{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "apparmor", "apt", "apt-utils", "base-files", "cloud-init", "libapparmor1", "libapt-pkg6.0", "libssl3", "motd-news-config", "openssl", "python-apt-common", "python3-apt", "python3-distupgrade", "python3-twisted", "python3-update-manager", "shim-signed", "ubuntu-advantage-tools", "ubuntu-pro-client", "ubuntu-pro-client-l10n", "ubuntu-release-upgrader-core", "update-manager-core", "vim", "vim-common", "vim-runtime", "vim-tiny", "xxd" ] } }, "diff": { "deb": [ { "name": "apparmor", "from_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.3", "version": "3.0.4-2ubuntu2.3" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.3build2", "version": "3.0.4-2ubuntu2.3build2" }, "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "launchpad_bugs_fixed": [ 1597017 ], "changes": [ { "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "log": [ "", " * No-change re-build upload for the jammy-security pocket as part", " of the preparation for addressing CVE-2016-1585 (LP: #1597017)", "" ], "package": "apparmor", "version": "3.0.4-2ubuntu2.3build2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 1597017 ], "author": "Steve Beattie ", "date": "Tue, 27 Aug 2024 14:48:42 -0700" } ], "notes": null }, { "name": "apt", "from_version": { "source_package_name": "apt", "source_package_version": "2.4.12", "version": "2.4.12" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.4.13", "version": "2.4.13" }, "cves": [], "launchpad_bugs_fixed": [ 2078720, 2078720 ], "changes": [ { "cves": [], "log": [ "", " * Fix keeping back removals of obsolete packages (LP: #2078720)", " * Return an error if ResolveByKeep() is unsuccessful (LP: #2078720)", "" ], "package": "apt", "version": "2.4.13", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2078720, 2078720 ], "author": "Julian Andres Klode ", "date": "Thu, 05 Sep 2024 16:43:03 +0200" } ], "notes": null }, { "name": "apt-utils", "from_version": { "source_package_name": "apt", "source_package_version": "2.4.12", "version": "2.4.12" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.4.13", "version": "2.4.13" }, "cves": [], "launchpad_bugs_fixed": [ 2078720, 2078720 ], "changes": [ { "cves": [], "log": [ "", " * Fix keeping back removals of obsolete packages (LP: #2078720)", " * Return an error if ResolveByKeep() is unsuccessful (LP: #2078720)", "" ], "package": "apt", "version": "2.4.13", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2078720, 2078720 ], "author": "Julian Andres Klode ", "date": "Thu, 05 Sep 2024 16:43:03 +0200" } ], "notes": null }, { "name": "base-files", "from_version": { "source_package_name": "base-files", "source_package_version": "12ubuntu4.6", "version": "12ubuntu4.6" }, "to_version": { "source_package_name": "base-files", "source_package_version": "12ubuntu4.7", "version": "12ubuntu4.7" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * /etc/issue{,.net}, /etc/{lsb,os}-release: bump version to 22.04.5", "" ], "package": "base-files", "version": "12ubuntu4.7", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Paride Legovini ", "date": "Tue, 10 Sep 2024 13:18:05 +0200" } ], "notes": null }, { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "24.1.3-0ubuntu1~22.04.5", "version": "24.1.3-0ubuntu1~22.04.5" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "24.2-0ubuntu1~22.04.1", "version": "24.2-0ubuntu1~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2071762 ], "changes": [ { "cves": [], "log": [ "", " * d/control: remove netifaces due to GH-4634", " * d/p/deprecation-version-boundary.patch: Pin deprecation version to 22.1", " * drop d/p/do-not-block-user-login.patch: upstream 4981ea9 now orders", " cloud-init.service Before=systemd-user-sessions.service", " * refresh patches:", " - d/p/cli-retain-file-argument-as-main-cmd-arg.patch", " - d/p/keep-dhclient-as-priority-client.patch", " - d/p/status-do-not-remove-duplicated-data.patch", " - d/p/status-retain-recoverable-error-exit-code.patch", " - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch", " - d/p/retain-ec2-default-net-update-events.patch", " - d/p/retain-old-groups.patch", " * d/po/templates.pot: update for wsl", " * Upstream snapshot based on 24.2. (LP: #2071762).