Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2024-8372 | Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also | angular.js angular.js angular.js angular.js angular.js angular.js |
| CVE | CVE-2023-26118 | Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to t | angular.js angular.js angular.js angular.js angular.js angular.js |
| CVE | CVE-2024-21490 | This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to sup | angular.js angular.js angular.js angular.js angular.js angular.js |
| CVE | CVE-2023-26117 | Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage | angular.js angular.js angular.js angular.js angular.js angular.js |
| CVE | CVE-2023-26116 | Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function du | angular.js angular.js angular.js angular.js angular.js angular.js |
| CVE | CVE-2022-25844 | The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possib | angular.js angular.js angular.js angular.js angular.js angular.js |
| CVE | CVE-2025-43541 | A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPa | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-43536 | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Tahoe 26.2, iOS 26.2 and iPadOS 26.2, Safari 26.2, | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-43535 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, ma | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-43531 | A race condition was addressed with improved state handling. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-43529 | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 26.2, Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-43501 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in Safari 26.2, iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and i | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2025-14174 | Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| Launchpad | 2138244 | [noble] write-sealed memfd mappings fail to map read-only | linux linux linux-hwe-6.8 linux-hwe-6.8 linux-lowlatency-hwe-6.8 linux-lowlatency-hwe-6.8 linux-azure-nvidia linux-azure-nvidia |
| Launchpad | 2122531 | Turbo boost stuck disabled on Clevo PD5x_7xSNC_SND_SNE | linux linux linux-hwe-6.8 linux-hwe-6.8 linux-lowlatency-hwe-6.8 linux-lowlatency-hwe-6.8 linux-azure-nvidia linux-azure-nvidia |
| Launchpad | 2134985 | ceph-mgr-dashboard renders blank page due to missing JavaScript files in package 19.2.3 | ceph ceph ceph ceph ceph ceph ceph ceph |
| CVE | CVE-2025-58181 | SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause u | google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent google-guest-agent |
| Launchpad | 2136302 | [sru] sos upstream 4.10.2 | sos sos sos sos sosreport sosreport |
| Launchpad | 2136906 | python3-urllib3 in 24.04 is now incompatible with shipped python3-zstandard | python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 python-urllib3 |
| Launchpad | 2114259 | Failed to build against linux-6.16 | v4l2loopback v4l2loopback |
About
-
Send Feedback to @ubuntu_updates
