Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-0665 | An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QE | qemu qemu qemu qemu qemu qemu qemu qemu |
| CVE | CVE-2025-14876 | A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, lea | qemu qemu qemu qemu qemu qemu qemu qemu |
| CVE | CVE-2025-12464 | A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding short frames was dropped from individual network devic | qemu qemu qemu qemu qemu qemu qemu qemu |
| CVE | CVE-2025-11234 | A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to | qemu qemu qemu qemu qemu qemu qemu qemu qemu qemu qemu qemu |
| CVE | CVE-2026-2781 | Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird | nss nss nss nss nss nss nss nss |
| CVE | CVE-2026-2006 | Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffe | postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-2005 | Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. | postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-2004 | Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary cod | postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-2003 | Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viabili | postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| Launchpad | 2127668 | New PostgreSQL upstream microreleases 14.22, 16.13, and 17.9 | postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| Launchpad | 2138258 | [SRU] Add TWL IDs in Noble | intel-media-driver-non-free |
| CVE | CVE-2026-21863 | Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus | valkey valkey |
| CVE | CVE-2025-67733 | Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject | valkey valkey |
| Launchpad | 2142590 | Update Valkey to 7.2.12 in noble, 8.1.6 in questing, and 9.0.3 in resolute | valkey valkey |
| CVE | CVE-2025-31648 | Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adver | intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode |
| Launchpad | 2142200 | dovecot-core: OAuth2 JWT validation fails with client_id set but aud is missing when aud claim is an array | dovecot dovecot |
| Launchpad | 2142235 | linux-riscv-6.8 is FTBFS because of missing patches | linux-riscv-6.8 linux-riscv-6.8 |
| Launchpad | 2142139 | [SRU] libreoffice 25.8.5 for questing | libreoffice libreoffice libreoffice |
| Launchpad | 2142790 | CVE-2022-24765 regression fix broke config includes | git git git git |
| Launchpad | 2126923 | ovn_dhcp4_global_options doesn't support keys with a list of values | neutron neutron neutron neutron |
About
-
Send Feedback to @ubuntu_updates
