UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-24675 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but l freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2
CVE CVE-2026-24491 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel freerdp3 freerdp3 freerdp3 freerdp3 freerdp3 freerdp3 freerdp3 freerdp3
CVE CVE-2026-23948 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2 freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2 freerdp3 freerdp3 freerdp3 freerdp3 freerdp2 freerdp2
CVE CVE-2025-69223 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a Do python-aiohttp python-aiohttp
CVE CVE-2025-69227 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when as python-aiohttp python-aiohttp
CVE CVE-2025-69229 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result python-aiohttp python-aiohttp
CVE CVE-2025-69228 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way python-aiohttp python-aiohttp
CVE CVE-2025-69226 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existen python-aiohttp python-aiohttp
CVE CVE-2025-69225 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII python-aiohttp python-aiohttp
CVE CVE-2025-69224 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a reque python-aiohttp python-aiohttp
Launchpad 2127205 pkcs11-tool is sending null sha-1 digest to Openssl on FIPS enabled ubuntu 24.04 opensc
Launchpad 2125203 wpa_supplicant does not specify disconnection reason, which prevents NetworkManager from displaying password re-entry prompt on auth failure wpa wpa wpa wpa
Launchpad 2141778 Change of ABI in 6.8.0 kernel breaks some OTT modules linux linux-hwe-6.8 linux linux-hwe-6.8 linux-lowlatency-hwe-6.8
CVE CVE-2026-25646 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6 libpng1.6
CVE CVE-2026-25506 MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vul munge munge munge munge munge munge
CVE CVE-2026-1642 A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a ma nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx nginx
CVE CVE-2025-30187 In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able to dnsdist dnsdist
CVE CVE-2025-8671 A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implement dnsdist dnsdist
CVE CVE-2026-26081 BUG/MAJOR: quic: reject invalid token haproxy haproxy haproxy haproxy
CVE CVE-2025-11678 Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilati libwebsockets libwebsockets


About   -   Send Feedback to @ubuntu_updates