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/24.2/ChangeLog", " * drop all d/p/cpick-* files as they are included in upstream snapshot", "" ], "package": "cloud-init", "version": "24.2-0ubuntu1~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2071762 ], "author": "James Falcon ", "date": "Thu, 11 Jul 2024 16:27:48 -0500" } ], "notes": null }, { "name": "libapparmor1", "from_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.3", "version": "3.0.4-2ubuntu2.3" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.3build2", "version": "3.0.4-2ubuntu2.3build2" }, "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "launchpad_bugs_fixed": [ 1597017 ], "changes": [ { "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "log": [ "", " * No-change re-build upload for the jammy-security pocket as part", " of the preparation for addressing CVE-2016-1585 (LP: #1597017)", "" ], "package": "apparmor", "version": "3.0.4-2ubuntu2.3build2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 1597017 ], "author": "Steve Beattie ", "date": "Tue, 27 Aug 2024 14:48:42 -0700" } ], "notes": null }, { "name": "libapt-pkg6.0", "from_version": { "source_package_name": "apt", "source_package_version": "2.4.12", "version": "2.4.12" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.4.13", "version": "2.4.13" }, "cves": [], "launchpad_bugs_fixed": [ 2078720, 2078720 ], "changes": [ { "cves": [], "log": [ "", " * Fix keeping back removals of obsolete packages (LP: #2078720)", " * Return an error if ResolveByKeep() is unsuccessful (LP: #2078720)", "" ], "package": "apt", "version": "2.4.13", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2078720, 2078720 ], "author": "Julian Andres Klode ", "date": "Thu, 05 Sep 2024 16:43:03 +0200" } ], "notes": null }, { "name": "libssl3", "from_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.17", "version": "3.0.2-0ubuntu1.17" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.18", "version": "3.0.2-0ubuntu1.18" }, "cves": [ { "cve": "CVE-2024-6119", "url": "https://ubuntu.com/security/CVE-2024-6119", "cve_description": "Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "cve_priority": "medium", "cve_public_date": "2024-09-03 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-6119", "url": "https://ubuntu.com/security/CVE-2024-6119", "cve_description": "Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "cve_priority": "medium", "cve_public_date": "2024-09-03 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Possible denial of service in X.509 name checks", " - debian/patches/CVE-2024-6119.patch: avoid type errors in EAI-related", " name check logic in crypto/x509/v3_utl.c, test/*.", " - CVE-2024-6119", "" ], "package": "openssl", "version": "3.0.2-0ubuntu1.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 20 Aug 2024 13:27:32 -0400" } ], "notes": null }, { "name": "motd-news-config", "from_version": { "source_package_name": "base-files", "source_package_version": "12ubuntu4.6", "version": "12ubuntu4.6" }, "to_version": { "source_package_name": "base-files", "source_package_version": "12ubuntu4.7", "version": "12ubuntu4.7" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * /etc/issue{,.net}, /etc/{lsb,os}-release: bump version to 22.04.5", "" ], "package": "base-files", "version": "12ubuntu4.7", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Paride Legovini ", "date": "Tue, 10 Sep 2024 13:18:05 +0200" } ], "notes": null }, { "name": "openssl", "from_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.17", "version": "3.0.2-0ubuntu1.17" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.0.2-0ubuntu1.18", "version": "3.0.2-0ubuntu1.18" }, "cves": [ { "cve": "CVE-2024-6119", "url": "https://ubuntu.com/security/CVE-2024-6119", "cve_description": "Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "cve_priority": "medium", "cve_public_date": "2024-09-03 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-6119", "url": "https://ubuntu.com/security/CVE-2024-6119", "cve_description": "Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of service. Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address when comparing the expected name with an `otherName` subject alternative name of an X.509 certificate. This may result in an exception that terminates the application program. Note that basic certificate chain validation (signatures, dates, ...) is not affected, the denial of service can occur only when the application also specifies an expected DNS name, Email address or IP address. TLS servers rarely solicit client certificates, and even when they do, they generally don't perform a name check against a reference identifier (expected identity), but rather extract the presented identity after checking the certificate chain. So TLS servers are generally not affected and the severity of the issue is Moderate. The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "cve_priority": "medium", "cve_public_date": "2024-09-03 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Possible denial of service in X.509 name checks", " - debian/patches/CVE-2024-6119.patch: avoid type errors in EAI-related", " name check logic in crypto/x509/v3_utl.c, test/*.", " - CVE-2024-6119", "" ], "package": "openssl", "version": "3.0.2-0ubuntu1.