UbuntuUpdates.org

Bugs addressed in recent updates

All Launchpad Ubuntu Debian CVE

Origin Bug number Title Packages
CVE CVE-2026-20664 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk
CVE CVE-2026-20643 A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk
Launchpad 2147340 apply NVIDIA patches as of April 6, 2026 linux-nvidia-tegra
CVE CVE-2026-41205 Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with / mako mako mako mako mako mako mako mako
CVE CVE-2026-6907 An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `dj ... python-django
CVE CVE-2026-35192 An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Res ... python-django
CVE CVE-2026-5766 An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASG ... python-django
CVE CVE-2026-27135 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incomi nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2 nghttp2
Launchpad 2150160 Please build packages for questing, too rustc-1.91 rustc-1.91
CVE CVE-2026-33748 BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, insuf docker.io-app docker.io-app docker.io-app docker.io-app docker.io-app docker.io-app
CVE CVE-2026-33747 BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Prior to version 0.28.1, when docker.io-app docker.io-app docker.io-app docker.io-app docker.io-app docker.io-app
CVE CVE-2026-5958 When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem op sed sed sed sed sed sed sed sed
CVE CVE-2026-40687 In Exim before 4.99.2, when the SPA authentication driver is used with an adversarial SPA resource, there can be an out-of-bounds write that crashes exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4
CVE CVE-2026-40686 In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF- exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4
CVE CVE-2026-40685 In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrus exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4
CVE CVE-2026-4068 The Add Custom Fields to Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.3. This is exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4 exim4
Launchpad 2150547 Resolute update: v7.0.1 upstream stable release linux linux
Launchpad 2150553 Resolute update: v7.0.2 upstream stable release linux linux
Launchpad 2146952 [BPO] libreoffice 25.8.6 for jammy/noble libreoffice libreoffice libreoffice libreoffice
CVE CVE-2026-31431 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commi kmod kmod kmod kmod kmod kmod linux linux linux


About   -   Send Feedback to @ubuntu_updates