Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-48913 | Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-44631 | Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: fr | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-44186 | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled ba | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-44185 | Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-44119 | Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-43951 | Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects Apache HTTP | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-42536 | Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTT | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-42535 | A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-34356 | Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-34355 | A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgra | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-29170 | A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing F | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-29167 | Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 th | apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-20244 | A vulnerability in the DMG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other e | clamav clamav clamav clamav clamav clamav |
| CVE | CVE-2026-20243 | A vulnerability in the ALZ file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other e | clamav clamav clamav clamav clamav clamav |
| CVE | CVE-2026-20217 | A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly othe | clamav clamav clamav clamav clamav clamav |
| CVE | CVE-2026-20216 | A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affe | clamav clamav clamav clamav clamav clamav |
| CVE | CVE-2026-20215 | A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other ex | clamav clamav clamav clamav clamav clamav |
| CVE | CVE-2026-20214 | A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other e | clamav clamav clamav clamav clamav clamav |
| CVE | CVE-2026-20213 | A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other ex | clamav clamav clamav clamav clamav clamav |
| CVE | CVE-2024-54661 | readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. | socat socat |
About
-
Send Feedback to @ubuntu_updates