{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-5.15.0-117", "linux-headers-5.15.0-117-generic", "linux-image-5.15.0-117-generic", "linux-modules-5.15.0-117-generic" ], "removed": [ "linux-headers-5.15.0-116", "linux-headers-5.15.0-116-generic", "linux-image-5.15.0-116-generic", "linux-modules-5.15.0-116-generic" ], "diff": [ "libldap-2.5-0:s390x", "libldap-common", "linux-headers-generic", "linux-headers-virtual", "linux-image-virtual", "linux-virtual" ] } }, "diff": { "deb": [ { "name": "libldap-2.5-0:s390x", "from_version": { "source_package_name": "openldap", "source_package_version": "2.5.18+dfsg-0ubuntu0.22.04.1", "version": "2.5.18+dfsg-0ubuntu0.22.04.1" }, "to_version": { "source_package_name": "openldap", "source_package_version": "2.5.18+dfsg-0ubuntu0.22.04.2", "version": "2.5.18+dfsg-0ubuntu0.22.04.2" }, "cves": [], "launchpad_bugs_fixed": [ 2072976 ], "changes": [ { "cves": [], "log": [ "", " * d/p/remove-extraneous-quote-configure-ac.patch: Remove extraneous", " quote from configure.ac, fixing loading of back_perl. (LP: #2072976)", "" ], "package": "openldap", "version": "2.5.18+dfsg-0ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2072976 ], "author": "Sergio Durigan Junior ", "date": "Fri, 12 Jul 2024 17:51:23 -0400" } ], "notes": null }, { "name": "libldap-common", "from_version": { "source_package_name": "openldap", "source_package_version": "2.5.18+dfsg-0ubuntu0.22.04.1", "version": "2.5.18+dfsg-0ubuntu0.22.04.1" }, "to_version": { "source_package_name": "openldap", "source_package_version": "2.5.18+dfsg-0ubuntu0.22.04.2", "version": "2.5.18+dfsg-0ubuntu0.22.04.2" }, "cves": [], "launchpad_bugs_fixed": [ 2072976 ], "changes": [ { "cves": [], "log": [ "", " * d/p/remove-extraneous-quote-configure-ac.patch: Remove extraneous", " quote from configure.ac, fixing loading of back_perl. (LP: #2072976)", "" ], "package": "openldap", "version": "2.5.18+dfsg-0ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2072976 ], "author": "Sergio Durigan Junior ", "date": "Fri, 12 Jul 2024 17:51:23 -0400" } ], "notes": null }, { "name": "linux-headers-generic", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.116.116", "version": "5.15.0.116.116" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.117.117", "version": "5.15.0.117.117" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-117", "" ], "package": "linux-meta", "version": "5.15.0.117.117", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 05 Jul 2024 17:32:34 +0200" } ], "notes": null }, { "name": "linux-headers-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.116.116", "version": "5.15.0.116.116" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.117.117", "version": "5.15.0.117.117" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-117", "" ], "package": "linux-meta", "version": "5.15.0.117.117", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 05 Jul 2024 17:32:34 +0200" } ], "notes": null }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.116.116", "version": "5.15.0.116.116" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.117.117", "version": "5.15.0.117.117" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-117", "" ], "package": "linux-meta", "version": "5.15.0.117.117", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 05 Jul 2024 17:32:34 +0200" } ], "notes": null }, { "name": "linux-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.116.116", "version": "5.15.0.116.116" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.117.117", "version": "5.15.0.117.117" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-117", "" ], "package": "linux-meta", "version": "5.15.0.117.117", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 05 Jul 2024 17:32:34 +0200" } ], "notes": null } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-5.15.0-117", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-116.126", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.15.0-117.127", "version": "5.15.0-117.127" }, "cves": [ { "cve": "CVE-2024-27017", "url": "https://ubuntu.com/security/CVE-2024-27017", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26952", "url": "https://ubuntu.com/security/CVE-2024-26952", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26886", "url": "https://ubuntu.com/security/CVE-2024-26886", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may cause a deadlock as shown bellow, so instead of using sock_sock this uses sk_receive_queue.lock on bt_sock_ioctl to avoid the UAF: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 Workqueue: hci0 hci_rx_work Call Trace: __schedule+0x37d/0xa00 schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270 ? finish_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 process_one_work+0x13a/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 ", "cve_priority": "medium", "cve_public_date": "2024-04-17 11:15:00 UTC" }, { "cve": "CVE-2023-52752", "url": "https://ubuntu.com/security/CVE-2023-52752", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381", "cve_priority": "medium", "cve_public_date": "2024-05-21 16:15:00 