{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "libnetplan0", "libssl3", "netplan.io", "openssh-client", "openssh-server", "openssh-sftp-server", "openssl", "ubuntu-advantage-tools", "ubuntu-pro-client", "ubuntu-pro-client-l10n" ] } }, "diff": { "deb": [ { "name": "libnetplan0", "from_version": { "source_package_name": "netplan.io", "source_package_version": "0.106.1-7ubuntu0.22.04.3", "version": "0.106.1-7ubuntu0.22.04.3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.106.1-7ubuntu0.22.04.4", "version": "0.106.1-7ubuntu0.22.04.4" }, "cves": [], "launchpad_bugs_fixed": [ 2071333 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: failure on systems without dbus", " - debian/netplan.io.postinst: Don't call the generator if no networkd", " configuration file exists. (LP: #2071333) ", "" ], "package": "netplan.io", "version": "0.106.1-7ubuntu0.22.04.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2071333 ], "author": "Sudhakar Verma ", "date": "Fri, 28 Jun 2024 22:42:13 +0530" } ], "notes": null }, { "name": "libssl3", "from_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.15", "version": "3.0.2-0ubuntu1.15" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.16", "version": "3.0.2-0ubuntu1.16" }, "cves": [ { "cve": "CVE-2022-40735", "url": "https://ubuntu.com/security/CVE-2022-40735", "cve_description": "The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that \"(appropriately) short exponents\" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together.", "cve_priority": "medium", "cve_public_date": "2022-11-14 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2022-40735", "url": "https://ubuntu.com/security/CVE-2022-40735", "cve_description": "The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that \"(appropriately) short exponents\" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together.", "cve_priority": "medium", "cve_public_date": "2022-11-14 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Excessive time spent in DH modular-exponentiation", " calcuations when using long exponents.", " - debian/patches/CVE-2022-40735-1.patch: Use the minimum key length", " for known safe primes as per RFC 7919 in crypto/dh/dh_group_params.c,", " crypto/ffc/ffc_backend.c, crypto/ffc/ffc_dh.c,", " crypto/ffc/ffc_key_generate.c, include/internal/ffc.h and", " test/ffc_internal_test.c", " - debian/patches/CVE-2022-40735-2.patch: print DH key length in", " providers/implementations/encode_decode/encode_key2text.c,", " test/recipes/30-test_evp_pkey_provided/DH.priv.txt and", " test/recipes/30-test_evp_pkey_provided/DH.pub.txt", " - debian/patches/CVE-2022-40735-3.patch: test that short private keys", " are generated when using a known safe DH prime in", " test/evp_extra_test2.c", " - debian/patches/CVE-2022-40735-4.patch: copy keylength when copying", " FFC parameters in crypto/ffc/ffc_params.c and test/ffc_internal_test.c", " - CVE-2022-40735", "" ], "package": "openssl", "version": "3.0.2-0ubuntu1.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Alex Murray ", "date": "Wed, 05 Jun 2024 12:58:14 +0930" } ], "notes": null }, { "name": "netplan.io", "from_version": { "source_package_name": "netplan.io", "source_package_version": "0.106.1-7ubuntu0.22.04.3", "version": "0.106.1-7ubuntu0.22.04.3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.106.1-7ubuntu0.22.04.4", "version": "0.106.1-7ubuntu0.22.04.4" }, "cves": [], "launchpad_bugs_fixed": [ 2071333 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: failure on systems without dbus", " - debian/netplan.io.postinst: Don't call the generator if no networkd", " configuration file exists. (LP: #2071333) ", "" ], "package": "netplan.io", "version": "0.106.1-7ubuntu0.22.04.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2071333 ], "author": "Sudhakar Verma ", "date": "Fri, 28 Jun 2024 22:42:13 +0530" } ], "notes": null }, { "name": "openssh-client", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.7", "version": "1:8.9p1-3ubuntu0.7" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.10", "version": "1:8.9p1-3ubuntu0.10" }, "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "Race condition in SIGALRM handling code", "cve_priority": "high", "cve_public_date": "2024-07-01" } ], "launchpad_bugs_fixed": [ 2070497 ], "changes": [ { "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "Race condition in SIGALRM handling code", "cve_priority": "high", "cve_public_date": "2024-07-01" } ], "log": [ "", " * SECURITY UPDATE: remote code execution via signal handler race", " condition (LP: #2070497)", " - debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.", " - CVE-2024-6387", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.10", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2070497 ], "author": "Marc Deslauriers ", "date": "Wed, 26 Jun 2024 09:11:55 -0400" } ], "notes": null }, { "name": "openssh-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.7", "version": "1:8.9p1-3ubuntu0.7" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.10", "version": "1:8.9p1-3ubuntu0.10" }, "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "Race condition in SIGALRM handling code", "cve_priority": "high", "cve_public_date": "2024-07-01" } ], "launchpad_bugs_fixed": [ 2070497 ], "changes": [ { "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "Race condition in SIGALRM handling code", "cve_priority": "high", "cve_public_date": "2024-07-01" } ], "log": [ "", " * SECURITY UPDATE: remote code execution via signal handler race", " condition (LP: #2070497)", " - debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.", " - CVE-2024-6387", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.10", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2070497 ], "author": "Marc Deslauriers ", "date": "Wed, 26 Jun 2024 09:11:55 -0400" } ], "notes": null }, { "name": "openssh-sftp-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.7", "version": "1:8.9p1-3ubuntu0.7" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.10", "version": "1:8.9p1-3ubuntu0.10" }, "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "Race condition in SIGALRM handling code", "cve_priority": "high", "cve_public_date": "2024-07-01" } ], "launchpad_bugs_fixed": [ 2070497 ], "changes": [ { "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "Race condition in SIGALRM handling code", "cve_priority": "high", "cve_public_date": "2024-07-01" } ], "log": [ "", " * SECURITY UPDATE: remote code execution via signal handler race", " condition (LP: #2070497)", " - debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.", " - CVE-2024-6387", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.10", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2070497 ], "author": "Marc Deslauriers ", "date": "Wed, 26 Jun 2024 09:11:55 -0400" } ], "notes": null }, { "name": "openssl", "from_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.15", "version": "3.0.2-0ubuntu1.15" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.16", "version": "3.0.2-0ubuntu1.16" }, "cves": [ { "cve": "CVE-2022-40735", "url": "https://ubuntu.com/security/CVE-2022-40735", "cve_description": "The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that \"(appropriately) short exponents\" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together.", "cve_priority": "medium", "cve_public_date": "2022-11-14 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2022-40735", "url": "https://ubuntu.com/security/CVE-2022-40735", "cve_description": "The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that \"(appropriately) short exponents\" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together.", "cve_priority": "medium", "cve_public_date": "2022-11-14 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Excessive time spent in DH modular-exponentiation", " calcuations when using long exponents.", " - debian/patches/CVE-2022-40735-1.patch: Use the minimum key length", " for known safe primes as per RFC 7919 in crypto/dh/dh_group_params.c,", " crypto/ffc/ffc_backend.c, crypto/ffc/ffc_dh.c,", " crypto/ffc/ffc_key_generate.c, include/internal/ffc.h and", " test/ffc_internal_test.c", " - debian/patches/CVE-2022-40735-2.patch: print DH key length in", " providers/implementations/encode_decode/encode_key2text.c,", " test/recipes/30-test_evp_pkey_provided/DH.priv.txt and", " test/recipes/30-test_evp_pkey_provided/DH.pub.txt", " - debian/patches/CVE-2022-40735-3.patch: test that short private keys", " are generated when using a known safe DH prime in", " test/evp_extra_test2.c", " - debian/patches/CVE-2022-40735-4.patch: copy keylength when copying", " FFC parameters in crypto/ffc/ffc_params.c and test/ffc_internal_test.c", " - CVE-2022-40735", "" ], "package": "openssl", "version": "3.0.2-0ubuntu1.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Alex Murray ", "date": "Wed, 05 Jun 2024 12:58:14 +0930" } ], "notes": null }, { "name": "ubuntu-advantage-tools", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3~22.04", "version": "32.3~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3.1~22.04", "version": "32.3.1~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2067810 ], "changes": [ { "cves": [], "log": [ "", " * Adjust the esm_cache apparmor profile to allow reading of dpkg data", " directory (LP: #2067810):", " - d/apparmor/ubuntu_pro_esm_cache.jinja2: allow /var/lib/dpkg/** for dpkg", " and other profiles", " - features/steps/machines.py: trigger the bug in the behave test suite,", " which tests the fix", " * version.py: update version to 32.3.1", "" ], "package": "ubuntu-advantage-tools", "version": "32.3.1~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2067810 ], "author": "Andreas Hasenack ", "date": "Fri, 07 Jun 2024 14:52:55 -0300" } ], "notes": null }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3~22.04", "version": "32.3~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3.1~22.04", "version": "32.3.1~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2067810 ], "changes": [ { "cves": [], "log": [ "", " * Adjust the esm_cache apparmor profile to allow reading of dpkg data", " directory (LP: #2067810):", " - d/apparmor/ubuntu_pro_esm_cache.jinja2: allow /var/lib/dpkg/** for dpkg", " and other profiles", " - features/steps/machines.py: trigger the bug in the behave test suite,", " which tests the fix", " * version.py: update version to 32.3.1", "" ], "package": "ubuntu-advantage-tools", "version": "32.3.1~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2067810 ], "author": "Andreas Hasenack ", "date": "Fri, 07 Jun 2024 14:52:55 -0300" } ], "notes": null }, { "name": "ubuntu-pro-client-l10n", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3~22.04", "version": "32.3~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3.1~22.04", "version": "32.3.1~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2067810 ], "changes": [ { "cves": [], "log": [ "", " * Adjust the esm_cache apparmor profile to allow reading of dpkg data", " directory (LP: #2067810):", " - d/apparmor/ubuntu_pro_esm_cache.jinja2: allow /var/lib/dpkg/** for dpkg", " and other profiles", " - features/steps/machines.py: trigger the bug in the behave test suite,", " which tests the fix", " * version.py: update version to 32.3.1", "" ], "package": "ubuntu-advantage-tools", "version": "32.3.1~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2067810 ], "author": "Andreas Hasenack ", "date": "Fri, 07 Jun 2024 14:52:55 -0300" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20240627 to 20240701", "from_series": "jammy", "to_series": "jammy", "from_serial": "20240627", "to_serial": "20240701", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }