Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-42945 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| Launchpad | 2152577 | CVE-2026-42945: heap-based buffer overflow in ngx_http_rewrite_module (NGINX Rift) | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| Launchpad | 2152202 | EXIM-Security-2026-05-01.1 security tracking bug | exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 |
| CVE | CVE-2026-24401 | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daem | avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi |
| CVE | CVE-2026-34933 | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileg | avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi |
| CVE | CVE-2026-5172 | A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malform | dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq |
| CVE | CVE-2026-4893 | An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subn | dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq |
| CVE | CVE-2026-4892 | A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root pri | dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq |
| CVE | CVE-2026-4891 | A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted | dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq |
| CVE | CVE-2026-4890 | A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS pa | dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq |
| CVE | CVE-2026-2291 | dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could r | dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq dnsmasq |
| Launchpad | 2152194 | perf_cpu_map__merge fails to compile on ppc46el, s390x on noble linux | linux |
| CVE | CVE-2026-25965 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’ | imagemagick imagemagick |
| CVE | CVE-2026-25898 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and | imagemagick imagemagick |
| CVE | CVE-2026-25897 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer O | imagemagick imagemagick |
| CVE | CVE-2026-25799 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic erro | imagemagick imagemagick |
| CVE | CVE-2026-25798 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL point | imagemagick imagemagick |
| CVE | CVE-2026-25797 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coder | imagemagick imagemagick |
| CVE | CVE-2026-25796 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEG | imagemagick imagemagick |
| CVE | CVE-2026-25795 | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWI | imagemagick imagemagick |
About
-
Send Feedback to @ubuntu_updates
