UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-20889 A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw
CVE CVE-2026-20884 An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can l libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw
CVE CVE-2026-5342 A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw libraw
CVE CVE-2026-5119 A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4
CVE CVE-2026-2369 A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overr libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4
CVE CVE-2026-57053 GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_intern libidn libidn libidn libidn libidn libidn libidn libidn libidn libidn libidn libidn
CVE CVE-2025-22869 SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, golang-go.crypto golang-go.crypto
CVE CVE-2025-47913 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. golang-go.crypto golang-go.crypto
Launchpad 2153486 Backport open-vm-tools 13.0.10 to noble open-vm-tools open-vm-tools
Launchpad 2156482 Transition the 535 graphics driver packages to 580 fabric-manager-535 libnvidia-nscq-535 nvidia-graphics-drivers-535-server nvidia-graphics-drivers-535 fabric-manager-535 libnvidia-nscq-535 nvidia-graphics-drivers-535-server nvidia-graphics-drivers-535
CVE CVE-2026-10037 A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files ma mailcap mailcap mailcap mailcap
Launchpad 2158653 New upstream release 595.84 UDA nvidia-graphics-drivers-595 nvidia-graphics-drivers-595 nvidia-graphics-drivers-595 nvidia-graphics-drivers-595
Launchpad 2158289 opkssh server component won't accept certificates with from newer clients opkssh
Launchpad 2153134 Apport fails to build with sbuild unshare backend: test fails when run as non-root system user apport apport
Launchpad 2149909 test_run_report_bug_kernel_thread might fail in a VM apport apport
Launchpad 2158973 test_vlog_created fails with: coreutils: unknown program 'memcheck-amd64-linux' apport apport
Launchpad 2149892 Some reports have double extension: CurrentDmesg.txt.txt apport apport
Launchpad 2146806 TypeError: self[\ apport apport
Launchpad 2150427 test_retrace_jammy_sandbox fails on non-amd64: No such file or directory: '/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2' apport apport
Launchpad 2073787 apport-retrace needs more than 1.5 GB memory (when using sandbox) apport apport



About   -   Send Feedback to @ubuntu_updates