Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2154038 | [SRU] Thumbnailer packages not included in the ubuntu-desktop-minimal install | ubuntu-meta |
| Launchpad | 2157782 | doca-ofed-26-01-dkms build failure for resolute 7.0.0-28 lmm | doca-ofed-26.01-dkms |
| CVE | CVE-2026-1757 | A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not prop | libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2026-46595 | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than pu | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| CVE | CVE-2026-39834 | When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the w | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| CVE | CVE-2026-39831 | The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| CVE | CVE-2026-39830 | A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked gor | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| CVE | CVE-2026-6732 | A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document | libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2026-55204 | HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that | haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy |
| CVE | CVE-2026-55203 | HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer | haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy |
| CVE | CVE-2026-46862 | Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General). Supported versions that are affected are 8.4.0-8.4.9 and 9. | mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-48142 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When content is served or proxied through a location blo | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-42055 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_proxy_v2_module and ngx_http_grpc_module modules. This vulnerability exists whe | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-46863 | Vulnerability in the MySQL Server, MySQL Cluster product of Oracle MySQL (component: Server: Connection Handling). Supported versions that are affec | mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
| CVE | CVE-2026-44068 | Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to write to | netatalk netatalk |
| CVE | CVE-2026-44066 | Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated attacker to ob | netatalk netatalk |
| CVE | CVE-2026-44057 | A dead bounds check in the Spotlight RPC unmarshaller in Netatalk 3.0.0 through 4.4.2 results in an unreachable code path that provides no effective | netatalk netatalk |
| CVE | CVE-2025-39930 | In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() | linux |
| CVE | CVE-2026-43067 | In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Co | linux |
| CVE | CVE-2026-43049 | In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation fai | linux |
About
-
Send Feedback to @ubuntu_updates
