Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2025-11187 | Issue summary: PBMAC1 parameters in PKCS#12 files are missing validati ... | openssl openssl |
| CVE | CVE-2026-22251 | wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, wlc supported providing unscoped API keys in the setting. This practi | wlc wlc |
| CVE | CVE-2026-22250 | wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This vul | wlc wlc |
| CVE | CVE-2026-23949 | jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerabilit | jaraco.context jaraco.context |
| Launchpad | 2138931 | [SRU] New upstream microrelease .NET 9.0.113/9.0.12 | dotnet9 |
| CVE | CVE-2025-7783 | Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program f | node-form-data node-form-data |
| CVE | CVE-2023-24626 | socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users t | screen screen |
| CVE | CVE-2025-46805 | Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when insta | screen screen screen screen |
| CVE | CVE-2025-46804 | A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would othe | screen screen screen screen |
| CVE | CVE-2025-46802 | For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. | screen screen screen screen |
| CVE | CVE-2025-26625 | Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with | git-lfs git-lfs |
| CVE | CVE-2023-53154 | parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called. | cjson cjson |
| CVE | CVE-2023-26819 | cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,99999999999999999999999999999999999999999999 | cjson cjson |
| CVE | CVE-2025-57052 | cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers t | cjson cjson cjson cjson |
| Launchpad | 2138326 | [SRU] New upstream microrelease .NET 8.0.123/8.0.23 | dotnet8 dotnet8 dotnet8 |
| Launchpad | 2130304 | Context menu options often don't work the first time they're pressed | gtk4 gtk4 |
| Debian | 1011294 | libabsl-dev: spurious -Wl flag in some pkg-config entries | abseil |
| Launchpad | 2004577 | [SRU] Issue with libabsl-dev | abseil |
| Launchpad | 2130203 | Migrate oem-6.{8|11|14} to oem-6.17 | linux-restricted-modules-oem-6.17 linux-meta-oem-6.17 linux-restricted-signatures-oem-6.17 linux-restricted-signatures-oem-6.17 linux-restricted-modules-oem-6.17 linux-meta-oem-6.17 |
| CVE | CVE-2026-23490 | pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed | pyasn1 pyasn1 pyasn1 pyasn1 pyasn1 pyasn1 pyasn1 pyasn1 |
About
-
Send Feedback to @ubuntu_updates
