Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-31431 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commi | kmod kmod kmod kmod kmod kmod |
| Launchpad | 2150743 | kmod algif_aead disable tracking bug | kmod kmod kmod kmod kmod kmod |
| Launchpad | 2076319 | Netplan generate is creating directories with incorrect permission | netplan.io |
| CVE | CVE-2026-35414 | OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certific | openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh |
| CVE | CVE-2026-35388 | OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh |
| CVE | CVE-2026-35387 | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is | openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh |
| CVE | CVE-2026-35386 | In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the | openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh |
| CVE | CVE-2026-35385 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download | openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh openssh |
| Launchpad | 2150561 | Resolute's /etc/os-release missing LTS string in VERSION | base-files |
| Launchpad | 2146867 | [SRU] Fixing screen rotation failure when using FBC | xorg-server xorg-server |
| CVE | CVE-2026-32875 | UltraJSON is a fast JSON encoder and decoder written in pure C with bi ... | ujson ujson ujson ujson |
| CVE | CVE-2026-32874 | UltraJSON is a fast JSON encoder and decoder written in pure C with bi ... | ujson ujson ujson ujson |
| Launchpad | 2150116 | dovecot-core: passdb path normalization broken | dovecot dovecot dovecot dovecot dovecot dovecot dovecot dovecot |
| CVE | CVE-2026-39881 | Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious | vim vim vim vim vim vim vim vim vim vim vim vim |
| CVE | CVE-2026-35177 | Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary f | vim vim vim vim vim vim vim vim |
| Launchpad | 2143602 | Backport arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults | linux-nvidia-tegra |
| Launchpad | 2143866 | Long build times due to running dh_install on each module individually | linux-nvidia-tegra-modules-signed |
| CVE | CVE-2026-32647 | NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-28755 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when c | nginx nginx nginx nginx nginx nginx nginx nginx |
| CVE | CVE-2026-28753 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS respon | nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx |
About
-
Send Feedback to @ubuntu_updates