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 20 Aug 2024 13:27:32 -0400" } ], "notes": null }, { "name": "python-apt-common", "from_version": { "source_package_name": "python-apt", "source_package_version": "2.4.0ubuntu3", "version": "2.4.0ubuntu3" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "2.4.0ubuntu4", "version": "2.4.0ubuntu4" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Update mirror lists", "" ], "package": "python-apt", "version": "2.4.0ubuntu4", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Paride Legovini ", "date": "Mon, 02 Sep 2024 19:11:34 +0200" } ], "notes": null }, { "name": "python3-apt", "from_version": { "source_package_name": "python-apt", "source_package_version": "2.4.0ubuntu3", "version": "2.4.0ubuntu3" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "2.4.0ubuntu4", "version": "2.4.0ubuntu4" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Update mirror lists", "" ], "package": "python-apt", "version": "2.4.0ubuntu4", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Paride Legovini ", "date": "Mon, 02 Sep 2024 19:11:34 +0200" } ], "notes": null }, { "name": "python3-distupgrade", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:22.04.19", "version": "1:22.04.19" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:22.04.20", "version": "1:22.04.20" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Run pre-build.sh: update mirrors and translations for 22.04.5", "" ], "package": "ubuntu-release-upgrader", "version": "1:22.04.20", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Graham Inggs ", "date": "Tue, 10 Sep 2024 12:28:10 +0000" } ], "notes": null }, { "name": "python3-twisted", "from_version": { "source_package_name": "twisted", "source_package_version": "22.1.0-2ubuntu2.4", "version": "22.1.0-2ubuntu2.4" }, "to_version": { "source_package_name": "twisted", "source_package_version": "22.1.0-2ubuntu2.5", "version": "22.1.0-2ubuntu2.5" }, "cves": [ { "cve": "CVE-2024-41810", "url": "https://ubuntu.com/security/CVE-2024-41810", "cve_description": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.", "cve_priority": "medium", "cve_public_date": "2024-07-29 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41810", "url": "https://ubuntu.com/security/CVE-2024-41810", "cve_description": "Twisted is an event-based framework for internet applications, supporting Python 3.6+. The `twisted.web.util.redirectTo` function contains an HTML injection vulnerability. If application code allows an attacker to control the redirect URL this vulnerability may result in Reflected Cross-Site Scripting (XSS) in the redirect response HTML body. This vulnerability is fixed in 24.7.0rc1.", "cve_priority": "medium", "cve_public_date": "2024-07-29 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: HTML injection in HTTP redirect body", " - debian/patches/CVE-2024-41810-*.patch: added output ", " encoding in redirect HTML", " - CVE-2024-41810", "" ], "package": "twisted", "version": "22.1.0-2ubuntu2.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Nick Galanis ", "date": "Tue, 27 Aug 2024 11:14:59 +0300" } ], "notes": null }, { "name": "python3-update-manager", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.20", "version": "1:22.04.20" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.21", "version": "1:22.04.21" }, "cves": [], "launchpad_bugs_fixed": [ 2064211 ], "changes": [ { "cves": [], "log": [ "", " * Don't crash if the end-points of the Pro API fail (LP: #2064211).", "" ], "package": "update-manager", "version": "1:22.04.21", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2064211 ], "author": "Nathan Pratta Teodosio ", "date": "Wed, 26 Jun 2024 11:01:35 +0200" } ], "notes": null }, { "name": "shim-signed", "from_version": { "source_package_name": "shim-signed", "source_package_version": "1.51.3", "version": "1.51.3+15.7-0ubuntu1" }, "to_version": { "source_package_name": "shim-signed", "source_package_version": "1.51.4", "version": "1.51.4+15.8-0ubuntu1" }, "cves": [ { "cve": "CVE-2023-40546", "url": "https://ubuntu.com/security/CVE-2023-40546", "cve_description": "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.", "cve_priority": "medium", "cve_public_date": "2024-01-29 