UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-20217 A vulnerability in the PESpin file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly othe clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav
CVE CVE-2026-20216 A vulnerability in the InstallShield file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition on an affe clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav
CVE CVE-2026-20215 A vulnerability in the 7z file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other ex clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav
CVE CVE-2026-20214 A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other e clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav
CVE CVE-2026-20213 A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other ex clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav clamav
CVE CVE-2024-54661 readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. socat socat
CVE CVE-2026-41992 GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between diffe gzip gzip gzip gzip gzip gzip gzip gzip gzip gzip
CVE CVE-2026-41991 GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the u gzip gzip gzip gzip gzip gzip gzip gzip gzip gzip
CVE CVE-2026-56123 socat versions 1.8.0.0 through 1.8.1.1 contain a heap-based buffer overflow vulnerability that allows a malicious SOCKS5 proxy server to overwrite ad socat socat socat socat
CVE CVE-2026-4224 When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stac python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-3644 The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-2297 The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-1299 The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allow python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2025-69534 Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled Assert python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2025-13462 The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE python3.12 python3.12 python3.10 python3.10 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-9669 bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same dec python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-8328 The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV ho python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-7774 tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive me python3.14 python3.14 python3.12 python3.12 python3.14 python3.14 python3.12 python3.12
CVE CVE-2026-6100 Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `M python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-6019 http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10



About   -   Send Feedback to @ubuntu_updates