UbuntuUpdates.org

Latest Changelogs for all releases

All releases Bionic Focal Jammy Noble Plucky Questing
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesbackportsproposedbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

python-django Feb 3rd 20:07
Release: jammy Repo: main Level: updates New version: 2:3.2.12-2ubuntu1.25
Packages in group:  python3-django python-django-doc

  python-django (2:3.2.12-2ubuntu1.25) jammy-security; urgency=medium

  * SECURITY UPDATE: Username enumeration through timing difference in
    mod_wsgi authentication handler
    - debian/patches/CVE-2025-13473.patch: standardize timing of
      check_password() in mod_wsgi auth handler in
      django/contrib/auth/handlers/modwsgi.py,
      tests/auth_tests/test_handlers.py.
    - CVE-2025-13473
  * SECURITY UPDATE: Potential denial-of-service vulnerability via repeated
    headers when using ASGI
    - debian/patches/CVE-2025-14550.patch: optimize repeated header parsing
      in ASGI requests in django/core/handlers/asgi.py,
      tests/asgi/tests.py.
    - CVE-2025-14550
  * SECURITY UPDATE: Potential SQL injection via raster lookups on PostGIS
    - debian/patches/CVE-2026-1207.patch: prevent SQL injections in
      RasterField lookups via band index in
      django/contrib/gis/db/backends/postgis/operations.py,
      tests/gis_tests/rasterapp/test_rasterfield.py.
    - CVE-2026-1207
  * SECURITY UPDATE: Potential denial-of-service vulnerability in
    django.utils.text.Truncator HTML methods
    - debian/patches/CVE-2026-1285.patch: mitigate potential DoS in
      django.utils.text.Truncator for HTML input in django/utils/text.py,
      tests/utils_tests/test_text.py.
    - CVE-2026-1285
  * SECURITY UPDATE: Potential SQL injection in column aliases via control
    characters
    - debian/patches/CVE-2026-1287.patch: protect against SQL injection in
      column aliases via control characters in
      django/db/models/sql/query.py, tests/aggregation/tests.py,
      tests/annotations/tests.py, tests/queries/tests.py,
      tests/expressions/test_queryset_values.py.
    - CVE-2026-1287

 -- Marc Deslauriers <email address hidden> Wed, 28 Jan 2026 08:16:57 -0500
CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler
CVE-2025-14550 Potential denial-of-service vulnerability via repeated headers when using ASGI
CVE-2026-1207 Potential SQL injection via raster lookups on PostGIS
CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
CVE-2026-1287 Potential SQL injection in column aliases via control characters

python-keystonemiddleware Feb 3rd 18:07
Release: questing Repo: main Level: security New version: 10.12.0-0ubuntu1.1
Packages in group:  python3-keystonemiddleware python-keystonemiddleware-doc

  python-keystonemiddleware (10.12.0-0ubuntu1.1) questing-security; urgency=medium

  * SECURITY UPDATE: Privilege Escalation via Identity Headers in External
    OAuth2 Tokens
    - debian/patches/CVE-2026-22797.patch: sanitize incoming authentication
      headers in keystonemiddleware/external_oauth2_token.py,
      keystonemiddleware/tests/unit/test_external_oauth2_token_middleware.py.
    - CVE-2026-22797

 -- Marc Deslauriers <email address hidden> Tue, 20 Jan 2026 14:14:11 -0500
CVE-2026-22797 An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before

python-django Feb 3rd 18:07
Release: questing Repo: main Level: security New version: 3:5.2.4-1ubuntu2.3
Packages in group:  python3-django python-django-doc

