Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-41254 | Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. | lcms2 lcms2 lcms2 lcms2 lcms2 lcms2 lcms2 lcms2 |
| CVE | CVE-2026-40192 | Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, | pillow pillow pillow pillow pillow pillow pillow pillow |
| CVE | CVE-2026-20031 | A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of servic | clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav |
| CVE | CVE-2026-33555 | An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced conten | haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy haproxy |
| Launchpad | 2131790 | RGW - etag not returned on multipart upload | ceph ceph |
| Launchpad | 2146833 | sru cloud-init (26.1) Jammy, Noble and Questing | cloud-init cloud-init cloud-init cloud-init |
| Launchpad | 2147372 | [SRU] Volumes and Snapshots filtering does not work correctly with pagination | horizon horizon horizon horizon |
| CVE | CVE-2026-40372 | Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. | dotnet10 dotnet10 dotnet10 dotnet10 dotnet10 dotnet10 |
| Debian | 1122284 | AttributeError: 'super' object has no attribute 'transform' | weasyprint weasyprint |
| Debian | 1125002 | ITP: tinyhtml5 -- a tiny HTML5 parser | tinyhtml5 |
| Launchpad | 2150070 | Black screen with mouse cursor only after entering Ubuntu Kylin live session | ukui-desktop-environment ukui-desktop-environment |
| Launchpad | 2148718 | intel-ipu7 / intel-ipu7-isys modules are shipped unsigned in latest Resolute kernels, breaking Secure Boot systems | linux linux |
| Launchpad | 2149808 | Qualcomm X1E: Speaker overdrive causes hardware protection shutdown | linux linux |
| CVE | CVE-2026-40164 | jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible s | jq jq jq jq jq jq jq jq |
| CVE | CVE-2026-39979 | jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted | jq jq jq jq jq jq jq jq |
| CVE | CVE-2026-39956 | jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes | jq jq jq jq jq jq jq jq |
| CVE | CVE-2026-33948 | jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows v | jq jq jq jq jq jq jq jq |
| CVE | CVE-2026-33947 | jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c us | jq jq jq jq jq jq jq jq |
| CVE | CVE-2026-32316 | jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_cop | jq jq jq jq jq jq jq jq |
| Debian | 1134612 | lomiri: Missing dependency on deviceinfo-tools | lomiri lomiri |
About
-
Send Feedback to @ubuntu_updates
