Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2154780 | [SRU] Include libcrypt-dev in build-essential for resolute | build-essential build-essential |
| Launchpad | 2150297 | nautilus have frequent crashes while navigating fast through directories on 26.04 release | gtk4 gtk4 |
| Launchpad | 2154281 | [SRU] [MRE] Update gtk4 to 4.22.4 | gtk4 gtk4 |
| CVE | CVE-2025-48924 | Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with commons-lang:commons-lang 2.0 to | libcommons-lang-java libcommons-lang3-java libcommons-lang-java libcommons-lang-java libcommons-lang3-java libcommons-lang-java |
| CVE | CVE-2026-34293 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45. Easily ex | mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-34278 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Eas | mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-34267 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Eas | mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-42006 | An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-40020 | Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes fol | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-40016 | Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-33603 | Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-27851 | When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-35240 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4 | mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-35239 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4 | mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-35238 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 an | mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-35237 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 an | mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-35236 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 an | mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-34319 | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4 | mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-34318 | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4 | mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-34317 | Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4 | mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
About
-
Send Feedback to @ubuntu_updates
