A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` set | policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 |
| CVE | CVE-2025-7519 | A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This iss | policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 |
| CVE | CVE-2026-34982 | Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution wh | vim vim vim vim vim vim vim vim vim vim vim vim |
| CVE | CVE-2026-33412 | Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix | vim vim vim vim vim vim vim vim vim vim vim vim |
| CVE | CVE-2026-32249 | Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containin | vim vim vim vim vim vim vim vim |
| Launchpad | 2147094 | [BPO] Starting recording fails | obs-studio |
| CVE | CVE-2026-35092 | A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacke | corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync |
| CVE | CVE-2026-35091 | A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit toke | corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync |
About
-
Send Feedback to @ubuntu_updates
