Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2103414 | [25.04 FEAT] [post announcement] [KRN2304] CPU-MF Counters for new IBM Z hardware - s390-tools part | s390-tools s390-tools s390-tools-signed s390-tools-signed |
| Launchpad | 2109843 | snapd.seeded.service has considerably slowed down | snapd snapd snapd snapd snapd snapd snapd snapd snapd snapd |
| Launchpad | 2098137 | [SRU] 2.68.5 | snapd snapd snapd snapd snapd snapd snapd snapd snapd snapd |
| CVE | CVE-2024-23831 | LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker | ledgersmb ledgersmb ledgersmb ledgersmb ledgersmb ledgersmb |
| CVE | CVE-2021-3882 | LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a rev | ledgersmb ledgersmb ledgersmb ledgersmb ledgersmb ledgersmb |
| CVE | CVE-2025-6491 | In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly l | php8.4 php8.4 php8.3 php8.3 php8.1 php8.1 php8.4 php8.4 php8.3 php8.3 php8.1 php8.1 |
| CVE | CVE-2025-1735 | In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the under | php8.4 php8.4 php8.3 php8.3 php8.1 php8.1 php8.4 php8.4 php8.3 php8.3 php8.1 php8.1 |
| CVE | CVE-2025-1220 | In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation th | php8.4 php8.4 php8.3 php8.3 php8.1 php8.1 php8.4 php8.4 php8.3 php8.3 php8.1 php8.1 |
| CVE | CVE-2025-4945 | A flaw was found in the cookie parsing logic of the libsoup HTTP library, used in GNOME applications and other software. The vulnerability arises whe | libsoup2.4 libsoup3 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup2.4 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup3 libsoup2.4 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 |
| CVE | CVE-2025-4969 | A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. Th | libsoup2.4 libsoup3 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup2.4 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup3 libsoup2.4 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 |
| CVE | CVE-2025-4948 | A flaw was found in the soup_multipart_new_from_message() function of the libsoup HTTP library, which is commonly used by GNOME and other application | libsoup2.4 libsoup3 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup2.4 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup3 libsoup2.4 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 |
| CVE | CVE-2025-32907 | A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious c | libsoup2.4 libsoup3 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup2.4 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup3 libsoup2.4 libsoup2.4 libsoup3 libsoup3 libsoup2.4 libsoup2.4 libsoup2.4 libsoup2.4 |
| Launchpad | 2114995 | Accessibility fails in background selection | gnome-control-center |
| Launchpad | 2107454 | GNOME Shell crashed with SIGABRT at clutter_actor_finalize: assertion failed: (priv-\u003egrabs == NULL) on Xorg | mutter mutter mutter mutter |
| Launchpad | 2115973 | Accessibility issues in gnome-control-center | gnome-control-center gnome-control-center gnome-control-center |
| Launchpad | 2078527 | sys.version from mod_python cannot be parsed by the python platform module | libapache2-mod-python libapache2-mod-python |
| Launchpad | 2103668 | Onionshare fatally crashes after Tor connection (fix seems easy) | onionshare onionshare |
| CVE | CVE-2025-53020 | Late Release of Memory after Effective Lifetime vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: from 2.4.17 up to 2.4.63 | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2025-49812 | In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2025-49630 | In certain proxy configurations, a denial of service attack against Apache HTTP Server versions 2.4.26 through to 2.4.63 can be triggered by untruste | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
About
-
Send Feedback to @ubuntu_updates