  python-django (3:5.2.4-1ubuntu2.3) questing-security; urgency=medium

  * SECURITY UPDATE: Username enumeration through timing difference in
    mod_wsgi authentication handler
    - debian/patches/CVE-2025-13473.patch: standardize timing of
      check_password() in mod_wsgi auth handler in
      django/contrib/auth/handlers/modwsgi.py,
      tests/auth_tests/test_handlers.py.
    - CVE-2025-13473
  * SECURITY UPDATE: Potential denial-of-service vulnerability via repeated
    headers when using ASGI
    - debian/patches/CVE-2025-14550.patch: optimize repeated header parsing
      in ASGI requests in django/core/handlers/asgi.py,
      tests/asgi/tests.py.
    - CVE-2025-14550
  * SECURITY UPDATE: Potential SQL injection via raster lookups on PostGIS
    - debian/patches/CVE-2026-1207.patch: prevent SQL injections in
      RasterField lookups via band index in
      django/contrib/gis/db/backends/postgis/operations.py,
      tests/gis_tests/rasterapp/test_rasterfield.py.
    - CVE-2026-1207
  * SECURITY UPDATE: Potential denial-of-service vulnerability in
    django.utils.text.Truncator HTML methods
    - debian/patches/CVE-2026-1285.patch: mitigate potential DoS in
      django.utils.text.Truncator for HTML input in django/utils/text.py,
      tests/utils_tests/test_text.py.
    - CVE-2026-1285
  * SECURITY UPDATE: Potential SQL injection in column aliases via control
    characters
    - debian/patches/CVE-2026-1287.patch: protect against SQL injection in
      column aliases via control characters in
      django/db/models/sql/query.py, tests/aggregation/tests.py,
      tests/annotations/tests.py, tests/queries/tests.py,
      tests/expressions/test_queryset_values.py.
    - CVE-2026-1287
  * SECURITY UPDATE: Potential SQL injection via QuerySet.order_by and
    FilteredRelation
    - debian/patches/CVE-2026-1312-1.patch: protect order_by() from SQL
      injection via aliases with periods in
      django/db/models/sql/compiler.py, tests/ordering/tests.py.
    - debian/patches/CVE-2026-1312-2.patch: raise ValueError when
      FilteredRelation aliases contain periods in
      django/db/models/sql/query.py, tests/filtered_relation/tests.py,
      tests/ordering/tests.py.
    - CVE-2026-1312

 -- Marc Deslauriers <email address hidden> Wed, 28 Jan 2026 07:48:21 -0500

 (See more...)
CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler
CVE-2025-14550 Potential denial-of-service vulnerability via repeated headers when using ASGI
CVE-2026-1207 Potential SQL injection via raster lookups on PostGIS
CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
CVE-2026-1287 Potential SQL injection in column aliases via control characters
More...

python-keystonemiddleware Feb 3rd 18:07
Release: noble Repo: main Level: security New version: 10.6.0-0ubuntu1.1
Packages in group:  python3-keystonemiddleware python-keystonemiddleware-doc

  python-keystonemiddleware (10.6.0-0ubuntu1.1) noble-security; urgency=medium

  * SECURITY UPDATE: Privilege Escalation via Identity Headers in External
    OAuth2 Tokens
    - debian/patches/CVE-2026-22797.patch: sanitize incoming authentication
      headers in keystonemiddleware/external_oauth2_token.py,
      keystonemiddleware/tests/unit/test_external_oauth2_token_middleware.py.
    - CVE-2026-22797

 -- Marc Deslauriers <email address hidden> Tue, 20 Jan 2026 14:16:52 -0500
CVE-2026-22797 An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before

python-django Feb 3rd 18:07
Release: noble Repo: main Level: security New version: 3:4.2.11-1ubuntu1.14
Packages in group:  python3-django python-django-doc

