UbuntuUpdates

Bugs addressed in recent updates

Origin	Bug number	Title	Packages
CVE	CVE-2026-4480	Unauthenticated Remote Code Execution using print command	samba samba samba samba samba samba samba samba
CVE	CVE-2026-4408	Remote Code Execution in SAMR when check password script contains %u substitution placeholder	samba samba samba samba samba samba samba samba
CVE	CVE-2026-3238	unauthenticated udp packet crashes AD DC nbt server	samba samba samba samba samba samba samba samba
CVE	CVE-2026-3012	group policy certificate enrollment uses http:// without validation	samba samba samba samba samba samba samba samba
CVE	CVE-2026-2340	vfs_worm does not block directory modification	samba samba samba samba samba samba samba samba
CVE	CVE-2026-1933	Missing access check on reparse point operations	samba samba samba samba
CVE	CVE-2026-46300	In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() c	linux linux linux
Launchpad	2153556	Kernel regression (6.8.0-117.generic)	linux linux linux
CVE	CVE-2026-45130	Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when	vim vim vim vim vim vim vim vim vim vim vim vim vim vim
CVE	CVE-2026-44656	Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line	vim vim vim vim vim vim vim vim vim vim vim vim vim vim
CVE	CVE-2026-42307	Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin	vim vim vim vim vim vim vim vim vim vim vim vim vim vim
CVE	CVE-2026-40170	ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer tr	ngtcp2 ngtcp2
CVE	CVE-2026-41179	Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to	rclone rclone rclone rclone rclone rclone
CVE	CVE-2026-41176	Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is expose	rclone rclone rclone rclone rclone rclone rclone rclone
Launchpad	2152914	CVE-2026-41179	rclone rclone rclone rclone rclone rclone
Launchpad	2152913	CVE-2026-41176	rclone rclone rclone rclone rclone rclone rclone rclone
Launchpad	2152591	New upstream microrelease .NET 8.0.127/8.0.27	dotnet8 dotnet8 dotnet8 dotnet8 dotnet8 dotnet8
Launchpad	2152596	New upstream microrelease .NET 9.0.117/9.0.16	dotnet9 dotnet9
CVE	CVE-2026-42899	Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.	dotnet10 dotnet9 dotnet10 dotnet8 dotnet10 dotnet8 dotnet8 dotnet10 dotnet9 dotnet10 dotnet8 dotnet8 dotnet10 dotnet8
Launchpad	2152598	New upstream microrelease .NET 10.0.108/10.0.8	dotnet10 dotnet10 dotnet10 dotnet10 dotnet10 dotnet10

About - Send Feedback to @ubuntu_updates

Bugs addressed in recent updates

Share this page

Bookmarks

Latest updates

security

proposed

updates

PPA updates