UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2022-32205 A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficient curl curl
Launchpad 2118865 libcurl outgoing Cookie header field size check is broken curl curl
CVE CVE-2025-59800 In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript
CVE CVE-2025-59799 Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript
CVE CVE-2025-59798 Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript
CVE CVE-2025-7462 A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript
Launchpad 2125669 [BPO] libreoffice 25.2.6 for jammy/noble libreoffice libreoffice libreoffice libreoffice
Launchpad 2116763 AArch64: Processor Name in GNOME System Info is blank libgtop2 libgtop2 libgtop2
Launchpad 2124984 build.info is not present on ubuntu-base and ubuntu-oci Jammy images livecd-rootfs
Launchpad 2120278 Apparmor /dev/net/tun overflow libvirt libvirt libvirt libvirt
Launchpad 2117467 Multipath device's targets are not added to domain namespace/cgroup libvirt libvirt libvirt libvirt libvirt libvirt
Launchpad 2089789 malloc performance degradation with CPU affinity masks glibc glibc
Launchpad 2124109 DEP8 tests are failing for jammy docker.io-app
CVE CVE-2025-9288 Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. node-sha.js node-sha.js
CVE CVE-2025-58050 The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerabi pcre2 pcre2 pcre2 pcre2
CVE CVE-2025-31177 gnuplot is affected by a heap buffer overflow at function utf8_copy_one. gnuplot gnuplot
CVE CVE-2025-31181 A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash. gnuplot gnuplot
CVE CVE-2025-31180 A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. gnuplot gnuplot
CVE CVE-2025-31179 A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. gnuplot gnuplot
CVE CVE-2025-31178 A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. gnuplot gnuplot



About   -   Send Feedback to @ubuntu_updates