UTC" }, { "cve": "CVE-2024-25742", "url": "https://ubuntu.com/security/CVE-2024-25742", "cve_description": "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.", "cve_priority": "medium", "cve_public_date": "2024-05-17 22:15:00 UTC" }, { "cve": "CVE-2024-36016", "url": "https://ubuntu.com/security/CVE-2024-36016", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size.", "cve_priority": "high", "cve_public_date": "2024-05-29 19:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2072059 ], "changes": [ { "cves": [ { "cve": "CVE-2024-27017", "url": "https://ubuntu.com/security/CVE-2024-27017", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26952", "url": "https://ubuntu.com/security/CVE-2024-26952", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26886", "url": "https://ubuntu.com/security/CVE-2024-26886", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may cause a deadlock as shown bellow, so instead of using sock_sock this uses sk_receive_queue.lock on bt_sock_ioctl to avoid the UAF: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 Workqueue: hci0 hci_rx_work Call Trace: __schedule+0x37d/0xa00 schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270 ? finish_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 process_one_work+0x13a/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 ", "cve_priority": "medium", "cve_public_date": "2024-04-17 11:15:00 UTC" }, { "cve": "CVE-2023-52752", "url": "https://ubuntu.com/security/CVE-2023-52752", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381", "cve_priority": "medium", "cve_public_date": "2024-05-21 16:15:00 UTC" }, { "cve": "CVE-2024-25742", "url": "https://ubuntu.com/security/CVE-2024-25742", "cve_description": "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.", "cve_priority": "medium", "cve_public_date": "2024-05-17 22:15:00 UTC" }, { "cve": "CVE-2024-36016", "url": "https://ubuntu.com/security/CVE-2024-36016", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size.", "cve_priority": "high", "cve_public_date": "2024-05-29 19:15:00 UTC" } ], "log": [ "", " * jammy/linux: 5.15.0-117.127 -proposed tracker (LP: #2072059)", "", " * CVE-2024-27017", " - netfilter: nft_set_pipapo: constify lookup fn args where possible", " - netfilter: nft_set_pipapo: walk over current view on netlink dump", " - netfilter: nf_tables: missing iterator type in lookup walk", "", " * CVE-2024-26952", " - ksmbd: fix potencial out-of-bounds when buffer offset is invalid", "", " * CVE-2024-26886", " - Bluetooth: af_bluetooth: Fix deadlock", "", " * CVE-2023-52752", " - smb: client: fix use-after-free bug in cifs_debug_data_proc_show()", "", " * CVE-2024-25742", " - x86/sev: Harden #VC instruction emulation somewhat", " - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler", "", " * CVE-2024-36016", " - tty: n_gsm: fix possible out-of-bounds in gsm0_receive()", "" ], "package": "linux", "version": "5.15.0-117.127", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2072059 ], "author": "Manuel Diewald ", "date": "Fri, 05 Jul 2024 17:04:46 +0200" } ], "notes": "linux-headers-5.15.0-117 version '5.15.0-117.127' (source package linux version '5.15.0-117.127') was added. linux-headers-5.15.0-117 version '5.15.0-117.127' has the same source package name, linux, as removed package linux-headers-5.15.0-116. As such we can use the source package version of the removed package, '5.15.0-116.126', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-headers-5.15.0-117-generic", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-116.126", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.15.0-117.127", "version": "5.15.0-117.127" }, "cves": [ { "cve": "CVE-2024-27017", "url": "https://ubuntu.com/security/CVE-2024-27017", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26952", "url": "https://ubuntu.com/security/CVE-2024-26952", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26886", "url": "https://ubuntu.com/security/CVE-2024-26886", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may cause a deadlock as shown bellow, so instead of using sock_sock this uses sk_receive_queue.lock on bt_sock_ioctl to avoid the UAF: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 Workqueue: hci0 hci_rx_work Call Trace: __schedule+0x37d/0xa00 schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270 ? finish_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 process_one_work+0x13a/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 ", "cve_priority": "medium", "cve_public_date": "2024-04-17 11:15:00 UTC" }, { "cve": "CVE-2023-52752", "url": "https://ubuntu.com/security/CVE-2023-52752", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381", "cve_priority": "medium", "cve_public_date": "2024-05-21 16:15:00 UTC" }, { "cve": "CVE-2024-25742", "url": "https://ubuntu.com/security/CVE-2024-25742", "cve_description": "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.", "cve_priority": "medium", "cve_public_date": "2024-05-17 22:15:00 UTC" }, { "cve": "CVE-2024-36016", "url": "https://ubuntu.com/security/CVE-2024-36016", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size.", "cve_priority": "high", "cve_public_date": "2024-05-29 19:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2072059 ], "changes": [ { "cves": [ { "cve": "CVE-2024-27017", "url": "https://ubuntu.com/security/CVE-2024-27017", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26952", "url": "https://ubuntu.com/security/CVE-2024-26952", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26886", "url": "https://ubuntu.com/security/CVE-2024-26886", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may cause a deadlock as shown bellow, so instead of using sock_sock this uses sk_receive_queue.lock on bt_sock_ioctl to avoid the UAF: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 Workqueue: hci0 hci_rx_work Call Trace: __schedule+0x37d/0xa00 schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270 ? finish_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 process_one_work+0x13a/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 ", "cve_priority": "medium", "cve_public_date": "2024-04-17 11:15:00 UTC" }, { "cve": "CVE-2023-52752", "url": "https://ubuntu.com/security/CVE-2023-52752", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381", "cve_priority": "medium", "cve_public_date": "2024-05-21 16:15:00 UTC" }, { "cve": "CVE-2024-25742", "url": "https://ubuntu.com/security/CVE-2024-25742", "cve_description": "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.", "cve_priority": "medium", "cve_public_date": "2024-05-17 22:15:00 UTC" }, { "cve": "CVE-2024-36016", "url": "https://ubuntu.com/security/CVE-2024-36016", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size.", "cve_priority": "high", "cve_public_date": "2024-05-29 19:15:00 UTC" } ], "log": [ "", " * jammy/linux: 5.15.0-117.127 -proposed tracker (LP: #2072059)", "", " * CVE-2024-27017", " - netfilter: nft_set_pipapo: constify lookup fn args where possible", " - netfilter: nft_set_pipapo: walk over current view on netlink dump", " - netfilter: nf_tables: missing iterator type in lookup walk", "", " * CVE-2024-26952", " - ksmbd: fix potencial out-of-bounds when buffer offset is invalid", "", " * CVE-2024-26886", " - Bluetooth: af_bluetooth: Fix deadlock", "", " * CVE-2023-52752", " - smb: client: fix use-after-free bug in cifs_debug_data_proc_show()", "", " * CVE-2024-25742", " - x86/sev: Harden #VC instruction emulation somewhat", " - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler", "", " * CVE-2024-36016", " - tty: n_gsm: fix possible out-of-bounds in gsm0_receive()", "" ], "package": "linux", "version": "5.15.0-117.127", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2072059 ], "author": "Manuel Diewald ", "date": "Fri, 05 Jul 2024 17:04:46 +0200" } ], "notes": "linux-headers-5.15.0-117-generic version '5.15.0-117.127' (source package linux version '5.15.0-117.127') was added. linux-headers-5.15.0-117-generic version '5.15.0-117.127' has the same source package name, linux, as removed package linux-headers-5.15.0-116. As such we can use the source package version of the removed package, '5.15.0-116.126', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-image-5.15.0-117-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "5.15.0-116.126", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "5.15.0-117.127", "version": "5.15.0-117.127" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 5.15.0-117.127", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "5.15.0-117.127", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 05 Jul 2024 17:32:49 +0200" } ], "notes": "linux-image-5.15.0-117-generic version '5.15.0-117.127' (source package linux-signed version '5.15.0-117.127') was added. linux-image-5.15.0-117-generic version '5.15.0-117.127' has the same source package name, linux-signed, as removed package linux-image-5.15.0-116-generic. As such we can use the source package version of the removed package, '5.15.0-116.126', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-modules-5.15.0-117-generic", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-116.126", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.15.0-117.127", "version": "5.15.0-117.127" }, "cves": [ { "cve": "CVE-2024-27017", "url": "https://ubuntu.com/security/CVE-2024-27017", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26952", "url": "https://ubuntu.com/security/CVE-2024-26952", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26886", "url": "https://ubuntu.com/security/CVE-2024-26886", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may cause a deadlock as shown bellow, so instead of using sock_sock this uses sk_receive_queue.lock on bt_sock_ioctl to avoid the UAF: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 Workqueue: hci0 hci_rx_work Call Trace: __schedule+0x37d/0xa00 schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270 ? finish_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 process_one_work+0x13a/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 ", "cve_priority": "medium", "cve_public_date": "2024-04-17 11:15:00 UTC" }, { "cve": "CVE-2023-52752", "url": "https://ubuntu.com/security/CVE-2023-52752", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381", "cve_priority": "medium", "cve_public_date": "2024-05-21 16:15:00 