UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-58472 GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the html_quote_string() function in src/convert.c wget wget wget wget wget
CVE CVE-2026-58471 GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convert_fname() function within src/url.c that wget wget wget wget wget
CVE CVE-2026-58470 GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parse_content_range() function within src/http.c wget wget wget wget wget
CVE CVE-2026-58469 GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the clean_metalink_string() function within src/m wget wget wget wget wget
CVE CVE-2026-12969 An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is call dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq
CVE CVE-2026-12725 A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies contain dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq
CVE CVE-2024-25178 LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c. luajit luajit luajit luajit
CVE CVE-2024-25177 LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (Do luajit luajit luajit luajit
CVE CVE-2024-25176 LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c. luajit luajit luajit luajit
CVE CVE-2026-13698 A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers with a valid tls-cry openvpn openvpn openvpn openvpn openvpn openvpn
CVE CVE-2026-13122 OpenVPN version 2.6.0 through 2.6.20 and 2.7_alpha1 through 2.7.4 allows remote attackers to cause a denial of service via a malformed authentication openvpn openvpn openvpn openvpn
CVE CVE-2026-59858 Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the t vim vim vim vim vim vim vim vim vim vim vim vim
CVE CVE-2026-59857 Vim is an open source, command line text editor. Prior to 9.2.0725, the single-byte branch of spell_soundfold_sal() in src/spell.c translates a word vim vim vim vim vim vim vim vim vim vim vim vim
CVE CVE-2026-59856 Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a vim vim vim vim vim vim vim vim vim vim vim vim
CVE CVE-2026-59939 httplib2 is a comprehensive HTTP client library for Python. Prior to 0.32.0, httplib2 performs unbounded decompression of HTTP response bodies encode python-httplib2 python-httplib2 python-httplib2 python-httplib2 python-httplib2 python-httplib2
CVE CVE-2026-56109 The Advanced Linux Sound Architecture (ALSA) library before 1.2.16.1 contains a double-free vulnerability in parse_def() in src/conf.c that allows at alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib
CVE CVE-2026-49261 MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8 mariadb mariadb mariadb mariadb
CVE CVE-2026-48165 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11 mariadb mariadb mariadb mariadb
CVE CVE-2026-48163 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11 mariadb mariadb mariadb mariadb
CVE CVE-2026-44173 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11 mariadb mariadb mariadb mariadb



About   -   Send Feedback to @ubuntu_updates