Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2025-53075 | Improper Input Validation vulnerability in Samsung Open Source rLottie allows Path Traversal.This issue affects rLottie: V0.2. | rlottie rlottie rlottie rlottie rlottie rlottie |
| CVE | CVE-2025-53074 | Out-of-bounds Read vulnerability in Samsung Open Source rLottie allows Overflow Buffers.This issue affects rLottie: V0.2. | rlottie rlottie rlottie rlottie rlottie rlottie |
| CVE | CVE-2025-0634 | Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2. | rlottie rlottie rlottie rlottie rlottie rlottie |
| CVE | CVE-2026-25500 | Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory` generates an HTML directory index where e | ruby-rack ruby-rack ruby-rack ruby-rack |
| CVE | CVE-2026-22860 | Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, `Rack::Directory`’s path check used a string prefix match o | ruby-rack ruby-rack ruby-rack ruby-rack |
| Launchpad | 2127658 | Backport of openvpn for noble and questing | openvpn openvpn openvpn openvpn |
| Launchpad | 2115289 | [Noble] Adding files to subdirs in an existing 7z archive broken | file-roller file-roller file-roller file-roller |
| Launchpad | 2142637 | [SRU] extraneous black bar at the bottom of all windows | orchis-kde orchis-kde |
| Launchpad | 2142239 | CVE-2022-24765 regression for setting safe.directory | git git git git |
| CVE | CVE-2026-0994 | A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypas | protobuf protobuf protobuf protobuf protobuf protobuf protobuf protobuf protobuf protobuf protobuf protobuf |
| Launchpad | 2142552 | netlink: fix crash when ops doesn't support udata | nftables nftables nftables nftables nftables nftables nftables nftables |
| Launchpad | 2065084 | [SRU] BDM with device_type=lun fails | nova nova nova nova |
| CVE | CVE-2025-15224 | When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate usi | curl curl curl curl |
| CVE | CVE-2025-15079 | When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts | curl curl curl curl |
| CVE | CVE-2025-14819 | When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally | curl curl curl curl |
| CVE | CVE-2025-14524 | When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, | curl curl curl curl curl curl |
| CVE | CVE-2025-14017 | When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally a | curl curl curl curl curl curl |
| CVE | CVE-2025-13034 | When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey` with the curl tool,curl should check the public key of the server certif | curl curl |
| CVE | CVE-2025-10148 | curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask tha | curl curl curl curl |
| CVE | CVE-2025-9086 | 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same | curl curl |
About
-
Send Feedback to @ubuntu_updates
