Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2104217 | Package upgrade reinstalls /etc/valkey/REDIS_MIGRATION | valkey valkey valkey valkey |
| CVE | CVE-2025-50182 | urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 suppor | python-urllib3 python-urllib3 |
| CVE | CVE-2025-50181 | urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a Po | python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-pip python-pip python-pip python-pip python-pip python-pip |
| Launchpad | 2112382 | [SRU] ubuntu-advantage-tools (35.1 -\u003e 36) Xenial, Bionic, Focal, Jammy, Noble, Oracular, Plucky | ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools ubuntu-advantage-tools |
| Launchpad | 2100300 | gnome-calculator not doing currency conversion | gnome-calculator gnome-calculator |
| Launchpad | 2108976 | [SRU] Update gnome-calculator 46.3 | gnome-calculator gnome-calculator |
| Launchpad | 2102186 | wrong packet header size calculation | usbio-drivers usbio-drivers |
| Launchpad | 2111952 | Remmina prompts for RDP credentials even when they are saved | remmina remmina remmina remmina |
| Launchpad | 2100492 | rustc 1.82 required by firefox 137 and chromium 138 | rustc-1.82 rustc-1.82 rustc-1.82 rustc-1.82 |
| CVE | CVE-2025-49113 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is n | roundcube roundcube roundcube roundcube |
| CVE | CVE-2025-4517 | Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if | python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13 |
| CVE | CVE-2025-4435 | When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extrac | python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13 |
| CVE | CVE-2025-4330 | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me | python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13 |
| CVE | CVE-2025-4138 | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me | python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13 |
| CVE | CVE-2024-12718 | Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extrac | python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13 |
| CVE | CVE-2025-4673 | Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. | golang-1.22 golang-1.22 golang-1.22 golang-1.22 |
| CVE | CVE-2025-22870 | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment var | golang-1.22 golang-1.22 golang-1.22 golang-1.22 |
| CVE | CVE-2025-22866 | Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are | golang-1.22 golang-1.22 golang-1.22 golang-1.22 |
| CVE | CVE-2024-45341 | A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. | golang-1.22 golang-1.22 golang-1.22 golang-1.22 |
| CVE | CVE-2024-45336 | The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header | golang-1.22 golang-1.22 golang-1.22 golang-1.22 |
About
-
Send Feedback to @ubuntu_updates
