Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-53689 | libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This | libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs libnfs |
| Launchpad | 2156612 | /usr/libexec/fwupd/fwupd:11:fu_udev_device_ioctl:fu_ioctl_execute:fu_block_device_sg_io_cmd_none:fu_genesys_gl32xx_device_cmd_reset_usb:fu_genesys_gl | fwupd fwupd fwupd fwupd fwupd fwupd fwupd fwupd |
| Launchpad | 2156479 | /usr/libexec/fwupd/fwupd:11:FU_FIRMWARE_GET_CLASS:fu_firmware_parse_stream:fu_mtd_device_read_firmware:fu_plugin_device_read_firmware:fu_plugin_runne | fwupd fwupd fwupd fwupd fwupd fwupd fwupd fwupd |
| Launchpad | 2156480 | [SRU] fwupdmgr incorrectly asks for recovery key and crashes | fwupd fwupd fwupd fwupd fwupd fwupd fwupd fwupd |
| Launchpad | 2148183 | [SRU] fwupdmgr asks for recovery key | fwupd fwupd fwupd fwupd |
| CVE | CVE-2020-29260 | libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). | libvncserver libvncserver |
| CVE | CVE-2026-32854 | LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within h | libvncserver libvncserver libvncserver libvncserver libvncserver libvncserver |
| CVE | CVE-2026-32853 | LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler tha | libvncserver libvncserver libvncserver libvncserver libvncserver libvncserver |
| CVE | CVE-2026-44988 | LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048- | libvncserver libvncserver libvncserver libvncserver libvncserver libvncserver libvncserver libvncserver |
| Launchpad | 2154038 | [SRU] Thumbnailer packages not included in the ubuntu-desktop-minimal install | ubuntu-meta |
| Launchpad | 2157782 | doca-ofed-26-01-dkms build failure for resolute 7.0.0-28 lmm | doca-ofed-26.01-dkms |
| CVE | CVE-2026-1757 | A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not prop | libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2026-46595 | Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than pu | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| CVE | CVE-2026-39834 | When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the w | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| CVE | CVE-2026-39831 | The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| CVE | CVE-2026-39830 | A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked gor | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| CVE | CVE-2026-6732 | A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document | libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2026-55204 | HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src/hpack-tbl.c that | haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy |
| CVE | CVE-2026-55203 | HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgi_conn structure's drl field that allows buffer | haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy |
| CVE | CVE-2026-46862 | Vulnerability in the MySQL Router product of Oracle MySQL (component: Router: General). Supported versions that are affected are 8.4.0-8.4.9 and 9. | mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.4 mysql-8.4 mysql-8.0 mysql-8.0 mysql-8.0 mysql-8.0 |
About
-
Send Feedback to @ubuntu_updates
