Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2025-54350 | In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. | iperf3 iperf3 iperf3 iperf3 |
| CVE | CVE-2025-54349 | In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. | iperf3 iperf3 iperf3 iperf3 |
| Launchpad | 2115536 | [SRU] Allow building WSL images of Focal in the new format | livecd-rootfs ubuntu-meta ubuntu-meta livecd-rootfs |
| Launchpad | 2136341 | [SRU] Include wsl-pro-service into wsl-recommends | ubuntu-meta ubuntu-meta |
| Launchpad | 2108997 | [SRU] GDB: Internal binutils code requires updates made for IBM z17 in binutils already | binutils binutils |
| Launchpad | 2138617 | [SRU Exception] refresh mirrors list | python-apt python-apt |
| Launchpad | 2138637 | [SRU Exception] Update ubuntu-release-upgrader data for 24.04.4 | ubuntu-release-upgrader ubuntu-release-upgrader ubuntu-release-upgrader ubuntu-release-upgrader |
| Launchpad | 2138403 | 2025.10.07 new upstream release | wireless-regdb wireless-regdb wireless-regdb wireless-regdb wireless-regdb |
| Launchpad | 2136109 | [SRU] django-tastypie: tastypie is completely broken against Django 4+ | django-tastypie django-tastypie django-tastypie |
| Launchpad | 2130313 | [SRU] cs42l43 and cs35l56 audio failed to work on questing | alsa-ucm-conf |
| CVE | CVE-2025-66200 | mod_userdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in hta | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2025-65082 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache co | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2025-58098 | Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2025-55753 | An integer overflow in the case of failed ACME certificate renewal leads, after a number of failures (~30 days in default configurations), to the bac | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| Launchpad | 2117112 | 421 Misdirected Request: apache2 regression | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| Launchpad | 2138420 | backport of CVE-2026-21441 results in broken package | python-urllib3 python-urllib3 |
| CVE | CVE-2025-68471 | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can | avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi |
| CVE | CVE-2025-68468 | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can | avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi |
| CVE | CVE-2025-68276 | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged | avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi avahi |
| Launchpad | 2138316 | Backport rustc-1.89 to Noble | rustc-1.89 rustc-1.89 |
About
-
Send Feedback to @ubuntu_updates
