Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2141683 | [Mana][Backport] net: mana: Implement ndo_tx_timeout and serialize queue resets per port | linux-azure-nvidia-6.17 |
| Launchpad | 2141780 | r8127 module unload triggers NAPI WARN in netif_napi_del_locked() | linux-azure-nvidia-6.17 |
| Launchpad | 2142160 | Backport NVIDIA: SAUCE: vfio/nvgrace-egm: split zapping EGM into 1GB chunks | linux-azure-nvidia-6.17 |
| Launchpad | 2142694 | Replace mt7925 country-specific regulatory requirements series with upstream version | linux-azure-nvidia-6.17 |
| Launchpad | 2140368 | [Mana_IB][RDMA][Backport] RDMA/mana_ib: Take CQ type from the device type | linux-azure-nvidia linux-azure-nvidia-6.17 |
| Launchpad | 2143384 | [SRU] Fix glxgears FPS drop on Intel Arrow Lake systems | mutter mutter |
| Launchpad | 2064716 | gnome-terminal darkened by visual bell during screensaver | mutter mutter |
| CVE | CVE-2019-6462 | An issue was discovered in cairo 1.16.0. There is an infinite loop in the function _arc_error_normalized in the file cairo-arc.c, related to _arc_max | cairo cairo cairo cairo |
| CVE | CVE-2019-6461 | An issue was discovered in cairo 1.16.0. There is an assertion problem in the function _cairo_arc_in_direction in the file cairo-arc.c. | cairo cairo cairo cairo |
| CVE | CVE-2017-9814 | cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling | cairo cairo cairo cairo |
| CVE | CVE-2026-33056 | tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir func | rust-tar rust-cargo-c rust-tar rust-tar rust-tar rust-cargo-c rust-tar rust-tar |
| Launchpad | 2129178 | Can not boot qemu VMs using ParaVirtual SCSI controllers with Ubuntu 24.04 | edk2 edk2 edk2 edk2 |
| CVE | CVE-2025-61594 | URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix | ruby3.3 ruby3.2 ruby3.0 ruby3.3 ruby3.2 ruby3.0 |
| Launchpad | 2146451 | Remove cert pinning for upcoming expiration | pollinate pollinate pollinate pollinate pollinate pollinate |
| CVE | CVE-2026-0394 | When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowe | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-27859 | A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-27858 | Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can for | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-27857 | Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnec | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-27856 | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the conf | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-27855 | Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, the | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
About
-
Send Feedback to @ubuntu_updates
