Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2025-52936 | Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2. | sslh sslh sslh sslh |
| CVE | CVE-2026-48829 | In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = char | gsasl gsasl gsasl gsasl gsasl gsasl gsasl gsasl gsasl gsasl gsasl gsasl |
| CVE | CVE-2026-41054 | In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, whil | haveged haveged |
| CVE | CVE-2026-9256 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-42946 | A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read o | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-42934 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_ | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-40701 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optio | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-40460 | When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing | nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-6245 | A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to | sssd sssd sssd sssd sssd sssd sssd sssd sssd sssd sssd sssd |
| Launchpad | 2150734 | [SRU] libreoffice 25.8.7 for questing | libreoffice libreoffice libreoffice libreoffice |
| Launchpad | 2150525 | [SRU] libreoffice 26.2.3 for resolute | libreoffice libreoffice libreoffice libreoffice |
| Launchpad | 2153796 | Proton VPN app crashes on login | python-proton-vpn-api-core |
| Launchpad | 2143181 | Resolute real-time patchset: 7.0-rc1-rt1 | linux-gke |
| Launchpad | 2143203 | Adopting dark mode by default for OLED panel | linux-gke |
| Launchpad | 2143243 | NPU utilization on amdxdna is missing | linux-gke |
| Launchpad | 2139276 | [usrmerge] evaluate kernel owned packages for DEP17 compliance | linux-gke |
| Launchpad | 2143197 | UBUNTU: SAUCE: igc: Increase Thunderbolt MAC passthrough delay to 1000ms | linux-gke |
| Launchpad | 2142775 | Please make dracut the default initrd generator | linux-gke |
| Launchpad | 2144643 | 26.04 Snapdragon X Elite: Sync concept kernel changes | linux-gke |
| Launchpad | 2142403 | Ubuntu Resolute Desktop image arm64 - Boot on SC8280XP stalls with gpi-dma errors | linux-gke |
About
-
Send Feedback to @ubuntu_updates
