Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2025-9231 | Timing side-channel in SM2 algorithm on 64 bit ARM | openssl openssl |
| CVE | CVE-2025-9230 | Out-of-bounds read & write in RFC 3211 KEK Unwrap | openssl openssl openssl openssl openssl openssl |
| Launchpad | 2116751 | openscap probe_file process consumes excessive resources during CIS scan | openscap |
| Launchpad | 2100570 | [SRU] upload euslisp/jskeus to Ubuntu/Noble | euslisp |
| Launchpad | 2122609 | Hardcoded MAX_RESTART_COUNT in unbound 1.13.1 blocks dns resolution of long cname chains | unbound unbound unbound unbound |
| CVE | CVE-2025-41244 | VMware Aria Operations and VMware Tools contain a local privilege esca ... | open-vm-tools open-vm-tools open-vm-tools open-vm-tools open-vm-tools open-vm-tools open-vm-tools open-vm-tools open-vm-tools open-vm-tools open-vm-tools open-vm-tools |
| CVE | CVE-2025-59830 | Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, | ruby-rack ruby-rack ruby-rack ruby-rack |
| Launchpad | 2125904 | [SRU] borgbackup in jammy might loose backup in some corner cases | borgbackup borgbackup |
| CVE | CVE-2025-9900 | A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF imag | tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff |
| CVE | CVE-2025-9165 | A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tif | tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff |
| CVE | CVE-2025-8961 | A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulat | tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff tiff |
| CVE | CVE-2022-32205 | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficient | curl curl |
| Launchpad | 2118865 | libcurl outgoing Cookie header field size check is broken | curl curl |
| CVE | CVE-2025-59800 | In Artifex Ghostscript through 10.05.1, ocr_begin_page in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in | ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript |
| CVE | CVE-2025-59799 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. | ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript |
| CVE | CVE-2025-59798 | Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. | ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript |
| CVE | CVE-2025-7462 | A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the | ghostscript ghostscript ghostscript ghostscript ghostscript ghostscript |
| Launchpad | 2125669 | [BPO] libreoffice 25.2.6 for jammy/noble | libreoffice libreoffice libreoffice libreoffice |
| Launchpad | 2116763 | AArch64: Processor Name in GNOME System Info is blank | libgtop2 libgtop2 libgtop2 libgtop2 libgtop2 libgtop2 |
| Launchpad | 2124984 | build.info is not present on ubuntu-base and ubuntu-oci Jammy images | livecd-rootfs |
About
-
Send Feedback to @ubuntu_updates
