UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-0968 Denial of Service due to malformed SFTP message libssh libssh libssh libssh libssh libssh
CVE CVE-2026-0967 Denial of Service via inefficient regular expression processing libssh libssh libssh libssh libssh libssh
CVE CVE-2026-0966 Buffer underflow in ssh_get_hexa() on invalid input libssh libssh libssh libssh libssh libssh
CVE CVE-2026-0965 Denial of Service via improper configuration file handling libssh libssh libssh libssh libssh libssh
CVE CVE-2026-0964 Improper sanitation of paths received from SCP servers libssh libssh libssh libssh libssh libssh
CVE CVE-2025-8277 A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free libssh libssh libssh libssh libssh libssh
CVE CVE-2024-50305 Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2 trafficserver trafficserver trafficserver trafficserver trafficserver trafficserver
Launchpad 2141624 CVE-2024-50305: out-of-bounds read in trafficserver get_host_port_values trafficserver trafficserver trafficserver trafficserver trafficserver trafficserver
CVE CVE-2025-61107 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext. frr frr frr frr frr frr frr frr frr frr frr frr
CVE CVE-2025-61106 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext. frr frr frr frr frr frr frr frr frr frr frr frr
CVE CVE-2025-61105 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This frr frr frr frr frr frr frr frr frr frr frr frr
CVE CVE-2025-61104 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. Thi frr frr frr frr frr frr frr frr frr frr frr frr
CVE CVE-2025-61103 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_e frr frr frr frr frr frr frr frr frr frr frr frr
CVE CVE-2025-61102 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c frr frr frr frr frr frr frr frr frr frr frr frr
CVE CVE-2025-61101 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ frr frr frr frr frr frr frr frr frr frr frr frr
CVE CVE-2025-61100 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. frr frr frr frr frr frr frr frr frr frr frr frr
CVE CVE-2025-61099 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. Th frr frr frr frr frr frr frr frr frr frr frr frr
CVE CVE-2026-25990 Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. pillow pillow pillow pillow
CVE CVE-2025-9820 A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a tok gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28
CVE CVE-2025-14831 A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28


About   -   Send Feedback to @ubuntu_updates