UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
Launchpad 2158238 [Potential regression] ubuntu_lttng_smoke_test failed with R/linux 7.0.0-28.28 lttng-modules
Launchpad 2091957 [SRU] libheif cannot open iOS 18 HEIC files libheif libheif
Launchpad 2150220 \ gnome-initial-setup
Launchpad 2144629 [SRU exception] backport 5.55 to Noble and Questing autopkgtest
Launchpad 2103533 plymouth crashes with SIGSEGV in ply_terminal_set_disabled_input() from open_input_source() [drm.so] from ply_renderer_open_input_source() plymouth plymouth
Launchpad 2157984 [SRU] at-spi2-core 2.60.4 at-spi2-core
Launchpad 2158479 [SRU] crystal-dock appears frozen when upgraded from 24.04 to 26.04 budgie-desktop-environment
CVE CVE-2026-23631 Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-repl valkey valkey valkey
CVE CVE-2026-25243 Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values valkey valkey valkey
CVE CVE-2026-23479 Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `pro valkey valkey valkey
Launchpad 2151296 Update Valkey to 7.2.13 in noble, 8.1.7 in questing, and 9.0.4 in resolute and stonking valkey valkey valkey
Launchpad 2055825 fips-updates: upgrade from 20.04 to 22.04 fails ubuntu-release-upgrader ubuntu-release-upgrader
CVE CVE-2026-55200 libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bo libssh2 libssh2 libssh2 libssh2
CVE CVE-2026-55199 libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src libssh2 libssh2 libssh2 libssh2 libssh2 libssh2
CVE CVE-2025-15661 libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that libssh2 libssh2 libssh2 libssh2 libssh2 libssh2
Launchpad 2153395 [SRU] Fix resource assignment in gc1101 firmware linux-firmware-amd-graphics
Launchpad 2147396 AMD Ryzen did not response after system enter suspend linux-firmware-amd-graphics
CVE CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle. GD::Ima libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl
CVE CVE-2026-8632 A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalati hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip
CVE CVE-2026-8631 A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalati hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip



About   -   Send Feedback to @ubuntu_updates