  python-django (3:4.2.11-1ubuntu1.14) noble-security; urgency=medium

  * SECURITY UPDATE: Username enumeration through timing difference in
    mod_wsgi authentication handler
    - debian/patches/CVE-2025-13473.patch: standardize timing of
      check_password() in mod_wsgi auth handler in
      django/contrib/auth/handlers/modwsgi.py,
      tests/auth_tests/test_handlers.py.
    - CVE-2025-13473
  * SECURITY UPDATE: Potential denial-of-service vulnerability via repeated
    headers when using ASGI
    - debian/patches/CVE-2025-14550.patch: optimize repeated header parsing
      in ASGI requests in django/core/handlers/asgi.py,
      tests/asgi/tests.py.
    - CVE-2025-14550
  * SECURITY UPDATE: Potential SQL injection via raster lookups on PostGIS
    - debian/patches/CVE-2026-1207.patch: prevent SQL injections in
      RasterField lookups via band index in
      django/contrib/gis/db/backends/postgis/operations.py,
      tests/gis_tests/rasterapp/test_rasterfield.py.
    - CVE-2026-1207
  * SECURITY UPDATE: Potential denial-of-service vulnerability in
    django.utils.text.Truncator HTML methods
    - debian/patches/CVE-2026-1285.patch: mitigate potential DoS in
      django.utils.text.Truncator for HTML input in django/utils/text.py,
      tests/utils_tests/test_text.py.
    - CVE-2026-1285
  * SECURITY UPDATE: Potential SQL injection in column aliases via control
    characters
    - debian/patches/CVE-2026-1287.patch: protect against SQL injection in
      column aliases via control characters in
      django/db/models/sql/query.py, tests/aggregation/tests.py,
      tests/annotations/tests.py, tests/queries/tests.py,
      tests/expressions/test_queryset_values.py.
    - CVE-2026-1287
  * SECURITY UPDATE: Potential SQL injection via QuerySet.order_by and
    FilteredRelation
    - debian/patches/CVE-2026-1312-1.patch: protect order_by() from SQL
      injection via aliases with periods in
      django/db/models/sql/compiler.py, tests/ordering/tests.py.
    - debian/patches/CVE-2026-1312-2.patch: raise ValueError when
      FilteredRelation aliases contain periods in
      django/db/models/sql/query.py, tests/filtered_relation/tests.py,
      tests/ordering/tests.py.
    - CVE-2026-1312

 -- Marc Deslauriers <email address hidden> Wed, 28 Jan 2026 08:02:13 -0500

 (See more...)
CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler
CVE-2025-14550 Potential denial-of-service vulnerability via repeated headers when using ASGI
CVE-2026-1207 Potential SQL injection via raster lookups on PostGIS
CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
CVE-2026-1287 Potential SQL injection in column aliases via control characters
More...

python-django Feb 3rd 18:07
Release: jammy Repo: main Level: security New version: 2:3.2.12-2ubuntu1.25
Packages in group:  python3-django python-django-doc

  python-django (2:3.2.12-2ubuntu1.25) jammy-security; urgency=medium

  * SECURITY UPDATE: Username enumeration through timing difference in
    mod_wsgi authentication handler
    - debian/patches/CVE-2025-13473.patch: standardize timing of
      check_password() in mod_wsgi auth handler in
      django/contrib/auth/handlers/modwsgi.py,
      tests/auth_tests/test_handlers.py.
    - CVE-2025-13473
  * SECURITY UPDATE: Potential denial-of-service vulnerability via repeated
    headers when using ASGI
    - debian/patches/CVE-2025-14550.patch: optimize repeated header parsing
      in ASGI requests in django/core/handlers/asgi.py,
      tests/asgi/tests.py.
    - CVE-2025-14550
  * SECURITY UPDATE: Potential SQL injection via raster lookups on PostGIS
    - debian/patches/CVE-2026-1207.patch: prevent SQL injections in
      RasterField lookups via band index in
      django/contrib/gis/db/backends/postgis/operations.py,
      tests/gis_tests/rasterapp/test_rasterfield.py.
    - CVE-2026-1207
  * SECURITY UPDATE: Potential denial-of-service vulnerability in
    django.utils.text.Truncator HTML methods
    - debian/patches/CVE-2026-1285.patch: mitigate potential DoS in
      django.utils.text.Truncator for HTML input in django/utils/text.py,
      tests/utils_tests/test_text.py.
    - CVE-2026-1285
  * SECURITY UPDATE: Potential SQL injection in column aliases via control
    characters
    - debian/patches/CVE-2026-1287.patch: protect against SQL injection in
      column aliases via control characters in
      django/db/models/sql/query.py, tests/aggregation/tests.py,
      tests/annotations/tests.py, tests/queries/tests.py,
      tests/expressions/test_queryset_values.py.
    - CVE-2026-1287

