Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-43964 | Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code th | postfix postfix postfix postfix postfix postfix postfix postfix postfix postfix postfix postfix postfix postfix postfix postfix |
| CVE | CVE-2026-2219 | It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream whe | dpkg dpkg dpkg dpkg |
| CVE | CVE-2026-34757 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0. | libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 |
| CVE | CVE-2026-33636 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versio | libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 |
| CVE | CVE-2026-33416 | LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versio | libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 |
| CVE | CVE-2026-42798 | Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c. | lcms2 lcms2 lcms2 lcms2 |
| CVE | CVE-2026-34059 | Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to ve | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-34032 | Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-33857 | Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recomme | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-33523 | HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers. This issue affects Apach | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-33007 | A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child p | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-33006 | A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recomm | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-29169 | A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious reques | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-29168 | Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-28780 | Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-24072 | An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-23918 | Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| Launchpad | 2151253 | Autostart in setting broken | gnome-control-center |
| CVE | CVE-2026-40489 | editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a | editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core |
| Launchpad | 2143604 | gnome-sushi does not preview file in nautilus 50 | gnome-sushi |
About
-
Send Feedback to @ubuntu_updates
