UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-50538 Attacker-controlled heap out-of-bounds write in libvncclient Tight decoder libvncserver libvncserver libvncserver libvncserver
CVE CVE-2026-58055 nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-ali nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2
Launchpad 2158238 [Potential regression] ubuntu_lttng_smoke_test failed with R/linux 7.0.0-28.28 lttng-modules
Launchpad 2091957 [SRU] libheif cannot open iOS 18 HEIC files libheif libheif
Launchpad 2150220 \ gnome-initial-setup
Launchpad 2144629 [SRU exception] backport 5.55 to Noble and Questing autopkgtest
Launchpad 2103533 plymouth crashes with SIGSEGV in ply_terminal_set_disabled_input() from open_input_source() [drm.so] from ply_renderer_open_input_source() plymouth plymouth
Launchpad 2157984 [SRU] at-spi2-core 2.60.4 at-spi2-core
Launchpad 2158479 [SRU] crystal-dock appears frozen when upgraded from 24.04 to 26.04 budgie-desktop-environment
CVE CVE-2026-23631 Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-repl valkey valkey valkey
CVE CVE-2026-25243 Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values valkey valkey valkey
CVE CVE-2026-23479 Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `pro valkey valkey valkey
Launchpad 2151296 Update Valkey to 7.2.13 in noble, 8.1.7 in questing, and 9.0.4 in resolute and stonking valkey valkey valkey
Launchpad 2055825 fips-updates: upgrade from 20.04 to 22.04 fails ubuntu-release-upgrader ubuntu-release-upgrader
CVE CVE-2026-55200 libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bo libssh2 libssh2 libssh2 libssh2
CVE CVE-2026-55199 libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src libssh2 libssh2 libssh2 libssh2 libssh2 libssh2
CVE CVE-2025-15661 libssh2 through 1.11.1, fixed in commit 2dae302, contains an out-of-bounds heap read vulnerability in the sftp_symlink() function in src/sftp.c that libssh2 libssh2 libssh2 libssh2 libssh2 libssh2
Launchpad 2153395 [SRU] Fix resource assignment in gc1101 firmware linux-firmware-amd-graphics
Launchpad 2147396 AMD Ryzen did not response after system enter suspend linux-firmware-amd-graphics
CVE CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle. GD::Ima libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl libgd-perl



About   -   Send Feedback to @ubuntu_updates