 -- Marc Deslauriers <email address hidden> Wed, 28 Jan 2026 08:16:57 -0500
CVE-2025-13473 Username enumeration through timing difference in mod_wsgi authentication handler
CVE-2025-14550 Potential denial-of-service vulnerability via repeated headers when using ASGI
CVE-2026-1207 Potential SQL injection via raster lookups on PostGIS
CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
CVE-2026-1287 Potential SQL injection in column aliases via control characters

glibc Feb 3rd 11:08
Release: questing Repo: universe Level: updates New version: 2.42-0ubuntu3.1
Packages in group:  glibc-source libc-devtools nscd

  glibc (2.42-0ubuntu3.1) questing-security; urgency=medium

  * SECURITY UPDATE: use-after-free in wordexp_t fields
    - debian/patches/CVE-2025-15281.patch: posix: Reset wordexp_t fields
      with WRDE_REUSE
    - CVE-2025-15281
  * SECURITY UPDATE: integer overflow in memalign
    - debian/patches/CVE-2026-0861.patch: memalign: reinstate alignment
      overflow check
    - CVE-2026-0861
  * SECURITY UPDATE: memory leak in NSS DNS
    - debian/patches/CVE-2026-0915.patch: resolv: Fix NSS DNS backend for
      getnetbyaddr
    - CVE-2026-0915

 -- Nishit Majithia <email address hidden> Fri, 30 Jan 2026 13:59:18 +0530
CVE-2025-15281 Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return un
CVE-2026-0861 Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42
CVE-2026-0915 Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-v

glibc Feb 3rd 11:08
Release: questing Repo: main Level: updates New version: 2.42-0ubuntu3.1
Packages in group:  glibc-doc libc6 libc6-dbg libc6-dev libc6-dev-i386 libc6-dev-x32 libc6-i386 libc6-x32 libc-bin libc-dev-bin locales (... see all)

  glibc (2.42-0ubuntu3.1) questing-security; urgency=medium

  * SECURITY UPDATE: use-after-free in wordexp_t fields
    - debian/patches/CVE-2025-15281.patch: posix: Reset wordexp_t fields
      with WRDE_REUSE
    - CVE-2025-15281
  * SECURITY UPDATE: integer overflow in memalign
    - debian/patches/CVE-2026-0861.patch: memalign: reinstate alignment
      overflow check
    - CVE-2026-0861
  * SECURITY UPDATE: memory leak in NSS DNS
    - debian/patches/CVE-2026-0915.patch: resolv: Fix NSS DNS backend for
      getnetbyaddr
    - CVE-2026-0915

 -- Nishit Majithia <email address hidden> Fri, 30 Jan 2026 13:59:18 +0530
CVE-2025-15281 Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return un
CVE-2026-0861 Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42
CVE-2026-0915 Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-v

dotnet10 Feb 3rd 11:08
Release: noble Repo: universe Level: proposed New version: 10.0.102-10.0.2-0ubuntu1~24.04.1
Packages in group:  aspnetcore-runtime-10.0 aspnetcore-runtime-dbg-10.0 aspnetcore-targeting-pack-10.0 dotnet-apphost-pack-10.0 dotnet-host-10.0 dotnet-hostfxr-10.0 dotnet-runtime-10.0 dotnet-runtime-dbg-10.0 dotnet-sdk-10.0 dotnet-sdk-10.0-source-built-artifacts dotnet-sdk-aot-10.0 (... see all)

  dotnet10 (10.0.102-10.0.2-0ubuntu1~24.04.1) noble; urgency=medium

  * New upstream release (LP: #2138378)
  * d/p/0007-fix-identitymodel-version.patch: dropped patch included upstream.
  * d/copyright: fix missing newline between entries.
  * d/rules: remove temporary --branding parameter in build script call.

