Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-50538 | Attacker-controlled heap out-of-bounds write in libvncclient Tight decoder | libvncserver libvncserver libvncserver libvncserver |
| CVE | CVE-2026-58055 | nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-ali | nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 |
| Launchpad | 2158238 | [Potential regression] ubuntu_lttng_smoke_test failed with R/linux 7.0.0-28.28 | lttng-modules |
| Launchpad | 2091957 | [SRU] libheif cannot open iOS 18 HEIC files | libheif libheif |
| Launchpad | 2150220 | \ | gnome-initial-setup |
| Launchpad | 2144629 | [SRU exception] backport 5.55 to Noble and Questing | autopkgtest |
| Launchpad | 2103533 | plymouth crashes with SIGSEGV in ply_terminal_set_disabled_input() from open_input_source() [drm.so] from ply_renderer_open_input_source() | plymouth plymouth |
| Launchpad | 2157984 | [SRU] at-spi2-core 2.60.4 | at-spi2-core |
| Launchpad | 2158479 | [SRU] crystal-dock appears frozen when upgraded from 24.04 to 26.04 | budgie-desktop-environment |
| CVE | CVE-2026-23631 | Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-repl | valkey valkey valkey |
| CVE | CVE-2026-25243 | Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values | valkey valkey valkey |
| CVE | CVE-2026-23479 | Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `pro | valkey valkey valkey |
| Launchpad | 2151296 | Update Valkey to 7.2.13 in noble, 8.1.7 in questing, and 9.0.4 in resolute and stonking | valkey valkey valkey |
| Launchpad | 2055825 | fips-updates: upgrade from 20.04 to 22.04 fails | ubuntu-release-upgrader ubuntu-release-upgrader |
| CVE | CVE-2026-55200 | libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bo | libssh2 libssh2 libssh2 libssh2 |
| CVE | CVE-2026-55199 | libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src | libssh2 libssh2 libssh2 libssh2 libssh2 libssh2 |
| CVE | CVE-2025-15661 | libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that | libssh2 libssh2 libssh2 libssh2 libssh2 libssh2 |
| Launchpad | 2153395 | [SRU] Fix resource assignment in gc1101 firmware | linux-firmware-amd-graphics |
| Launchpad | 2147396 | AMD Ryzen did not response after system enter suspend | linux-firmware-amd-graphics |
| CVE | CVE-2026-11526 | GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle. GD::Ima | libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl |
About
-
Send Feedback to @ubuntu_updates