Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2139280 | [SRU] Please update to 20260116.00 | gce-compute-image-packages gce-compute-image-packages gce-compute-image-packages |
| Launchpad | 2139302 | [SRU] Please update to 20260116.00 | google-compute-engine-oslogin google-compute-engine-oslogin google-compute-engine-oslogin |
| Launchpad | 2139288 | [SRU] Please update to 20251028.00 | google-osconfig-agent google-osconfig-agent google-osconfig-agent |
| Launchpad | 2152641 | in Ubuntu Cinnamon 26.04 where the remote repositories for Applets, Desklets, and Extensions are not loading. The \u2018Download\u2019 section remain | cinnamon |
| Launchpad | 2152764 | [SRU] Black background instead of shadows when annotating in spectacle | kquickimageeditor |
| CVE | CVE-2026-40354 | Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack o | xdg-desktop-portal xdg-desktop-portal xdg-desktop-portal xdg-desktop-portal xdg-desktop-portal xdg-desktop-portal xdg-desktop-portal xdg-desktop-portal |
| CVE | CVE-2026-41163 | bubblewrap is a low-level unprivileged sandboxing tool. From version 0.11.0 to before version 0.11.2, if bubblewrap is installed in setuid mode then | bubblewrap bubblewrap bubblewrap bubblewrap |
| CVE | CVE-2026-45232 | Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c th | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-43620 | Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rs | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-43619 | Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unli | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-43618 | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-43617 | Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-41035 | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2025-10158 | A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array in | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-5056 | Integer overflows and out-of-bounds access in MOV/MP4 demuxer | gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 |
| CVE | CVE-2026-42010 | A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL ch | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-42011 | A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authoriti | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-3833 | A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically fo | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-3832 | A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol ( | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-33845 | A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reass | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
About
-
Send Feedback to @ubuntu_updates