UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2025-11234 A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to qemu qemu qemu qemu qemu qemu qemu qemu qemu qemu qemu qemu
CVE CVE-2026-2781 Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird nss nss nss nss nss nss nss nss
CVE CVE-2026-2006 Missing validation of multibyte character length in PostgreSQL text manipulation allows a database user to issue crafted queries that achieve a buffe postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17
CVE CVE-2026-2005 Heap buffer overflow in PostgreSQL pgcrypto allows a ciphertext provider to execute arbitrary code as the operating system user running the database. postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17
CVE CVE-2026-2004 Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary cod postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17
CVE CVE-2026-2003 Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viabili postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17
Launchpad 2127668 New PostgreSQL upstream microreleases 14.22, 16.13, and 17.9 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17
Launchpad 2138258 [SRU] Add TWL IDs in Noble intel-media-driver-non-free intel-gmmlib intel-media-driver
CVE CVE-2026-21863 Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus valkey valkey valkey valkey
CVE CVE-2025-67733 Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject valkey valkey valkey valkey
Launchpad 2142590 Update Valkey to 7.2.12 in noble, 8.1.6 in questing, and 9.0.3 in resolute valkey valkey valkey valkey
CVE CVE-2025-31648 Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adver intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode intel-microcode
Launchpad 2142200 dovecot-core: OAuth2 JWT validation fails with client_id set but aud is missing when aud claim is an array dovecot dovecot dovecot dovecot
Launchpad 2142235 linux-riscv-6.8 is FTBFS because of missing patches linux-riscv-6.8 linux-riscv-6.8 linux
Launchpad 2142139 [SRU] libreoffice 25.8.5 for questing libreoffice libreoffice libreoffice libreoffice libreoffice
Launchpad 2142790 CVE-2022-24765 regression fix broke config includes git git git git
Launchpad 2126923 ovn_dhcp4_global_options doesn't support keys with a list of values neutron neutron neutron neutron
Launchpad 2126951 `block-stream` segfault with concurrent `query-named-block-nodes` qemu qemu
Launchpad 2142712 rmadison fails when people.canonical.com is unavailable devscripts devscripts
Launchpad 2120441 [MIR][noble] oem-sutton-daisuke-meta oem-sutton-daisuke-meta oem-sutton-daisuke-meta


About   -   Send Feedback to @ubuntu_updates