Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-4786 | Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser. | python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 |
| CVE | CVE-2026-4519 | The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behav | python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 |
| CVE | CVE-2026-3276 | unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with | python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 |
| CVE | CVE-2026-1502 | CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. | python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 python3.14 python3.14 python3.12 python3.12 python3.10 python3.10 |
| CVE | CVE-2025-45582 | GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must e | tar tar tar tar tar tar tar tar tar tar tar tar |
| CVE | CVE-2026-42256 | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0.5.0 to before 0.5. | ruby3.3 ruby3.3 |
| Launchpad | 2150830 | Missing ath9k_htc firmware | linux-firmware-qualcomm-wireless |
| CVE | CVE-2026-42257 | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net:: | ruby3.2 ruby3.0 ruby3.2 ruby3.0 ruby3.3 ruby3.3 |
| CVE | CVE-2026-42246 | Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man | ruby3.2 ruby3.0 ruby3.2 ruby3.0 ruby3.3 ruby3.3 |
| Launchpad | 2159053 | fix for CVE-2026-12505 introduced regression with kerberos mounts | cifs-utils cifs-utils cifs-utils cifs-utils cifs-utils cifs-utils cifs-utils cifs-utils |
| Launchpad | 2157975 | [SRU] Disable tmp.mount when RAM \u003c8GB | ubuntu-raspi-settings |
| Launchpad | 2157789 | [SRU] Dracut silently produces truncated initramfs with constrained RAM | ubuntu-raspi-settings |
| Launchpad | 2148643 | [SRU] connectivity-check.ubuntu.com URL change? | network-manager network-manager network-manager network-manager |
| Launchpad | 2154708 | [SRU] RISC-V: Missing support for Zicbop extension in KVM guest | qemu-hwe qemu qemu-hwe qemu |
| Launchpad | 2150154 | Race condition with Throttle-group + IOThread causing VM shutdown | qemu-hwe qemu qemu-hwe qemu |
| Launchpad | 2157739 | [SRU] qemu-kvm-init does not load kvm module on riscv64 | qemu-hwe qemu qemu-hwe qemu |
| Launchpad | 2146445 | qemu-system-x86: module upgrade fallback in /run/qemu/ broken \u2014 \ | qemu-hwe qemu qemu-hwe qemu qemu qemu |
| Launchpad | 2156706 | qemu-system-x86 crashes when `blob=true` is specified for virtio GPU | qemu-hwe qemu qemu-hwe qemu |
| Launchpad | 2150443 | Missing symlink /usr/lib/firmware/rt3090.bin.zst | linux-firmware-mediatek |
| Launchpad | 2155216 | Add Cirrus CS35L56 firmware mappings for Dell systems | linux-firmware-misc |
About
-
Send Feedback to @ubuntu_updates