Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2025-10263 | Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Corte | linux-azure-nvidia |
| Launchpad | 2156472 | net: mana: Fix TOCTOU double-fetch of hwc_msg_id from DMA buffer | linux-azure-nvidia |
| Launchpad | 2155222 | [hyperv] Ensure MMIO Mapping is Correct for Kexec / kdump kernel on Azure v6 Instance Types | linux-azure-nvidia |
| Launchpad | 2155434 | net: mana: Avoid queue struct allocation failure under memory fragmentation | linux-azure-nvidia |
| Launchpad | 2156920 | Fix MANA RX queue creation/error-cleanup path issues when RXQ initialization fails partway through | linux-azure-nvidia |
| Launchpad | 2157545 | azure: backport \ | linux-azure-nvidia |
| Launchpad | 2158920 | noble-stable-2026-06-16 dropped a bracket causing FTBFS | linux-azure-nvidia |
| CVE | CVE-2026-5773 | libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequen | curl curl curl curl |
| CVE | CVE-2026-12064 | When a user invokes curl using a schemeless URL combined with `--proto-default` sftp (or scp), a disconnect occurs between the tool layer and libcurl | curl curl curl curl |
| CVE | CVE-2026-11586 | By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a | curl curl |
| CVE | CVE-2026-11564 | libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle th | curl curl |
| CVE | CVE-2026-11352 | An issue in curl’s QUIC UDP receive function allows a malicious HTTP/3 server to trigger a remote denial of service against a curl or libcurl client. | curl curl |
| CVE | CVE-2026-10536 | A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via `CURLOPT_STREAM_DEPENDS` or `CUR | curl curl curl curl curl curl |
| Launchpad | 2158262 | Please drop pollinate from the default installed set in ubuntu server | ubuntu-meta |
| CVE | CVE-2026-24660 | A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file | libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw |
| CVE | CVE-2026-24450 | An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious fi | libraw libraw libraw libraw libraw libraw libraw libraw |
| CVE | CVE-2026-21413 | A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A speciall | libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw |
| CVE | CVE-2026-20889 | A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file | libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw |
| CVE | CVE-2026-20884 | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can l | libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw |
| CVE | CVE-2026-5342 | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw | libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw |
About
-
Send Feedback to @ubuntu_updates