Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-5958 | When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem op | sed sed sed sed sed sed sed sed |
| CVE | CVE-2026-40687 | In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes | exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 |
| CVE | CVE-2026-40686 | In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF- | exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 |
| CVE | CVE-2026-40685 | In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrus | exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 |
| CVE | CVE-2026-4068 | The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is | exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 |
| Launchpad | 2150547 | Resolute update: v7.0.1 upstream stable release | linux |
| Launchpad | 2150553 | Resolute update: v7.0.2 upstream stable release | linux |
| Launchpad | 2146952 | [BPO] libreoffice 25.8.6 for jammy/noble | libreoffice libreoffice libreoffice libreoffice |
| CVE | CVE-2026-31431 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commi | kmod kmod kmod kmod kmod kmod |
| Launchpad | 2150743 | kmod algif_aead disable tracking bug | kmod kmod kmod kmod kmod kmod |
| Launchpad | 2076319 | Netplan generate is creating directories with incorrect permission | netplan.io |
| CVE | CVE-2026-35414 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certific | openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh |
| CVE | CVE-2026-35388 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh |
| CVE | CVE-2026-35387 | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is | openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh |
| CVE | CVE-2026-35386 | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the | openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh |
| CVE | CVE-2026-35385 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download | openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh |
| Launchpad | 2150561 | Resolute's /etc/os-release missing LTS string in VERSION | base-files |
| Launchpad | 2146867 | [SRU] Fixing screen rotation failure when using FBC | xorg-server xorg-server |
| CVE | CVE-2026-32875 | UltraJSON is a fast JSON encoder and decoder written in pure C with bi ... | ujson ujson ujson ujson |
| CVE | CVE-2026-32874 | UltraJSON is a fast JSON encoder and decoder written in pure C with bi ... | ujson ujson ujson ujson |
About
-
Send Feedback to @ubuntu_updates
