Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-23631 | Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-repl | valkey valkey valkey |
| CVE | CVE-2026-25243 | Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values | valkey valkey valkey |
| CVE | CVE-2026-23479 | Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `pro | valkey valkey valkey |
| Launchpad | 2151296 | Update Valkey to 7.2.13 in noble, 8.1.7 in questing, and 9.0.4 in resolute and stonking | valkey valkey valkey |
| Launchpad | 2055825 | fips-updates: upgrade from 20.04 to 22.04 fails | ubuntu-release-upgrader ubuntu-release-upgrader |
| CVE | CVE-2026-55200 | libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bo | libssh2 libssh2 libssh2 libssh2 |
| CVE | CVE-2026-55199 | libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src | libssh2 libssh2 libssh2 libssh2 libssh2 libssh2 |
| CVE | CVE-2025-15661 | libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that | libssh2 libssh2 libssh2 libssh2 libssh2 libssh2 |
| Launchpad | 2153395 | [SRU] Fix resource assignment in gc1101 firmware | linux-firmware-amd-graphics |
| Launchpad | 2147396 | AMD Ryzen did not response after system enter suspend | linux-firmware-amd-graphics |
| CVE | CVE-2026-11526 | GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle. GD::Ima | libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl |
| CVE | CVE-2026-8632 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalati | hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip |
| CVE | CVE-2026-8631 | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalati | hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip hplip |
| CVE | CVE-2026-41401 | libyang before 5.2.6 contains a heap use-after-free write vulnerability in lyd_parser_set_data_flags that incorrectly updates metadata list pointers | libyang libyang libyang libyang libyang libyang libyang libyang |
| CVE | CVE-2026-12318 | Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152. | nss nss nss nss nss nss nss nss nss nss |
| CVE | CVE-2026-49271 | libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed | libheif libheif libheif libheif |
| CVE | CVE-2026-11824 | SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a cras | sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 |
| CVE | CVE-2026-11822 | SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, | sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 sqlite3 |
| Launchpad | 2147329 | [SRU] openvswitch 3.3.9 point release | openvswitch openvswitch |
| Launchpad | 2154006 | [SRU] openvswitch 2.17.12 point release | openvswitch openvswitch |
About
-
Send Feedback to @ubuntu_updates