17:15:00 UTC" }, { "cve": "CVE-2023-40547", "url": "https://ubuntu.com/security/CVE-2023-40547", "cve_description": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.", "cve_priority": "medium", "cve_public_date": "2024-01-25 16:15:00 UTC" }, { "cve": "CVE-2023-40548", "url": "https://ubuntu.com/security/CVE-2023-40548", "cve_description": "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.", "cve_priority": "medium", "cve_public_date": "2024-01-29 15:15:00 UTC" }, { "cve": "CVE-2023-40549", "url": "https://ubuntu.com/security/CVE-2023-40549", "cve_description": "An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.", "cve_priority": "medium", "cve_public_date": "2024-01-29 17:15:00 UTC" }, { "cve": "CVE-2023-40550", "url": "https://ubuntu.com/security/CVE-2023-40550", "cve_description": "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.", "cve_priority": "medium", "cve_public_date": "2024-01-29 17:15:00 UTC" }, { "cve": "CVE-2023-40551", "url": "https://ubuntu.com/security/CVE-2023-40551", "cve_description": "A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.", "cve_priority": "medium", "cve_public_date": "2024-01-29 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2051151, 2036604, 2051151, 2051151, 2051151, 2051151, 2051151, 2051151 ], "changes": [ { "cves": [ { "cve": "CVE-2023-40546", "url": "https://ubuntu.com/security/CVE-2023-40546", "cve_description": "A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.", "cve_priority": "medium", "cve_public_date": "2024-01-29 17:15:00 UTC" }, { "cve": "CVE-2023-40547", "url": "https://ubuntu.com/security/CVE-2023-40547", "cve_description": "A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.", "cve_priority": "medium", "cve_public_date": "2024-01-25 16:15:00 UTC" }, { "cve": "CVE-2023-40548", "url": "https://ubuntu.com/security/CVE-2023-40548", "cve_description": "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase.", "cve_priority": "medium", "cve_public_date": "2024-01-29 15:15:00 UTC" }, { "cve": "CVE-2023-40549", "url": "https://ubuntu.com/security/CVE-2023-40549", "cve_description": "An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.", "cve_priority": "medium", "cve_public_date": "2024-01-29 17:15:00 UTC" }, { "cve": "CVE-2023-40550", "url": "https://ubuntu.com/security/CVE-2023-40550", "cve_description": "An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.", "cve_priority": "medium", "cve_public_date": "2024-01-29 17:15:00 UTC" }, { "cve": "CVE-2023-40551", "url": "https://ubuntu.com/security/CVE-2023-40551", "cve_description": "A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.", "cve_priority": "medium", "cve_public_date": "2024-01-29 17:15:00 UTC" } ], "log": [ "", " * New upstream version 15.8 (LP: #2051151):", " - pe: Align section size up to page size for mem attrs (LP: #2036604)", " - SBAT level: shim,4", " - SBAT policy:", " - Latest: \"shim,4\\ngrub,3\\ngrub.debian,4\\n\"", " - Automatic: \"shim,2\\ngrub,3\\ngrub.debian,4\\n\"", " - Note that this does not yet revoke pre NTFS CVE fix GRUB binaries.", " * SECURITY UPDATE: a bug in an error message [LP: #2051151]", " - mok: fix LogError() invocation", " - CVE-2023-40546", " * SECURITY UPDATE: out-of-bounds write and UEFI Secure Boot bypass", " when booting via HTTP [LP: #2051151]", " - avoid incorrectly trusting HTTP headers", " - CVE-2023-40547", " * SECURITY UPDATE: out-of-bounds write and possible bug [LP: #2051151]", " - Fix integer overflow on SBAT section size on 32-bit system", " - CVE-2023-40548", " * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]", " - Authenticode: verify that the signature header is in bounds.", " - CVE-2023-40549", " * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]", " - pe: Fix an out-of-bound read in verify_buffer_sbat()", " - CVE-2023-40550", " * SECURITY UPDATE: out-of-bounds read and possible bug [LP: #2051151]", " - pe-relocate: Fix bounds check for MZ binaries", " - CVE-2023-40551", "" ], "package": "shim-signed", "version": "1.51.4", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2051151, 2036604, 2051151, 2051151, 2051151, 2051151, 2051151, 2051151 ], "author": "Mate Kukri ", "date": "Thu, 04 Apr 2024 13:54:55 +0100" } ], "notes": null }, { "name": "ubuntu-advantage-tools", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3.1~22.04", "version": "32.3.1~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "33.2~22.04", "version": "33.2~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2069237, 