Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2025-61105 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This | frr frr frr frr frr frr frr frr frr frr frr frr |
| CVE | CVE-2025-61104 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. Thi | frr frr frr frr frr frr frr frr frr frr frr frr |
| CVE | CVE-2025-61103 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_e | frr frr frr frr frr frr frr frr frr frr frr frr |
| CVE | CVE-2025-61102 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c | frr frr frr frr frr frr frr frr frr frr frr frr |
| CVE | CVE-2025-61101 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ | frr frr frr frr frr frr frr frr frr frr frr frr |
| CVE | CVE-2025-61100 | FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. | frr frr frr frr frr frr frr frr frr frr frr frr |
| CVE | CVE-2025-61099 | FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. Th | frr frr frr frr frr frr frr frr frr frr frr frr |
| CVE | CVE-2026-25990 | Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. | pillow pillow pillow pillow |
| CVE | CVE-2025-9820 | A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a tok | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2025-14831 | A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via | gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 gnutls28 |
| CVE | CVE-2026-25068 | alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control dec | alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib alsa-lib |
| CVE | CVE-2026-24684 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the | freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 |
| CVE | CVE-2026-24683 | FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses i | freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 |
| CVE | CVE-2026-24681 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel cal | freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 |
| CVE | CVE-2026-24680 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_ | freerdp3 freerdp3 freerdp3 freerdp3 freerdp3 freerdp3 freerdp3 freerdp3 |
| CVE | CVE-2026-24678 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callb | freerdp3 freerdp3 freerdp3 freerdp3 |
| CVE | CVE-2026-24676 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the c | freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 |
| CVE | CVE-2026-24682 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio format | freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 |
| CVE | CVE-2026-24679 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array i | freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 |
| CVE | CVE-2026-24677 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts server-controlled dimensions and | freerdp3 freerdp3 freerdp3 freerdp3 |
About
-
Send Feedback to @ubuntu_updates
