{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "libgssapi-krb5-2:riscv64", "libk5crypto3:riscv64", "libkrb5-3:riscv64", "libkrb5support0:riscv64" ] } }, "diff": { "deb": [ { "name": "libgssapi-krb5-2:riscv64", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.3", "version": "1.19.2-2ubuntu0.3" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.4", "version": "1.19.2-2ubuntu0.4" }, "cves": [ { "cve": "CVE-2024-37370", "url": "https://ubuntu.com/security/CVE-2024-37370", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "cve_priority": "medium", "cve_public_date": "2024-06-28 22:15:00 UTC" }, { "cve": "CVE-2024-37371", "url": "https://ubuntu.com/security/CVE-2024-37371", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "cve_priority": "medium", "cve_public_date": "2024-06-28 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-37370", "url": "https://ubuntu.com/security/CVE-2024-37370", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "cve_priority": "medium", "cve_public_date": "2024-06-28 22:15:00 UTC" }, { "cve": "CVE-2024-37371", "url": "https://ubuntu.com/security/CVE-2024-37371", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "cve_priority": "medium", "cve_public_date": "2024-06-28 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Invalid token requests", " - debian/patches/CVE-2024-37370.patch: Fix vulnerabilities in GSS", " message token handling", " - CVE-2024-37370", " - CVE-2024-37371", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Mon, 15 Jul 2024 13:46:10 +1000" } ], "notes": null }, { "name": "libk5crypto3:riscv64", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.3", "version": "1.19.2-2ubuntu0.3" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.4", "version": "1.19.2-2ubuntu0.4" }, "cves": [ { "cve": "CVE-2024-37370", "url": "https://ubuntu.com/security/CVE-2024-37370", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "cve_priority": "medium", "cve_public_date": "2024-06-28 22:15:00 UTC" }, { "cve": "CVE-2024-37371", "url": "https://ubuntu.com/security/CVE-2024-37371", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "cve_priority": "medium", "cve_public_date": "2024-06-28 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-37370", "url": "https://ubuntu.com/security/CVE-2024-37370", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "cve_priority": "medium", "cve_public_date": "2024-06-28 22:15:00 UTC" }, { "cve": "CVE-2024-37371", "url": "https://ubuntu.com/security/CVE-2024-37371", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "cve_priority": "medium", "cve_public_date": "2024-06-28 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Invalid token requests", " - debian/patches/CVE-2024-37370.patch: Fix vulnerabilities in GSS", " message token handling", " - CVE-2024-37370", " - CVE-2024-37371", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Mon, 15 Jul 2024 13:46:10 +1000" } ], "notes": null }, { "name": "libkrb5-3:riscv64", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.3", "version": "1.19.2-2ubuntu0.3" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.4", "version": "1.19.2-2ubuntu0.4" }, "cves": [ { "cve": "CVE-2024-37370", "url": "https://ubuntu.com/security/CVE-2024-37370", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "cve_priority": "medium", "cve_public_date": "2024-06-28 22:15:00 UTC" }, { "cve": "CVE-2024-37371", "url": "https://ubuntu.com/security/CVE-2024-37371", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "cve_priority": "medium", "cve_public_date": "2024-06-28 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-37370", "url": "https://ubuntu.com/security/CVE-2024-37370", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "cve_priority": "medium", "cve_public_date": "2024-06-28 22:15:00 UTC" }, { "cve": "CVE-2024-37371", "url": "https://ubuntu.com/security/CVE-2024-37371", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "cve_priority": "medium", "cve_public_date": "2024-06-28 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Invalid token requests", " - debian/patches/CVE-2024-37370.patch: Fix vulnerabilities in GSS", " message token handling", " - CVE-2024-37370", " - CVE-2024-37371", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Mon, 15 Jul 2024 13:46:10 +1000" } ], "notes": null }, { "name": "libkrb5support0:riscv64", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.3", "version": "1.19.2-2ubuntu0.3" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.4", "version": "1.19.2-2ubuntu0.4" }, "cves": [ { "cve": "CVE-2024-37370", "url": "https://ubuntu.com/security/CVE-2024-37370", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "cve_priority": "medium", "cve_public_date": "2024-06-28 22:15:00 UTC" }, { "cve": "CVE-2024-37371", "url": "https://ubuntu.com/security/CVE-2024-37371", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "cve_priority": "medium", "cve_public_date": "2024-06-28 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-37370", "url": "https://ubuntu.com/security/CVE-2024-37370", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application.", "cve_priority": "medium", "cve_public_date": "2024-06-28 22:15:00 UTC" }, { "cve": "CVE-2024-37371", "url": "https://ubuntu.com/security/CVE-2024-37371", "cve_description": "In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.", "cve_priority": "medium", "cve_public_date": "2024-06-28 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Invalid token requests", " - debian/patches/CVE-2024-37370.patch: Fix vulnerabilities in GSS", " message token handling", " - CVE-2024-37370", " - CVE-2024-37371", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Mon, 15 Jul 2024 13:46:10 +1000" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20240806 to 20240808", "from_series": "jammy", "to_series": "jammy", "from_serial": "20240806", "to_serial": "20240808", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }