Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2025-61919 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, `Rack::Request#POST` reads the entire request body into mem | ruby-rack ruby-rack ruby-rack ruby-rack ruby-rack |
| CVE | CVE-2025-61780 | Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in | ruby-rack ruby-rack ruby-rack ruby-rack ruby-rack |
| CVE | CVE-2025-61771 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields ( | ruby-rack ruby-rack ruby-rack ruby-rack ruby-rack |
| CVE | CVE-2025-61772 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data | ruby-rack ruby-rack ruby-rack ruby-rack ruby-rack |
| CVE | CVE-2025-61770 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart p | ruby-rack ruby-rack ruby-rack ruby-rack ruby-rack |
| Launchpad | 2061609 | debcheckout and chdist raise Perl errors | devscripts |
| Launchpad | 2136104 | numactl gives \ | numactl |
| Launchpad | 2127665 | Backport of openldap for jammy, noble and questing | openldap openldap openldap openldap |
| Launchpad | 2121816 | enable ppm module in slapd-contrib | openldap openldap openldap openldap openldap openldap |
| Launchpad | 2125685 | pbkdf2 needs configurable hashing rounds for FIPS 140-3 | openldap openldap openldap openldap openldap openldap |
| Launchpad | 2119884 | slapd missing apparmor profile, and when applied, fails to start under systemd | openldap openldap |
| CVE | CVE-2026-22801 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6. | libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 |
| CVE | CVE-2026-22695 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6. | libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 |
| CVE | CVE-2025-66293 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to | libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 |
| CVE | CVE-2025-66570 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled HTTP he | cpp-httplib cpp-httplib cpp-httplib cpp-httplib |
| CVE | CVE-2024-53846 | OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a se | erlang erlang erlang erlang |
| CVE | CVE-2024-8373 | Improper sanitization of the value of the [srcset] attribute in <source> HTML elements in AngularJS allows attackers to bypass common image source re | angular.js angular.js angular.js angular.js angular.js angular.js |
| CVE | CVE-2025-2336 | Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS's 'ngSanitize' module allows atta | angular.js angular.js angular.js angular.js angular.js angular.js |
| CVE | CVE-2025-0716 | Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '<image>' SVG elements in AngularJS allows attackers to bypass common | angular.js angular.js angular.js angular.js angular.js angular.js |
| CVE | CVE-2024-8372 | Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also | angular.js angular.js angular.js angular.js angular.js angular.js |
About
-
Send Feedback to @ubuntu_updates