 -- Mateus Rodrigues de Morais <email address hidden> Mon, 26 Jan 2026 10:27:55 -0300
2138378 New upstream microrelease .NET 10.0.102/10.0.2

glibc Feb 3rd 11:07
Release: noble Repo: universe Level: updates New version: 2.39-0ubuntu8.7
Packages in group:  glibc-source locales-all nscd

  glibc (2.39-0ubuntu8.7) noble-security; urgency=medium

  * SECURITY UPDATE: use-after-free in wordexp_t fields
    - debian/patches/CVE-2025-15281.patch: posix: Reset wordexp_t fields
      with WRDE_REUSE
    - CVE-2025-15281
  * SECURITY UPDATE: integer overflow in memalign
    - debian/patches/CVE-2026-0861.patch: memalign: reinstate alignment
      overflow check
    - CVE-2026-0861
  * SECURITY UPDATE: memory leak in NSS DNS
    - debian/patches/CVE-2026-0915.patch: resolv: Fix NSS DNS backend for
      getnetbyaddr
    - CVE-2026-0915

 -- Nishit Majithia <email address hidden> Fri, 30 Jan 2026 13:57:54 +0530
CVE-2025-15281 Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return un
CVE-2026-0861 Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42
CVE-2026-0915 Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-v

glibc Feb 3rd 11:07
Release: noble Repo: main Level: updates New version: 2.39-0ubuntu8.7
Packages in group:  glibc-doc libc6 libc6-dbg libc6-dev libc6-dev-i386 libc6-dev-x32 libc6-i386 libc6-x32 libc-bin libc-dev-bin libc-devtools (... see all)

  glibc (2.39-0ubuntu8.7) noble-security; urgency=medium

  * SECURITY UPDATE: use-after-free in wordexp_t fields
    - debian/patches/CVE-2025-15281.patch: posix: Reset wordexp_t fields
      with WRDE_REUSE
    - CVE-2025-15281
  * SECURITY UPDATE: integer overflow in memalign
    - debian/patches/CVE-2026-0861.patch: memalign: reinstate alignment
      overflow check
    - CVE-2026-0861
  * SECURITY UPDATE: memory leak in NSS DNS
    - debian/patches/CVE-2026-0915.patch: resolv: Fix NSS DNS backend for
      getnetbyaddr
    - CVE-2026-0915

 -- Nishit Majithia <email address hidden> Fri, 30 Jan 2026 13:57:54 +0530
CVE-2025-15281 Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return un
CVE-2026-0861 Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42
CVE-2026-0915 Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-v

glibc Feb 3rd 11:07
Release: jammy Repo: universe Level: updates New version: 2.35-0ubuntu3.13
Packages in group:  glibc-source locales-all nscd

  glibc (2.35-0ubuntu3.13) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free in wordexp_t fields
    - debian/patches/CVE-2025-15281.patch: posix: Reset wordexp_t fields
      with WRDE_REUSE
    - CVE-2025-15281
  * SECURITY UPDATE: integer overflow in memalign
    - debian/patches/CVE-2026-0861.patch: memalign: reinstate alignment
      overflow check
    - CVE-2026-0861
  * SECURITY UPDATE: memory leak in NSS DNS
    - debian/patches/CVE-2026-0915.patch: resolv: Fix NSS DNS backend for
      getnetbyaddr
    - CVE-2026-0915

