UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-4786 Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser. python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-4519 The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behav python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-3276 unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2026-1502 CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10
CVE CVE-2025-45582 GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must e tar tar tar tar tar tar tar tar tar tar tar tar
CVE CVE-2026-42256 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5. ruby3.3 ruby3.3
Launchpad 2150830 Missing ath9k_htc firmware linux-firmware-qualcomm-wireless
CVE CVE-2026-42257 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net:: ruby3.2 ruby3.0 ruby3.2 ruby3.0 ruby3.3 ruby3.3
CVE CVE-2026-42246 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man ruby3.2 ruby3.0 ruby3.2 ruby3.0 ruby3.3 ruby3.3
Launchpad 2159053 fix for CVE-2026-12505 introduced regression with kerberos mounts cifs-utils cifs-utils cifs-utils cifs-utils cifs-utils cifs-utils cifs-utils cifs-utils
Launchpad 2157975 [SRU] Disable tmp.mount when RAM \u003c8GB ubuntu-raspi-settings
Launchpad 2157789 [SRU] Dracut silently produces truncated initramfs with constrained RAM ubuntu-raspi-settings
Launchpad 2148643 [SRU] connectivity-check.ubuntu.com URL change? network-manager network-manager network-manager network-manager
Launchpad 2154708 [SRU] RISC-V: Missing support for Zicbop extension in KVM guest qemu-hwe qemu qemu-hwe qemu
Launchpad 2150154 Race condition with Throttle-group + IOThread causing VM shutdown qemu-hwe qemu qemu-hwe qemu
Launchpad 2157739 [SRU] qemu-kvm-init does not load kvm module on riscv64 qemu-hwe qemu qemu-hwe qemu
Launchpad 2146445 qemu-system-x86: module upgrade fallback in /run/qemu/ broken \u2014 \ qemu-hwe qemu qemu-hwe qemu qemu qemu
Launchpad 2156706 qemu-system-x86 crashes when `blob=true` is specified for virtio GPU qemu-hwe qemu qemu-hwe qemu
Launchpad 2150443 Missing symlink /usr/lib/firmware/rt3090.bin.zst linux-firmware-mediatek
Launchpad 2155216 Add Cirrus CS35L56 firmware mappings for Dell systems linux-firmware-misc



About   -   Send Feedback to @ubuntu_updates