UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-28390 Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact openssl openssl openssl openssl openssl openssl
CVE CVE-2026-28389 Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact sum openssl openssl openssl openssl openssl openssl
CVE CVE-2026-28388 Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CR openssl openssl openssl openssl openssl openssl
CVE CVE-2026-28387 Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA reco openssl openssl openssl openssl openssl openssl
CVE CVE-2026-2673 Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration in openssl openssl
Launchpad 2137464 crypto/ec/asm/ecp_nistp521-ppc64.pl output regex failure openssl openssl
CVE CVE-2026-5201 A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation gdk-pixbuf gdk-pixbuf gdk-pixbuf gdk-pixbuf gdk-pixbuf gdk-pixbuf gdk-pixbuf gdk-pixbuf gdk-pixbuf gdk-pixbuf gdk-pixbuf gdk-pixbuf
Launchpad 2144593 SRU: io.TextIOWrapper.write: write during flush causes pending_bytes length mismatch leading to crash/corruption python3.12 python3.12
CVE CVE-2026-4292 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ... python-django python-django python-django python-django python-django python-django
CVE CVE-2026-4277 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ... python-django python-django python-django python-django python-django python-django
CVE CVE-2026-3902 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ... python-django python-django python-django python-django python-django python-django
CVE CVE-2026-33034 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ... python-django python-django python-django python-django
CVE CVE-2026-33033 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4. ... python-django python-django python-django python-django python-django python-django
Launchpad 2146830 [SRU] kubuntu-devel-release-upgrade erroneously calls \ ubuntu-release-upgrader
Launchpad 2138629 [SRU] 2.74.1 snapd snapd snapd snapd snapd snapd
CVE CVE-2026-4111 A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive
CVE CVE-2025-60753 An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s subst libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive
CVE CVE-2025-5918 A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowi libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive
Launchpad 2146518 [SRU] Add quirks support for Goodix touchpad 27C6:0F96 and 27C6:0F90 libinput libinput libinput libinput
CVE CVE-2026-1837 A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninit jpeg-xl jpeg-xl jpeg-xl jpeg-xl


About   -   Send Feedback to @ubuntu_updates