Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2125904 | [SRU] borgbackup in jammy might loose backup in some corner cases | borgbackup borgbackup |
| CVE | CVE-2025-9900 | A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF imag | tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff |
| CVE | CVE-2025-9165 | A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tif | tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff |
| CVE | CVE-2025-8961 | A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulat | tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff |
| CVE | CVE-2022-32205 | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficient | curl curl |
| Launchpad | 2118865 | libcurl outgoing Cookie header field size check is broken | curl curl |
| CVE | CVE-2025-59800 | In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in | ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript |
| CVE | CVE-2025-59799 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. | ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript |
| CVE | CVE-2025-59798 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. | ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript |
| CVE | CVE-2025-7462 | A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the | ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript |
| Launchpad | 2125669 | [BPO] libreoffice 25.2.6 for jammy/noble | libreoffice libreoffice libreoffice libreoffice |
| Launchpad | 2116763 | AArch64: Processor Name in GNOME System Info is blank | libgtop2 libgtop2 libgtop2 libgtop2 libgtop2 libgtop2 |
| Launchpad | 2124984 | build.info is not present on ubuntu-base and ubuntu-oci Jammy images | livecd-rootfs |
| Launchpad | 2120278 | Apparmor /dev/net/tun overflow | libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt |
| Launchpad | 2117467 | Multipath device's targets are not added to domain namespace/cgroup | libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt libvirt |
| Launchpad | 2089789 | malloc performance degradation with CPU affinity masks | glibc glibc |
| Launchpad | 2124109 | DEP8 tests are failing for jammy | docker.io-app docker.io-app |
| CVE | CVE-2025-9288 | Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11. | node-sha.js node-sha.js |
| CVE | CVE-2025-58050 | The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerabi | pcre2 pcre2 pcre2 pcre2 |
| CVE | CVE-2025-31177 | gnuplot is affected by a heap buffer overflow at function utf8_copy_one. | gnuplot gnuplot |
About
-
Send Feedback to @ubuntu_updates
