Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-43284 | In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can atta | linux |
| CVE | CVE-2026-43500 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA | linux |
| CVE | CVE-2026-46333 | In the Linux kernel, the following vulnerability has been resolved: ptrace: slightly saner 'get_dumpable()' logic The 'dumpability' of a task is fu | linux |
| Launchpad | 2153962 | net/rds: reset op_nents when zerocopy page pin fails | linux |
| Launchpad | 2152550 | Resolute update: v7.0.3 upstream stable release | linux |
| Launchpad | 2152552 | Resolute update: v7.0.4 upstream stable release | linux |
| Launchpad | 2152556 | Resolute update: v7.0.5 upstream stable release | linux |
| Launchpad | 2152558 | Resolute update: v7.0.6 upstream stable release | linux |
| Launchpad | 2148074 | \ | apparmor apparmor |
| Launchpad | 2146747 | [SRU] Add support for CS42L43B variant | alsa-ucm-conf alsa-ucm-conf alsa-ucm-conf |
| CVE | CVE-2026-6637 | Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user runni | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-6475 | Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgr | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-6477 | Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functi | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-6478 | Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-6472 | Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, inc | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-6474 | Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-6575 | Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read pa | postgresql-18 postgresql-18 postgresql-18 postgresql-18 |
| CVE | CVE-2026-6638 | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-17 |
| CVE | CVE-2026-6476 | SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The a | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-18 postgresql-18 postgresql-17 postgresql-17 |
| CVE | CVE-2026-6473 | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and wri | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
About
-
Send Feedback to @ubuntu_updates
