Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| Launchpad | 2111952 | Remmina prompts for RDP credentials even when they are saved | remmina remmina remmina remmina |
| Launchpad | 2100492 | rustc 1.82 required by firefox 137 and chromium 138 | rustc-1.82 rustc-1.82 rustc-1.82 rustc-1.82 |
| CVE | CVE-2025-49113 | Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is n | roundcube roundcube roundcube roundcube |
| CVE | CVE-2025-4517 | Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if | python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13 |
| CVE | CVE-2025-4435 | When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extrac | python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13 |
| CVE | CVE-2025-4330 | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me | python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13 |
| CVE | CVE-2025-4138 | Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file me | python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13 |
| CVE | CVE-2024-12718 | Allows modifying some file metadata (e.g. last modified) with filter="data" or file permissions (chmod) with filter="tar" of files outside the extrac | python3.13 python3.12 python3.13 python3.13 python3.12 python3.12 python3.12 python3.13 |
| CVE | CVE-2025-4673 | Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information. | golang-1.22 golang-1.22 golang-1.22 golang-1.22 |
| CVE | CVE-2025-22870 | Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment var | golang-1.22 golang-1.22 golang-1.22 golang-1.22 |
| CVE | CVE-2025-22866 | Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are | golang-1.22 golang-1.22 golang-1.22 golang-1.22 |
| CVE | CVE-2024-45341 | A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. | golang-1.22 golang-1.22 golang-1.22 golang-1.22 |
| CVE | CVE-2024-45336 | The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header | golang-1.22 golang-1.22 golang-1.22 golang-1.22 |
| Launchpad | 2111723 | lscpu wrong core report and Model name is unkown | util-linux util-linux util-linux util-linux util-linux util-linux util-linux util-linux |
| CVE | CVE-2024-22365 | linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for | pam pam |
| CVE | CVE-2025-6020 | A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to eleva | pam pam pam pam pam pam |
| CVE | CVE-2025-6019 | LPE from allow_active to root in libblockdev via udisks | udisks2 libblockdev libblockdev udisks2 udisks2 libblockdev libblockdev udisks2 udisks2 libblockdev libblockdev udisks2 libblockdev udisks2 udisks2 libblockdev libblockdev udisks2 udisks2 libblockdev libblockdev udisks2 udisks2 libblockdev |
| CVE | CVE-2022-32200 | libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. | dwarfutils dwarfutils |
| CVE | CVE-2025-49180 | A flaw was found in the RandR extension, where the RRChangeProviderPro ... | xorg-server xorg-server xwayland xorg-server xorg-server xwayland xorg-server xorg-server xwayland xorg-server xwayland xorg-server |
| CVE | CVE-2025-49179 | A flaw was found in the X Record extension. The RecordSanityCheckRegis ... | xorg-server xorg-server xwayland xorg-server xorg-server xwayland xorg-server xorg-server xwayland xorg-server xwayland xorg-server |
About
-
Send Feedback to @ubuntu_updates
