UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
Debian 1129746 glibc is not built with -fstack-clash-protection (despite it being in dpkg-buildflags) glibc glibc
Launchpad 2145679 glibc 2.43 ftbfs glibc glibc
Launchpad 2122100 Rust coreutils `date` causes glibc to FTBFS glibc glibc
Launchpad 2142067 static-pie binaries crash on riscv64 with glibc 2.43 on resolute. glibc glibc
Launchpad 2147117 [SRU] Workers return 500 when SSL is enabled gunicorn
CVE CVE-2026-5107 A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the compon frr frr frr frr frr frr frr frr frr frr frr frr frr frr frr frr
CVE CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the s libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl
CVE CVE-2006-10002 XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crash libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl libxml-parser-perl
CVE CVE-2026-4897 A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` set policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1
CVE CVE-2025-7519 A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This iss policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1 policykit-1
CVE CVE-2026-34982 Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution wh vim vim vim vim vim vim vim vim vim vim vim vim
CVE CVE-2026-33412 Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix vim vim vim vim vim vim vim vim vim vim vim vim
CVE CVE-2026-32249 Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containin vim vim vim vim vim vim vim vim
Launchpad 2147094 [BPO] Starting recording fails obs-studio
CVE CVE-2026-35092 A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacke corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync
CVE CVE-2026-35091 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit toke corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync corosync
CVE CVE-2026-34080 xdg-dbus-proxy is a filtering proxy for D-Bus connections. Prior to 0.1.7, a policy parser vulnerability allows bypassing eavesdrop restrictions. The xdg-dbus-proxy xdg-dbus-proxy xdg-dbus-proxy xdg-dbus-proxy xdg-dbus-proxy xdg-dbus-proxy xdg-dbus-proxy xdg-dbus-proxy xdg-dbus-proxy xdg-dbus-proxy xdg-dbus-proxy xdg-dbus-proxy
CVE CVE-2025-9809 Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via retroarch retroarch
CVE CVE-2024-35862 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip sessions linux
CVE CVE-2024-50004 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DC linux-hwe-6.8 linux-lowlatency-hwe-6.8 linux-riscv-6.8 linux-hwe-6.8 linux-riscv-6.8 linux


About   -   Send Feedback to @ubuntu_updates