Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-45700 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write whe | freerdp3 freerdp3 freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 |
| Debian | 1139318 | cups-filters: parport_pc shouldn't be loaded on all systems | cups-filters |
| Launchpad | 2156340 | Do not handle parport_pc load in modules-load.conf | cups-filters |
| CVE | CVE-2026-33814 | When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE | adsys adsys adsys adsys adsys adsys adsys adsys adsys adsys adsys adsys adsys adsys |
| CVE | CVE-2026-27141 | Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic | adsys adsys adsys adsys |
| Launchpad | 2156339 | LibreOffice 24.2.7-0ubuntu0.24.04.5 crashes (heap corruption) when opening any ZIP-based document (ODF/OOXML) | cups cups cups cups cups cups cups cups |
| CVE | CVE-2026-11623 | A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to us | tmux tmux |
| CVE | CVE-2026-40393 | In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an | mesa mesa mesa mesa mesa mesa mesa mesa mesa mesa mesa mesa |
| Launchpad | 2156558 | Text layers appear to lose text information after saving and re-opening a file | gimp |
| Launchpad | 2154151 | Add Nvidia GB300 ALC4080 support | alsa-ucm-conf alsa-ucm-conf alsa-ucm-conf |
| Launchpad | 2150522 | Update zynqmp dtsi to fix displayport modetest | linux-xilinx-zynqmp |
| CVE | CVE-2026-48681 | OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image. | ironic ironic ironic ironic ironic ironic ironic ironic |
| CVE | CVE-2026-44917 | OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_templa | ironic ironic ironic ironic ironic ironic ironic ironic |
| CVE | CVE-2026-46447 | OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | ironic ironic ironic ironic ironic ironic ironic ironic |
| Launchpad | 2156398 | lpadmin breaks automatic installation | cups-pdf cups-pdf cups-pdf cups-pdf cups-pdf cups-pdf cups-pdf cups-pdf |
| Launchpad | 2154677 | [BPO] libreoffice 25.8.7 for jammy/noble | libreoffice libreoffice libreoffice libreoffice |
| Launchpad | 2154543 | [Security] ubuntu-kylin-software-center: root privilege escalation via command injection in D-Bus method copy_file_to_install | ubuntu-kylin-software-center ubuntu-kylin-software-center |
| CVE | CVE-2026-41283 | OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which | mistral mistral mistral mistral mistral mistral mistral mistral |
| CVE | CVE-2026-45591 | Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. | dotnet8 dotnet8 dotnet10 dotnet9 dotnet10 dotnet8 dotnet8 dotnet10 dotnet10 dotnet9 dotnet10 dotnet8 dotnet10 dotnet8 |
| CVE | CVE-2026-45491 | Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally. | dotnet8 dotnet8 dotnet10 dotnet9 dotnet10 dotnet8 dotnet8 dotnet10 dotnet10 dotnet9 dotnet10 dotnet8 dotnet10 dotnet8 |
About
-
Send Feedback to @ubuntu_updates
