Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-32597 | PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 | pyjwt pyjwt pyjwt |
| CVE | CVE-2026-2921 | GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on | gst-plugins-base1.0 gst-plugins-base1.0 gst-plugins-base1.0 gst-plugins-base1.0 gst-plugins-base1.0 gst-plugins-base1.0 |
| CVE | CVE-2026-30922 | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncont | pyasn1 pyasn1 pyasn1 pyasn1 pyasn1 pyasn1 pyasn1 pyasn1 |
| CVE | CVE-2026-3085 | GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrar | gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 |
| CVE | CVE-2026-3083 | GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code | gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 |
| Launchpad | 2146450 | [BPO] sso-mib/0.8.0+ds-1 from resolute | sso-mib |
| Launchpad | 2115047 | \u201cPRIME Profiles\u201d option is disppeared in nvidia-settings on AMD + Nvidia platform | ubuntu-drivers-common ubuntu-drivers-common |
| Launchpad | 2000063 | RDP password is silently reset to a random passphrase if using autologin | gnome-control-center gnome-control-center |
| Launchpad | 2094834 | [SRU] Bump eeprom to support memory timings update in 16GB Pi 5 | rpi-eeprom |
| Launchpad | 2142762 | [SRU] Demote libde265 to Suggests | libheif libheif |
| Launchpad | 2133220 | add ID_NET_MANAGED_BY property support to jammy | systemd systemd |
| Launchpad | 2133159 | systemd-networkd does not respect ID_NET_MANAGED_BY in all cases | systemd systemd |
| Launchpad | 2128161 | [SRU][FFe] pi-kernel VC4-KMS not working with CM5 | rpi-eeprom rpi-eeprom |
| Launchpad | 2141296 | [00427578] Restarting systemd timer triggers service start off-schedule | systemd systemd systemd systemd |
| Launchpad | 2124206 | apparmor socketpair regression test needs fixing | apparmor apparmor |
| Launchpad | 2142792 | The busybox and nautilus profiles in 24.04 should be removed | apparmor apparmor |
| Launchpad | 2143863 | [SRU] AppArmor bugfixes for Noble | apparmor apparmor |
| CVE | CVE-2026-3591 | A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass | bind9 bind9 |
| CVE | CVE-2026-3119 | Authenticated query containing a TKEY record may cause named to terminate unexpectedly | bind9 bind9 |
| CVE | CVE-2026-3104 | Memory leak in code preparing DNSSEC proofs of non-existence | bind9 bind9 |
About
-
Send Feedback to @ubuntu_updates
