Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2122458 | Password re-entry popup does not appear on incorrect password entry with WPA3 networks | network-manager network-manager |
| Launchpad | 2140756 | [SRU] base-files update for 24.04.4 release | base-files |
| Launchpad | 2138596 | Add HP EliteBoard mic mute key mapping | systemd-hwe systemd-hwe |
| Launchpad | 2140344 | [SRU] drivers/usb/cdns3 module path missing | initramfs-tools |
| CVE | CVE-2026-1767 | Heap Buffer Overflow in GNOME localsearch MP3 Extractor | tracker-miners tracker-miners tracker-miners tracker-miners tracker-miners tracker-miners |
| CVE | CVE-2026-1766 | Heap Buffer Overflow in GNOME localsearch MP3 Extractor (ID3v2.3 COMM Tags) | tracker-miners tracker-miners tracker-miners tracker-miners tracker-miners tracker-miners |
| CVE | CVE-2026-1765 | Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX Tags) | tracker-miners tracker-miners tracker-miners tracker-miners tracker-miners tracker-miners |
| CVE | CVE-2026-1764 | Heap Buffer Overflow in GNOME localsearch MP3 Extractor | tracker-miners tracker-miners tracker-miners tracker-miners tracker-miners tracker-miners |
| CVE | CVE-2026-0865 | User-controlled header names and values containing newlines can allow injecting HTTP headers. | python3.13 python3.14 python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 python3.14 python3.13 python3.12 python3.12 |
| CVE | CVE-2026-0672 | When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all contro | python3.13 python3.14 python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 python3.14 python3.13 python3.12 python3.12 |
| CVE | CVE-2025-15367 | The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containin | python3.13 python3.14 python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 python3.14 python3.13 python3.12 python3.12 |
| CVE | CVE-2025-15366 | The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containi | python3.13 python3.14 python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 python3.14 python3.13 python3.12 python3.12 |
| CVE | CVE-2025-15282 | User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype. | python3.13 python3.14 python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 python3.14 python3.13 python3.12 python3.12 |
| CVE | CVE-2025-13837 | When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues | python3.13 python3.14 python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 python3.14 python3.13 python3.12 python3.12 |
| CVE | CVE-2025-12084 | When building nested elements using xml.dom.minidom methods such as appendChild() that have a dependency on _clear_id_cache() the algorithm is quadra | python3.13 python3.14 python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 python3.14 python3.13 python3.12 python3.12 |
| CVE | CVE-2025-11468 | When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be us | python3.13 python3.14 python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 python3.14 python3.13 python3.12 python3.12 |
| CVE | CVE-2026-1489 | A flaw was found in GLib. An integer overflow vulnerability in its Unicode case conversion implementation can lead to memory corruption. By processin | glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 |
| CVE | CVE-2026-1485 | A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a | glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 |
| CVE | CVE-2026-1484 | A flaw was found in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calcu | glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 glib2.0 |
| Launchpad | 2106791 | Emerald Rapids cannot be used as Sapphire Rapids on Ubuntu due to TSX features | libvirt libvirt |
About
-
Send Feedback to @ubuntu_updates
