Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-40170 | ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer tr | ngtcp2 ngtcp2 |
| CVE | CVE-2026-41179 | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to | rclone rclone rclone rclone rclone rclone |
| CVE | CVE-2026-41176 | Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is expose | rclone rclone rclone rclone rclone rclone rclone rclone |
| Launchpad | 2152914 | CVE-2026-41179 | rclone rclone rclone rclone rclone rclone |
| Launchpad | 2152913 | CVE-2026-41176 | rclone rclone rclone rclone rclone rclone rclone rclone |
| Launchpad | 2152591 | New upstream microrelease .NET 8.0.127/8.0.27 | dotnet8 dotnet8 dotnet8 dotnet8 dotnet8 dotnet8 |
| Launchpad | 2152596 | New upstream microrelease .NET 9.0.117/9.0.16 | dotnet9 dotnet9 |
| CVE | CVE-2026-42899 | Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network. | dotnet10 dotnet9 dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet9 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8 |
| Launchpad | 2152598 | New upstream microrelease .NET 10.0.108/10.0.8 | dotnet10 dotnet10 dotnet10 dotnet10 dotnet10 dotnet10 |
| CVE | CVE-2026-31676 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE pack | linux linux |
| CVE | CVE-2026-43284 | In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can atta | linux linux linux linux |
| CVE | CVE-2026-43500 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA | linux linux linux linux |
| CVE | CVE-2026-46333 | In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fu | linux linux linux linux |
| Launchpad | 2153962 | net/rds: reset op_nents when zerocopy page pin fails | linux linux linux linux |
| Launchpad | 2152550 | Resolute update: v7.0.3 upstream stable release | linux |
| Launchpad | 2152552 | Resolute update: v7.0.4 upstream stable release | linux |
| Launchpad | 2152556 | Resolute update: v7.0.5 upstream stable release | linux |
| Launchpad | 2152558 | Resolute update: v7.0.6 upstream stable release | linux |
| Launchpad | 2148074 | \ | apparmor apparmor |
| Launchpad | 2146747 | [SRU] Add support for CS42L43B variant | alsa-ucm-conf alsa-ucm-conf alsa-ucm-conf |
About
-
Send Feedback to @ubuntu_updates
