Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-8376 | Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_stu | perl perl perl perl perl perl |
| CVE | CVE-2026-42496 | Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() | perl perl perl perl |
| CVE | CVE-2026-10879 | DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL pla | libdbi-perl libdbi-perl libdbi-perl libdbi-perl libdbi-perl libdbi-perl libdbi-perl libdbi-perl |
| CVE | CVE-2026-9698 | DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleEr | libdbi-perl libdbi-perl libdbi-perl libdbi-perl libdbi-perl libdbi-perl libdbi-perl libdbi-perl |
| CVE | CVE-2026-53689 | libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This | libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs |
| Launchpad | 2156612 | /usr/libexec/fwupd/fwupd:11:fu_udev_device_ioctl:fu_ioctl_execute:fu_block_device_sg_io_cmd_none:fu_genesys_gl32xx_device_cmd_reset_usb:fu_genesys_gl | fwupd fwupd fwupd fwupd fwupd fwupd fwupd fwupd |
| Launchpad | 2156479 | /usr/libexec/fwupd/fwupd:11:FU_FIRMWARE_GET_CLASS:fu_firmware_parse_stream:fu_mtd_device_read_firmware:fu_plugin_device_read_firmware:fu_plugin_runne | fwupd fwupd fwupd fwupd fwupd fwupd fwupd fwupd |
| Launchpad | 2156480 | [SRU] fwupdmgr incorrectly asks for recovery key and crashes | fwupd fwupd fwupd fwupd fwupd fwupd fwupd fwupd |
| Launchpad | 2148183 | [SRU] fwupdmgr asks for recovery key | fwupd fwupd fwupd fwupd |
| CVE | CVE-2020-29260 | libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). | libvncserver libvncserver |
| CVE | CVE-2026-32854 | LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within h | libvncserver libvncserver libvncserver libvncserver libvncserver libvncserver |
| CVE | CVE-2026-32853 | LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler tha | libvncserver libvncserver libvncserver libvncserver libvncserver libvncserver |
| CVE | CVE-2026-44988 | LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048- | libvncserver libvncserver libvncserver libvncserver libvncserver libvncserver libvncserver libvncserver |
| Launchpad | 2154038 | [SRU] Thumbnailer packages not included in the ubuntu-desktop-minimal install | ubuntu-meta |
| Launchpad | 2157782 | doca-ofed-26-01-dkms build failure for resolute 7.0.0-28 lmm | doca-ofed-26.01-dkms |
| CVE | CVE-2026-1757 | A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not prop | libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2026-46595 | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than pu | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| CVE | CVE-2026-39834 | When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the w | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| CVE | CVE-2026-39831 | The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| CVE | CVE-2026-39830 | A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked gor | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
About
-
Send Feedback to @ubuntu_updates
