Bugs addressed in recent updates
| Origin | Bug number | Title | Packages |
|---|---|---|---|
| CVE | CVE-2026-33006 | A timing attack against mod_auth_digest in Apache HTTP Server 2.4.66 allows a bypass of Digest authentication by a remote attacker. Users are recomm | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-29169 | A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a malicious reques | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-29168 | Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue affects Apache | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-28780 | Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-24072 | An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| CVE | CVE-2026-23918 | Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are | apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 apache2 |
| Launchpad | 2151253 | Autostart in setting broken | gnome-control-center gnome-control-center |
| CVE | CVE-2026-40489 | editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a | editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core editorconfig-core |
| Launchpad | 2143604 | gnome-sushi does not preview file in nautilus 50 | gnome-sushi gnome-sushi |
| Launchpad | 2151302 | [SRU] gnome-sushi 50.0 | gnome-sushi gnome-sushi |
| Launchpad | 2151292 | [SRU] Crash on selecting manually installed driver: 'manually_install' typo in show_drivers | software-properties software-properties |
| Launchpad | 2150181 | [SRU] software-properties-gtk driver detection fails with Python 3.14 (cannot pickle SoftwarePropertiesGtk) | software-properties software-properties |
| Launchpad | 2081708 | Incompatible with systemd zstd coredumps (could not determine content size in frame header) | apport apport |
| Launchpad | 2150215 | Some strings are localized using the region format locale | accountsservice accountsservice |
| Launchpad | 2150049 | Wrong default file association for and .deb files and snap:// URIs | gnome-session gnome-session gnome-session gnome-session |
| Launchpad | 2150626 | [SRU] waylandclipboard: Plasma freeze when syncing clipboard | kf6-kguiaddons kf6-kguiaddons kf6-kguiaddons kf6-kguiaddons |
| CVE | CVE-2026-33154 | dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due | python-dynaconf python-dynaconf python-dynaconf python-dynaconf |
| CVE | CVE-2026-20676 | This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2026-20652 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, ma | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
| CVE | CVE-2026-20644 | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, ma | webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk webkit2gtk |
About
-
Send Feedback to @ubuntu_updates
