UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
Launchpad 2111952 Remmina prompts for RDP credentials even when they are saved remmina remmina remmina remmina
Launchpad 2100492 rustc 1.82 required by firefox 137 and chromium 138 rustc-1.82 rustc-1.82 rustc-1.82 rustc-1.82
CVE CVE-2025-49113 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is n roundcube roundcube roundcube roundcube
CVE CVE-2025-4517 Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13
CVE CVE-2025-4435 When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extrac python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13
CVE CVE-2025-4330 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13
CVE CVE-2025-4138 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13
CVE CVE-2024-12718 Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extrac python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13
CVE CVE-2025-4673 Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. golang-1.22 golang-1.22 golang-1.22 golang-1.22
CVE CVE-2025-22870 Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment var golang-1.22 golang-1.22 golang-1.22 golang-1.22
CVE CVE-2025-22866 Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are golang-1.22 golang-1.22 golang-1.22 golang-1.22
CVE CVE-2024-45341 A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. golang-1.22 golang-1.22 golang-1.22 golang-1.22
CVE CVE-2024-45336 The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header golang-1.22 golang-1.22 golang-1.22 golang-1.22
Launchpad 2111723 lscpu wrong core report and Model name is unkown util-linux util-linux util-linux util-linux util-linux util-linux util-linux util-linux
CVE CVE-2024-22365 linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for pam pam
CVE CVE-2025-6020 A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to eleva pam pam pam pam pam pam
CVE CVE-2025-6019 LPE from allow_active to root in libblockdev via udisks udisks2 libblockdev libblockdev udisks2 udisks2 libblockdev libblockdev udisks2 udisks2 libblockdev libblockdev udisks2 libblockdev udisks2 udisks2 libblockdev libblockdev udisks2 udisks2 libblockdev libblockdev udisks2 udisks2 libblockdev
CVE CVE-2022-32200 libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. dwarfutils dwarfutils
CVE CVE-2025-49180 A flaw was found in the RandR extension, where the RRChangeProviderPro ... xorg-server xorg-server xwayland xorg-server xorg-server xwayland xorg-server xorg-server xwayland xorg-server xwayland xorg-server
CVE CVE-2025-49179 A flaw was found in the X Record extension. The RecordSanityCheckRegis ... xorg-server xorg-server xwayland xorg-server xorg-server xwayland xorg-server xorg-server xwayland xorg-server xwayland xorg-server



About   -   Send Feedback to @ubuntu_updates