Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2146867 | [SRU] Fixing screen rotation failure when using FBC | xorg-server xorg-server |
| CVE | CVE-2026-32875 | UltraJSON is a fast JSON encoder and decoder written in pure C with bi ... | ujson ujson ujson ujson |
| CVE | CVE-2026-32874 | UltraJSON is a fast JSON encoder and decoder written in pure C with bi ... | ujson ujson ujson ujson |
| Launchpad | 2150116 | dovecot-core: passdb path normalization broken | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-39881 | Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious | vim vim vim vim vim vim vim vim vim vim vim |
| CVE | CVE-2026-35177 | Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary f | vim vim vim vim vim vim vim |
| Launchpad | 2143602 | Backport arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults | linux-nvidia-tegra |
| Launchpad | 2143866 | Long build times due to running dh_install on each module individually | linux-nvidia-tegra-modules-signed |
| CVE | CVE-2026-32647 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-28755 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when c | nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-28753 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS respon | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-27784 | The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or o | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-27654 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-27651 | When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-41254 | Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. | lcms2 lcms2 lcms2 lcms2 lcms2 lcms2 lcms2 lcms2 |
| CVE | CVE-2026-40192 | Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, | pillow pillow pillow pillow pillow pillow pillow pillow |
| CVE | CVE-2026-20031 | A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of servic | clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav |
| CVE | CVE-2026-33555 | An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced conten | haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy |
| Launchpad | 2131790 | RGW - etag not returned on multipart upload | ceph ceph |
| Launchpad | 2146833 | sru cloud-init (26.1) Jammy, Noble and Questing | cloud-init cloud-init cloud-init cloud-init |
About
-
Send Feedback to @ubuntu_updates
