Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-6472 | Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, inc | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-6474 | Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-6575 | Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read pa | postgresql-18 postgresql-18 postgresql-18 postgresql-18 |
| CVE | CVE-2026-6638 | SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-17 |
| CVE | CVE-2026-6476 | SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The a | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-18 postgresql-18 postgresql-17 postgresql-17 |
| CVE | CVE-2026-6473 | Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and wri | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-6479 | Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained d | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| Launchpad | 2152636 | New PostgreSQL upstream microreleases 14.23, 16.14, 17.10, and 18.4 | postgresql-18 postgresql-18 postgresql-17 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-18 postgresql-18 postgresql-17 postgresql-16 postgresql-16 postgresql-14 postgresql-14 postgresql-17 |
| CVE | CVE-2026-5950 | An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated atta | bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 |
| CVE | CVE-2026-5947 | Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SI | bind9 bind9 bind9 bind9 |
| CVE | CVE-2026-5946 | Multiple flaws have been identified in `named` related to the handling of DNS messages whose CLASS is not Internet (`IN`) — for example, `CHAOS` or ` | bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 |
| CVE | CVE-2026-3593 | A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 thr | bind9 bind9 bind9 bind9 |
| CVE | CVE-2026-3592 | BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone | bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 |
| CVE | CVE-2026-3039 | BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving an | bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 bind9 |
| CVE | CVE-2026-5121 | A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote at | libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive |
| CVE | CVE-2026-4426 | A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a fiel | libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive |
| CVE | CVE-2026-4424 | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of t | libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive libarchive |
| Launchpad | 2139280 | [SRU] Please update to 20260116.00 | gce-compute-image-packages gce-compute-image-packages gce-compute-image-packages |
| Launchpad | 2139302 | [SRU] Please update to 20260116.00 | google-compute-engine-oslogin google-compute-engine-oslogin google-compute-engine-oslogin |
| Launchpad | 2139288 | [SRU] Please update to 20251028.00 | google-osconfig-agent google-osconfig-agent google-osconfig-agent |
About
-
Send Feedback to @ubuntu_updates