 -- Nishit Majithia <email address hidden> Fri, 30 Jan 2026 13:50:56 +0530
CVE-2025-15281 Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return un
CVE-2026-0861 Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42
CVE-2026-0915 Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-v

freerdp2 Feb 3rd 11:07
Release: jammy Repo: universe Level: updates New version: 2.6.1+dfsg1-3ubuntu2.8
Packages in group:  freerdp2-shadow-x11 freerdp2-wayland freerdp2-x11

  freerdp2 (2.6.1+dfsg1-3ubuntu2.8) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2026-23530.patch: Fix decoder length checks
    - debian/patches/CVE-2026-23531-1.patch: Fix missing length checks
    - debian/patches/CVE-2026-23531-2.patch: check clear_decomress glyphData
    - debian/patches/CVE-2026-23532.patch: Properly clamp SurfaceToSurface
    - debian/patches/CVE-2026-23533.patch: Fix clear_resize_buffer checks
    - debian/patches/CVE-2026-23534.patch: Fix off by one length check
    - CVE-2026-23530
    - CVE-2026-23531
    - CVE-2026-23532
    - CVE-2026-23533
    - CVE-2026-23534

 -- Bruce Cable <email address hidden> Mon, 02 Feb 2026 13:27:19 +1100
CVE-2026-23530 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWi
CVE-2026-23531 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompre
CVE-2026-23532 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP c
CVE-2026-23533 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX Cle
CVE-2026-23534 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec

glibc Feb 3rd 11:07
Release: jammy Repo: main Level: updates New version: 2.35-0ubuntu3.13
Packages in group:  glibc-doc libc6 libc6-dbg libc6-dev libc6-dev-i386 libc6-dev-x32 libc6-i386 libc6-prof libc6-x32 libc-bin libc-dev-bin (... see all)

  glibc (2.35-0ubuntu3.13) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free in wordexp_t fields
    - debian/patches/CVE-2025-15281.patch: posix: Reset wordexp_t fields
      with WRDE_REUSE
    - CVE-2025-15281
  * SECURITY UPDATE: integer overflow in memalign
    - debian/patches/CVE-2026-0861.patch: memalign: reinstate alignment
      overflow check
    - CVE-2026-0861
  * SECURITY UPDATE: memory leak in NSS DNS
    - debian/patches/CVE-2026-0915.patch: resolv: Fix NSS DNS backend for
      getnetbyaddr
    - CVE-2026-0915

 -- Nishit Majithia <email address hidden> Fri, 30 Jan 2026 13:50:56 +0530
CVE-2025-15281 Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return un
CVE-2026-0861 Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42
CVE-2026-0915 Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-v

freerdp2 Feb 3rd 11:07
Release: jammy Repo: main Level: updates New version: 2.6.1+dfsg1-3ubuntu2.8
Packages in group:  freerdp2-dev libfreerdp2-2 libfreerdp-client2-2 libfreerdp-server2-2 libfreerdp-shadow2-2 libfreerdp-shadow-subsystem2-2 libuwac0-0 libuwac0-dev libwinpr2-2 libwinpr2-dev libwinpr-tools2-2 (... see all)

  freerdp2 (2.6.1+dfsg1-3ubuntu2.8) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2026-23530.patch: Fix decoder length checks
    - debian/patches/CVE-2026-23531-1.patch: Fix missing length checks
    - debian/patches/CVE-2026-23531-2.patch: check clear_decomress glyphData
    - debian/patches/CVE-2026-23532.patch: Properly clamp SurfaceToSurface
    - debian/patches/CVE-2026-23533.patch: Fix clear_resize_buffer checks
    - debian/patches/CVE-2026-23534.patch: Fix off by one length check
    - CVE-2026-23530
    - CVE-2026-23531
    - CVE-2026-23532
    - CVE-2026-23533
    - CVE-2026-23534

 -- Bruce Cable <email address hidden> Mon, 02 Feb 2026 13:27:19 +1100
CVE-2026-23530 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWi
CVE-2026-23531 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompre
CVE-2026-23532 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP c
CVE-2026-23533 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX Cle
CVE-2026-23534 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec


About   -   Send Feedback to @ubuntu_updates