UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2025-10263 Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Corte linux-azure-nvidia
Launchpad 2156472 net: mana: Fix TOCTOU double-fetch of hwc_msg_id from DMA buffer linux-azure-nvidia
Launchpad 2155222 [hyperv] Ensure MMIO Mapping is Correct for Kexec / kdump kernel on Azure v6 Instance Types linux-azure-nvidia
Launchpad 2155434 net: mana: Avoid queue struct allocation failure under memory fragmentation linux-azure-nvidia
Launchpad 2156920 Fix MANA RX queue creation/error-cleanup path issues when RXQ initialization fails partway through linux-azure-nvidia
Launchpad 2157545 azure: backport \ linux-azure-nvidia
Launchpad 2158920 noble-stable-2026-06-16 dropped a bracket causing FTBFS linux-azure-nvidia
CVE CVE-2026-5773 libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequen curl curl curl curl
CVE CVE-2026-12064 When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl curl curl curl curl
CVE CVE-2026-11586 By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a curl curl
CVE CVE-2026-11564 libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle th curl curl
CVE CVE-2026-11352 An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. curl curl
CVE CVE-2026-10536 A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR curl curl curl curl curl curl
Launchpad 2158262 Please drop pollinate from the default installed set in ubuntu server ubuntu-meta
CVE CVE-2026-24660 A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw
CVE CVE-2026-24450 An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious fi libraw libraw libraw libraw libraw libraw libraw libraw
CVE CVE-2026-21413 A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A speciall libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw
CVE CVE-2026-20889 A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw
CVE CVE-2026-20884 An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can l libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw
CVE CVE-2026-5342 A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw



About   -   Send Feedback to @ubuntu_updates