UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
Launchpad 2154780 [SRU] Include libcrypt-dev in build-essential for resolute build-essential build-essential
Launchpad 2150297 nautilus have frequent crashes while navigating fast through directories on 26.04 release gtk4 gtk4
Launchpad 2154281 [SRU] [MRE] Update gtk4 to 4.22.4 gtk4 gtk4
CVE CVE-2025-48924 Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to libcommons-lang-java libcommons-lang3-java libcommons-lang-java libcommons-lang-java libcommons-lang3-java libcommons-lang-java
CVE CVE-2026-34293 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily ex mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0
CVE CVE-2026-34278 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Eas mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0
CVE CVE-2026-34267 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Eas mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0
CVE CVE-2026-42006 An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot
CVE CVE-2026-40020 Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes fol dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot
CVE CVE-2026-40016 Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot
CVE CVE-2026-33603 Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot
CVE CVE-2026-27851 When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot
CVE CVE-2026-35240 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0
CVE CVE-2026-35239 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0
CVE CVE-2026-35238 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 an mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0
CVE CVE-2026-35237 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 an mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0
CVE CVE-2026-35236 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 an mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0
CVE CVE-2026-34319 Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0
CVE CVE-2026-34318 Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0
CVE CVE-2026-34317 Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0



About   -   Send Feedback to @ubuntu_updates