UTC" }, { "cve": "CVE-2024-25742", "url": "https://ubuntu.com/security/CVE-2024-25742", "cve_description": "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.", "cve_priority": "medium", "cve_public_date": "2024-05-17 22:15:00 UTC" }, { "cve": "CVE-2024-36016", "url": "https://ubuntu.com/security/CVE-2024-36016", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size.", "cve_priority": "high", "cve_public_date": "2024-05-29 19:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2072059 ], "changes": [ { "cves": [ { "cve": "CVE-2024-27017", "url": "https://ubuntu.com/security/CVE-2024-27017", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26952", "url": "https://ubuntu.com/security/CVE-2024-26952", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length.", "cve_priority": "medium", "cve_public_date": "2024-05-01 06:15:00 UTC" }, { "cve": "CVE-2024-26886", "url": "https://ubuntu.com/security/CVE-2024-26886", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may cause a deadlock as shown bellow, so instead of using sock_sock this uses sk_receive_queue.lock on bt_sock_ioctl to avoid the UAF: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 Workqueue: hci0 hci_rx_work Call Trace: __schedule+0x37d/0xa00 schedule+0x32/0xe0 __lock_sock+0x68/0xa0 ? __pfx_autoremove_wake_function+0x10/0x10 lock_sock_nested+0x43/0x50 l2cap_sock_recv_cb+0x21/0xa0 l2cap_recv_frame+0x55b/0x30a0 ? psi_task_switch+0xeb/0x270 ? finish_task_switch.isra.0+0x93/0x2a0 hci_rx_work+0x33a/0x3f0 process_one_work+0x13a/0x2f0 worker_thread+0x2f0/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe0/0x110 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2c/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 ", "cve_priority": "medium", "cve_public_date": "2024-04-17 11:15:00 UTC" }, { "cve": "CVE-2023-52752", "url": "https://ubuntu.com/security/CVE-2023-52752", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381", "cve_priority": "medium", "cve_public_date": "2024-05-21 16:15:00 UTC" }, { "cve": "CVE-2024-25742", "url": "https://ubuntu.com/security/CVE-2024-25742", "cve_description": "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.", "cve_priority": "medium", "cve_public_date": "2024-05-17 22:15:00 UTC" }, { "cve": "CVE-2024-36016", "url": "https://ubuntu.com/security/CVE-2024-36016", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes past gsm->buf Reason: Neither gsm->state nor gsm->len have been reset after reconfiguration. Fix this by changing gsm->count to gsm->len comparison from equal to less than. Also add upper limit checks against the constant MAX_MRU in gsm0_receive() and gsm1_receive() to harden against memory corruption of gsm->len and gsm->mru. All other checks remain as we still need to limit the data according to the user configuration and actual payload size.", "cve_priority": "high", "cve_public_date": "2024-05-29 19:15:00 UTC" } ], "log": [ "", " * jammy/linux: 5.15.0-117.127 -proposed tracker (LP: #2072059)", "", " * CVE-2024-27017", " - netfilter: nft_set_pipapo: constify lookup fn args where possible", " - netfilter: nft_set_pipapo: walk over current view on netlink dump", " - netfilter: nf_tables: missing iterator type in lookup walk", "", " * CVE-2024-26952", " - ksmbd: fix potencial out-of-bounds when buffer offset is invalid", "", " * CVE-2024-26886", " - Bluetooth: af_bluetooth: Fix deadlock", "", " * CVE-2023-52752", " - smb: client: fix use-after-free bug in cifs_debug_data_proc_show()", "", " * CVE-2024-25742", " - x86/sev: Harden #VC instruction emulation somewhat", " - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler", "", " * CVE-2024-36016", " - tty: n_gsm: fix possible out-of-bounds in gsm0_receive()", "" ], "package": "linux", "version": "5.15.0-117.127", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2072059 ], "author": "Manuel Diewald ", "date": "Fri, 05 Jul 2024 17:04:46 +0200" } ], "notes": "linux-modules-5.15.0-117-generic version '5.15.0-117.127' (source package linux version '5.15.0-117.127') was added. linux-modules-5.15.0-117-generic version '5.15.0-117.127' has the same source package name, linux, as removed package linux-headers-5.15.0-116. As such we can use the source package version of the removed package, '5.15.0-116.126', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-5.15.0-116", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-116.126", "version": "5.15.0-116.126" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-headers-5.15.0-116-generic", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-116.126", "version": "5.15.0-116.126" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-image-5.15.0-116-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "5.15.0-116.126", "version": "5.15.0-116.126" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-modules-5.15.0-116-generic", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-116.126", "version": "5.15.0-116.126" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20240724 to 20240726", "from_series": "jammy", "to_series": "jammy", "from_serial": "20240724", "to_serial": "20240726", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }