[Bug 2147598] Re: Jammy update: v5.15.200 upstream stable release

Thu, 25 Jun 2026 15:41:27 -0700 

This bug was fixed in the package linux - 5.15.0-185.195

---------------
linux (5.15.0-185.195) jammy; urgency=medium

  * jammy/linux: 5.15.0-185.195 -proposed tracker (LP: #2157253)

  * Packaging resync (LP: #1786013)
    - [Packaging] update annotations scripts
    - [Packaging] resync retpoline extraction

  * CVE-2026-45988
    - rxrpc: Fix re-decryption of RESPONSE packets

  * CVE-2026-46195
    - smb: client: validate dacloffset before building DACL pointers

  * CVE-2026-46135
    - nvmet-tcp: fix race between ICReq handling and queue teardown

  * CVE-2026-31402
    - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache

  * CVE-2026-43071
    - dcache: Limit the minimal number of bucket to two

  * CVE-2026-46119
    - libceph: Fix slab-out-of-bounds access in auth message processing

  * CVE-2026-43501
    - ipv6: rpl: reserve mac_len headroom when recompressed SRH grows

  * CVE-2026-46043
    - RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv

  * CVE-2026-43493
    - crypto: pcrypt - Fix handling of MAY_BACKLOG requests

  * CVE-2026-31637
    - rxrpc: reject undecryptable rxkad response tickets

  * CVE-2026-31657
    - batman-adv: hold claim backbone gateways by reference

  * CVE-2026-31685
    - netfilter: ip6t_eui64: reject invalid MAC header for all packets

  * CVE-2026-43117
    - btrfs: tracepoints: get correct superblock from dentry in event
      btrfs_sync_file()

  * CVE-2026-43114
    - netfilter: nft_set_pipapo_avx2: don't return non-matching entry on
      expiry

  * CVE-2026-31478
    - ksmbd: replace hardcoded hdr2_len with offsetof() in
      smb2_calc_max_out_buf_len()

  * CVE-2026-31668
    - seg6: separate dst_cache for input and output paths in seg6 lwtunnel

  * CVE-2026-31659
    - batman-adv: reject oversized global TT response buffers

  * CVE-2026-31649
    - net: stmmac: fix integer underflow in chain mode

  * CVE-2026-31669
    - mptcp: fix slab-use-after-free in __inet_lookup_established

  * CVE-2026-43011
    - net/x25: Fix potential double free of skb

  * CVE-2026-43037
    - ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

  * CVE-2026-43038
    - ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()

  * CVE-2026-31682
    - bridge: br_nd_send: linearize skb before parsing ND options

  * CVE-2026-23450
    - net/smc: Only save the original clcsock callback functions
    - net/smc: Fix slab-out-of-bounds issue in fallback
    - net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()

  * CVE-2026-23428
    - ksmbd: fix use-after-free of share_conf in compound request

  * CVE-2026-23455
    - netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()

  * CVE-2026-43186
    - ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data()

  * CVE-2026-43185
    - ksmbd: fix signededness bug in smb_direct_prepare_negotiation()

  * CVE-2026-43341
    - net/ipv6: ioam6: prevent schema length wraparound in trace fill

  * CVE-2026-31607
    - usbip: validate number_of_packets in usbip_pack_ret_submit()

  * CVE-2026-43383
    - net/tcp-md5: Fix MAC comparison to be constant-time

  * CVE-2025-68263
    - ksmbd: ipc: fix use-after-free in ipc_msg_send_request

  * CVE-2026-46243
    - smb: client: reject userspace cifs.spnego descriptions

  * CVE-2026-43414
    - scsi: qla2xxx: Completely fix fcport double free

  * CVE-2026-43407
    - libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()

  * CVE-2026-43406
    - libceph: prevent potential out-of-bounds reads in
      process_message_header()

  * CVE-2026-43304
    - libceph: define and enforce CEPH_MAX_KEY_LEN

  * CVE-2025-37924
    - ksmbd: fix use-after-free in kerberos authentication

  * CVE-2025-37778
    - ksmbd: Fix dangling pointer in krb_authenticate

 -- Manuel Diewald <[email protected]>  Fri, 19 Jun 2026
17:54:32 +0200

** Changed in: linux (Ubuntu Jammy)
       Status: In Progress => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2025-37778

** CVE added: https://cve.org/CVERecord?id=CVE-2025-37924

** CVE added: https://cve.org/CVERecord?id=CVE-2025-68263

** CVE added: https://cve.org/CVERecord?id=CVE-2026-23428

** CVE added: https://cve.org/CVERecord?id=CVE-2026-23450

** CVE added: https://cve.org/CVERecord?id=CVE-2026-23455

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31402

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31478

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31607

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31637

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31649

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31657

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31659

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31668

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31669

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31682

** CVE added: https://cve.org/CVERecord?id=CVE-2026-31685

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43011

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43037

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43038

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43071

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43114

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43117

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43185

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43186

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43304

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43341

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43383

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43406

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43407

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43414

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43493

** CVE added: https://cve.org/CVERecord?id=CVE-2026-43501

** CVE added: https://cve.org/CVERecord?id=CVE-2026-45988

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46043

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46119

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46135

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46195

** CVE added: https://cve.org/CVERecord?id=CVE-2026-46243

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2147598

Title:
  Jammy update: v5.15.200 upstream stable release

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2147598/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to