Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2152101 | [SRU] Buffer overflow in _get_funcs | smbus2 |
| Launchpad | 2148367 | [SRU - Resolute] Background service collides with the first-time setup dialog | bazaar |
| Launchpad | 2080474 | [SRU] cannot install Ubuntu Server over a multipath disk used as an LVM PV | livecd-rootfs |
| Launchpad | 2147525 | [SRU] tc/tbf, tc/htb: Burst parameter capped at 4GB even though kernel can handle larger values | iproute2 iproute2 iproute2 iproute2 |
| Launchpad | 2151297 | App names are always in English | resources |
| Launchpad | 2152092 | sg_wr_mode rejects every --contents= and --cfile= argument with \ | sg3-utils |
| Launchpad | 2153023 | Rapid photo downloader's device detection does not work any more in 26.04 | rapid-photo-downloader |
| Launchpad | 2153123 | [SRU] localsearch-extractor-office fails to install: file conflict with tracker-extract on libextract-epub.so | localsearch localsearch |
| Launchpad | 2155045 | Mesa 26.0.8 bugfix release | mesa mesa |
| Launchpad | 2146560 | [FFe + SRU] edk2: Introduce FirmwareSecvarUpdater for MS 2023 CA rollout | edk2 edk2 edk2 edk2 virt-firmware edk2 edk2 |
| Launchpad | 2155270 | d/tests/secvar_update.py: GPL-3.0-only license incompatible with virt-firmware GPL-2.0-only | edk2-hwe edk2 edk2-hwe edk2 |
| Launchpad | 2153530 | libvirt: excessive memory allocation / OOM when physical_package_id is large | libvirt-hwe libvirt libvirt-hwe libvirt libvirt libvirt libvirt libvirt libvirt libvirt |
| CVE | CVE-2026-6843 | A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a nam | nano nano nano nano nano nano nano nano nano nano nano nano nano nano nano nano |
| CVE | CVE-2026-6842 | A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead | nano nano nano nano nano nano nano nano nano nano nano nano nano nano nano nano |
| Launchpad | 2154265 | Unattended-Upgrade will upgrade 6.17.0-1023-oem kernel without nvidia-driver | linux-restricted-signatures-oem-6.17 linux-restricted-modules-oem-6.17 linux-meta-oem-6.17 linux-restricted-signatures-oem-6.17 linux-restricted-modules-oem-6.17 linux-meta-oem-6.17 linux-restricted-modules-oem-7.0 linux-restricted-signatures-oem-7.0 linux-restricted-modules-oem-7.0 |
| CVE | CVE-2026-5090 | Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quo | libtemplate-perl libtemplate-perl libtemplate-perl libtemplate-perl libtemplate-perl libtemplate-perl libtemplate-perl libtemplate-perl |
| CVE | CVE-2026-8368 | LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects. On a 3xx response, the re | libwww-perl libwww-perl libwww-perl libwww-perl libwww-perl libwww-perl libwww-perl libwww-perl |
| CVE | CVE-2026-42304 | Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to | twisted twisted twisted twisted twisted twisted twisted twisted |
| CVE | CVE-2026-44432 | urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portio | python-urllib3 python-urllib3 |
| CVE | CVE-2026-44431 | urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.conn | python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 |
About
-
Send Feedback to @ubuntu_updates
