Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-45232 | Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c th | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-43620 | Rsync version 3.4.2 and prior contain a receiver-side out-of-bounds array read vulnerability in recv_files() in receiver.c that allows a malicious rs | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-43619 | Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unli | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-43618 | Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-43617 | Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-41035 | In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2025-10158 | A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array in | rsync rsync rsync rsync rsync rsync rsync rsync |
| CVE | CVE-2026-5056 | Integer overflows and out-of-bounds access in MOV/MP4 demuxer | gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 gst-plugins-good1.0 |
| CVE | CVE-2026-42010 | A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL ch | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-42011 | A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authoriti | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-3833 | A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically fo | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-3832 | A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol ( | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-33845 | A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reass | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-42009 | A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The com | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-33846 | A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() w | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-44608 | Use after free and crash in RPZ code (special requirements apply) | unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound |
| CVE | CVE-2026-44390 | Unbounded name compression in certain cases causes degradation of service | unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound |
| CVE | CVE-2026-42960 | Possible cache poisoning attack while following delegation | unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound |
| CVE | CVE-2026-42959 | Crash during DNSSEC validation of malicious content | unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound |
| CVE | CVE-2026-42944 | Heap overflow and crash with multiple nsid, cookie, padding EDNS options | unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound unbound |
About
-
Send Feedback to @ubuntu_updates
