Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-5466 | wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no ch | wolfssl wolfssl |
| CVE | CVE-2026-5460 | A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyS | wolfssl wolfssl |
| CVE | CVE-2026-5448 | X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.5 | wolfssl wolfssl |
| CVE | CVE-2026-5447 | Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate in | wolfssl wolfssl |
| CVE | CVE-2026-5446 | In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_Ar | wolfssl wolfssl |
| CVE | CVE-2026-5393 | Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on c | wolfssl wolfssl |
| CVE | CVE-2026-5392 | Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite- | wolfssl wolfssl |
| CVE | CVE-2026-5295 | A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wc_PKCS7_DecryptOri() function in wolfcrypt/src/pkcs7.c. When processing a CM | wolfssl wolfssl |
| CVE | CVE-2026-5264 | Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overfl | wolfssl wolfssl |
| CVE | CVE-2026-5263 | URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A com | wolfssl wolfssl |
| CVE | CVE-2026-5194 | Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the | wolfssl wolfssl |
| CVE | CVE-2026-5188 | An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate | wolfssl wolfssl |
| CVE | CVE-2026-5187 | Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one availab | wolfssl wolfssl |
| Debian | 1133835 | wolfssl: CVE-2026-5187 CVE-2026-5188 CVE-2026-5194 CVE-2026-5263 CVE-2026-5264 CVE-2026-5295 CVE-2026-5392 CVE-2026-5393 CVE-2026-5446 CVE-2026-5447 | wolfssl wolfssl |
| CVE | CVE-2026-35536 | In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were n | python-tornado python-tornado python-tornado python-tornado python-tornado python-tornado |
| CVE | CVE-2026-31958 | Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts i | python-tornado python-tornado python-tornado python-tornado python-tornado python-tornado |
| Debian | 1128124 | freeorion: FTBFS with boost 1.90 | freeorion freeorion |
| Debian | 1127300 | wsclean: libboost-system-dev package is obsolete with boost 1.89 and newer | wsclean wsclean |
| Debian | 1125732 | wsclean: FTBFS with CMake 4 | wsclean wsclean |
| CVE | CVE-2026-35334 | strongswan: gmp plugin crash | strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan strongswan |
About
-
Send Feedback to @ubuntu_updates
