Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-20889 | A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file | libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw |
| CVE | CVE-2026-20884 | An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can l | libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw |
| CVE | CVE-2026-5342 | A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw | libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw |
| CVE | CVE-2026-5119 | A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext | libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 |
| CVE | CVE-2026-2369 | A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overr | libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 |
| CVE | CVE-2026-57053 | GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_intern | libidn libidn libidn libidn libidn libidn libidn libidn libidn libidn libidn libidn |
| CVE | CVE-2025-22869 | SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, | golang-go.crypto golang-go.crypto |
| CVE | CVE-2025-47913 | SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. | golang-go.crypto golang-go.crypto |
| Launchpad | 2153486 | Backport open-vm-tools 13.0.10 to noble | open-vm-tools open-vm-tools |
| Launchpad | 2156482 | Transition the 535 graphics driver packages to 580 | fabric-manager-535 libnvidia-nscq-535 nvidia-graphics-drivers-535-server nvidia-graphics-drivers-535 fabric-manager-535 libnvidia-nscq-535 nvidia-graphics-drivers-535-server nvidia-graphics-drivers-535 |
| CVE | CVE-2026-10037 | A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files ma | mailcap mailcap mailcap mailcap |
| Launchpad | 2158653 | New upstream release 595.84 UDA | nvidia-graphics-drivers-595 nvidia-graphics-drivers-595 nvidia-graphics-drivers-595 nvidia-graphics-drivers-595 |
| Launchpad | 2158289 | opkssh server component won't accept certificates with from newer clients | opkssh |
| Launchpad | 2153134 | Apport fails to build with sbuild unshare backend: test fails when run as non-root system user | apport apport |
| Launchpad | 2149909 | test_run_report_bug_kernel_thread might fail in a VM | apport apport |
| Launchpad | 2158973 | test_vlog_created fails with: coreutils: unknown program 'memcheck-amd64-linux' | apport apport |
| Launchpad | 2149892 | Some reports have double extension: CurrentDmesg.txt.txt | apport apport |
| Launchpad | 2146806 | TypeError: self[\ | apport apport |
| Launchpad | 2150427 | test_retrace_jammy_sandbox fails on non-amd64: No such file or directory: '/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2' | apport apport |
| Launchpad | 2073787 | apport-retrace needs more than 1.5 GB memory (when using sandbox) | apport apport |
About
-
Send Feedback to @ubuntu_updates