Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2025-8194 | There is a defect in the CPython “tarfile” module affecting the “TarFile” extraction and entry enumeration APIs. The tar implementation would process | python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 |
| CVE | CVE-2025-6069 | The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplifie | python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 python3.13 python3.12 python3.12 python3.10 python3.10 python3.13 |
| Launchpad | 2103780 | [SRU] backport golang-1.24 to jammy, noble, oracular and plucky | golang-1.24 |
| Launchpad | 2100003 | backport mofed-modules-24.10 24.10.1.1.4.0-0ubuntu2 | mofed-modules-24.10 |
| CVE | CVE-2025-6442 | Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affec | ruby-webrick ruby-webrick ruby-webrick ruby-webrick ruby-webrick ruby-webrick |
| Launchpad | 2109673 | Authentication with smartcard is not working with apparmor DENIED | sssd sssd sssd sssd sssd sssd sssd sssd sssd sssd sssd sssd |
| CVE | CVE-2025-50420 | An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. | poppler poppler poppler poppler poppler poppler poppler poppler poppler poppler poppler poppler |
| Launchpad | 2107340 | [SRU] Pipewire fails to reacquire a realtime priority when restarted | xdg-desktop-portal xdg-desktop-portal xdg-desktop-portal xdg-desktop-portal |
| CVE | CVE-2025-8851 | A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop. | tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff |
| CVE | CVE-2025-8176 | A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function get_histogram of the file | tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff |
| CVE | CVE-2025-8534 | A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c | tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff |
| Launchpad | 2116567 | [SRU] Add Dell SD25TB5 and AIO system MTK scalar IC firmware update | fwupd fwupd fwupd fwupd fwupd fwupd fwupd fwupd |
| CVE | CVE-2025-49796 | A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw a | libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2025-49794 | A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematro | libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2025-6170 | A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, th | libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2025-6021 | A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. | libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 libxml2 |
| CVE | CVE-2025-31651 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, i | tomcat10 tomcat10 |
| CVE | CVE-2025-46701 | Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that app | tomcat10 tomcat10 |
| Launchpad | 2115426 | [SRU] Backport wsl-setup as new package for Focal | wsl-setup |
| CVE | CVE-2025-43265 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in Safari 18.6, watchOS 11.6, visionOS 2.6, iOS 18.6 and iPad | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
About
-
Send Feedback to @ubuntu_updates
