Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2025-49796 | A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw a | libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2025-49794 | A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematro | libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2025-6170 | A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, th | libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2025-6021 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. | libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2025-31651 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, i | tomcat10 tomcat10 |
| CVE | CVE-2025-46701 | Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that app | tomcat10 tomcat10 |
| Launchpad | 2115426 | [SRU] Backport wsl-setup as new package for Focal | wsl-setup wsl-setup |
| CVE | CVE-2025-43265 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPad | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-43240 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, Safari 18. 6. A download's origin may be incorrectly ass | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-43228 | The issue was addressed with improved UI. This issue is fixed in iOS 18.6 and iPadOS 18.6, Safari 18. 6. Visiting a malicious website may lead to add | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-43227 | This issue was addressed through improved state management. This issue is fixed in Safari 18.6, iOS 18.6 and iPadOS 18.6, macOS Sequoia 15.6, tvOS 18 | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-43216 | A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.6, watchOS 11.6, iOS 18.6 and iPadOS 18.6, iPa | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-43212 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, w | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-43211 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iPadOS 17.7.9, iOS 18.6 and iPadOS 18. | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-31278 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, iPadOS 17.7.9, watchOS 11.6, visionOS 2.6, iOS 18.6 and iP | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-31273 | The issue was addressed with improved memory handling. This issue is fixed in Safari 18.6, macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, w | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-6558 | Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| Launchpad | 2116909 | aarch64: Fix loose ldpstp check | gcc-12 gcc-12 gcc-12 gcc-12 |
| CVE | CVE-2023-4039 | **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer | gcc-11 gcc-12 gcc-10 gcc-12 gcc-11 gcc-11 gcc-12 gcc-10 gcc-12 gcc-11 |
| Launchpad | 2107313 | fix amd build issue on the newer kernel with higher entropy | gcc-11 gcc-12 gcc-10 gcc-12 gcc-11 gcc-11 gcc-12 gcc-10 gcc-12 gcc-11 |
About
-
Send Feedback to @ubuntu_updates
