Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-49975 | Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. T | nginx nginx nginx nginx nginx nginx nginx nginx |
| Launchpad | 2147084 | [SRU] Add support for new Elan device 04f3:0ca8 | libfprint libfprint libfprint libfprint |
| Launchpad | 2155963 | [SRU] sonic-pi crashes at launch | sonic-pi |
| Launchpad | 2148474 | PackageKit ignores \ | packagekit packagekit |
| CVE | CVE-2026-9277 | shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-esc | node-shell-quote node-shell-quote node-shell-quote node-shell-quote |
| CVE | CVE-2026-44064 | An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or c | netatalk netatalk |
| CVE | CVE-2026-44062 | A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to execute arbitr | netatalk netatalk |
| CVE | CVE-2026-44060 | An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of service via a c | netatalk netatalk |
| CVE | CVE-2026-44055 | A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS commands and execut | netatalk netatalk |
| CVE | CVE-2026-44052 | Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files t | netatalk netatalk |
| CVE | CVE-2026-44051 | An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary files or overwrite | netatalk netatalk |
| CVE | CVE-2026-44050 | A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated attacker to execute | netatalk netatalk |
| CVE | CVE-2026-44049 | An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker t | netatalk netatalk |
| CVE | CVE-2026-44048 | A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to | netatalk netatalk |
| CVE | CVE-2026-44047 | An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to obtain unauthorize | netatalk netatalk |
| CVE | CVE-2026-40199 | Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentin | libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl |
| CVE | CVE-2026-40198 | Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that un | libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl libnet-cidr-lite-perl |
| Launchpad | 2155874 | rsync 3.4.4 security regression bugfix tracking bug | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-3608 | Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA list | isc-kea isc-kea isc-kea isc-kea |
| CVE | CVE-2026-41079 | OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can | cups cups cups cups cups cups cups cups |
About
-
Send Feedback to @ubuntu_updates