2072489, 2060769, 2067810, 2069237, 2060769, 2068744 ], "changes": [ { "cves": [], "log": [ "", " * Backport 33.2 to jammy (LP: #2069237)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2069237 ], "author": "Lucas Moura ", "date": "Thu, 18 Jul 2024 11:20:14 -0400" }, { "cves": [], "log": [ "", " * d/apparmor: add apt-news access to package information on the system", " (LP: #2072489) (GH: #3193)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2072489 ], "author": "Lucas Moura ", "date": "Wed, 17 Jul 2024 09:50:56 -0300" }, { "cves": [], "log": [ "", " * New upstream release 33.1: (LP: #2060769)", " - system:", " + always pass C.UTF8 as the language when calling a subprocess", " + ignore utf-8 decode errors on subprocess output", "" ], "package": "ubuntu-advantage-tools", "version": "33.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2060769 ], "author": "Renan Rodrigo ", "date": "Wed, 10 Jul 2024 16:43:02 -0300" }, { "cves": [], "log": [ "", " * d/apparmor: adjust the esm_cache apparmor profile to allow reading of dpkg", " data directory (LP: #2067810) (GH: #3137)", " * New upstream release 33 (LP: #2069237)", " - apt: use Python bindings instead of apt CLI to query for installed", " packages (LP: #2060769) (LP: #2068744)", " - beta: drop support for beta services", " - contracts: add support for contracts which target a specific series", " - fips: change enable functionality to ensure all packages with a FIPS", " candidate are upgraded to the FIPS version (GH: #2667)", " - fix: ", " + add the current_status field to the plan api return object", " + change recommended attach method to magic attach (GH: #3040)", " - livepatch: prefer the term 'coverage' instead of 'support' in messaging", " (GH: #3063)", " - realtime:", " + auto-select the raspi variant when appropriate", " + inform the user when auto-selecting a variant", "" ], "package": "ubuntu-advantage-tools", "version": "33", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2067810, 2069237, 2060769, 2068744 ], "author": "Renan Rodrigo ", "date": "Thu, 13 Jun 2024 00:19:54 -0300" } ], "notes": null }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3.1~22.04", "version": "32.3.1~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "33.2~22.04", "version": "33.2~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2069237, 2072489, 2060769, 2067810, 2069237, 2060769, 2068744 ], "changes": [ { "cves": [], "log": [ "", " * Backport 33.2 to jammy (LP: #2069237)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2069237 ], "author": "Lucas Moura ", "date": "Thu, 18 Jul 2024 11:20:14 -0400" }, { "cves": [], "log": [ "", " * d/apparmor: add apt-news access to package information on the system", " (LP: #2072489) (GH: #3193)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2072489 ], "author": "Lucas Moura ", "date": "Wed, 17 Jul 2024 09:50:56 -0300" }, { "cves": [], "log": [ "", " * New upstream release 33.1: (LP: #2060769)", " - system:", " + always pass C.UTF8 as the language when calling a subprocess", " + ignore utf-8 decode errors on subprocess output", "" ], "package": "ubuntu-advantage-tools", "version": "33.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2060769 ], "author": "Renan Rodrigo ", "date": "Wed, 10 Jul 2024 16:43:02 -0300" }, { "cves": [], "log": [ "", " * d/apparmor: adjust the esm_cache apparmor profile to allow reading of dpkg", " data directory (LP: #2067810) (GH: #3137)", " * New upstream release 33 (LP: #2069237)", " - apt: use Python bindings instead of apt CLI to query for installed", " packages (LP: #2060769) (LP: #2068744)", " - beta: drop support for beta services", " - contracts: add support for contracts which target a specific series", " - fips: change enable functionality to ensure all packages with a FIPS", " candidate are upgraded to the FIPS version (GH: #2667)", " - fix: ", " + add the current_status field to the plan api return object", " + change recommended attach method to magic attach (GH: #3040)", " - livepatch: prefer the term 'coverage' instead of 'support' in messaging", " (GH: #3063)", " - realtime:", " + auto-select the raspi variant when appropriate", " + inform the user when auto-selecting a variant", "" ], "package": "ubuntu-advantage-tools", "version": "33", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2067810, 2069237, 2060769, 2068744 ], "author": "Renan Rodrigo ", "date": "Thu, 13 Jun 2024 00:19:54 -0300" } ], "notes": null }, { "name": "ubuntu-pro-client-l10n", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3.1~22.04", "version": "32.3.1~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "33.2~22.04", "version": "33.2~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2069237, 2072489, 2060769, 2067810, 2069237, 2060769, 2068744 ], "changes": [ { "cves": [], "log": [ "", " * Backport 33.2 to jammy (LP: #2069237)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2069237 ], "author": "Lucas Moura ", "date": "Thu, 18 Jul 2024 11:20:14 -0400" }, { "cves": [], "log": [ "", " * d/apparmor: add apt-news access to package information on the system", " (LP: #2072489) (GH: #3193)", "" ], "package": "ubuntu-advantage-tools", "version": "33.2", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2072489 ], "author": "Lucas Moura ", "date": "Wed, 17 Jul 2024 09:50:56 -0300" }, { "cves": [], "log": [ "", " * New upstream release 33.1: (LP: #2060769)", " - system:", " + always pass C.UTF8 as the language when calling a subprocess", " + ignore utf-8 decode errors on subprocess output", "" ], "package": "ubuntu-advantage-tools", "version": "33.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2060769 ], "author": "Renan Rodrigo ", "date": "Wed, 10 Jul 2024 16:43:02 -0300" }, { "cves": [], "log": [ "", " * d/apparmor: adjust the esm_cache apparmor profile to allow reading of dpkg", " data directory (LP: #2067810) (GH: #3137)", " * New upstream release 33 (LP: #2069237)", " - apt: use Python bindings instead of apt CLI to query for installed", " packages (LP: #2060769) (LP: #2068744)", " - beta: drop support for beta services", " - contracts: add support for contracts which target a specific series", " - fips: change enable functionality to ensure all packages with a FIPS", " candidate are upgraded to the FIPS version (GH: #2667)", " - fix: ", " + add the current_status field to the plan api return object", " + change recommended attach method to magic attach (GH: #3040)", " - livepatch: prefer the term 'coverage' instead of 'support' in messaging", " (GH: #3063)", " - realtime:", " + auto-select the raspi variant when appropriate", " + inform the user when auto-selecting a variant", "" ], "package": "ubuntu-advantage-tools", "version": "33", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2067810, 2069237, 2060769, 2068744 ], "author": "Renan Rodrigo ", "date": "Thu, 13 Jun 2024 00:19:54 -0300" } ], "notes": null }, { "name": "ubuntu-release-upgrader-core", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:22.04.19", "version": "1:22.04.19" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:22.04.20", "version": "1:22.04.20" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Run pre-build.sh: update mirrors and translations for 22.04.5", "" ], "package": "ubuntu-release-upgrader", "version": "1:22.04.20", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Graham Inggs ", "date": "Tue, 10 Sep 2024 12:28:10 +0000" } ], "notes": null }, { "name": "update-manager-core", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.20", "version": "1:22.04.20" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.21", "version": "1:22.04.21" }, "cves": [], "launchpad_bugs_fixed": [ 2064211 ], "changes": [ { "cves": [], "log": [ "", " * Don't crash if the end-points of the Pro API fail (LP: #2064211).", "" ], "package": "update-manager", "version": "1:22.04.21", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2064211 ], "author": "Nathan Pratta Teodosio ", "date": "Wed, 26 Jun 2024 11:01:35 +0200" } ], "notes": null }, { "name": "vim", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.17", "version": "2:8.2.3995-1ubuntu2.17" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.18", "version": "2:8.2.3995-1ubuntu2.18" }, "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-41957.patch: set tagname to NULL", " after being freed", " - CVE-2024-41957", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-43374.patch: add lock to keep", " reference valid", " - CVE-2024-43374", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Tue, 27 Aug 2024 15:34:22 +1000" } ], "notes": null }, { "name": "vim-common", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.17", "version": "2:8.2.3995-1ubuntu2.17" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.18", "version": "2:8.2.3995-1ubuntu2.18" }, "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-41957.patch: set tagname to NULL", " after being freed", " - CVE-2024-41957", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-43374.patch: add lock to keep", " reference valid", " - CVE-2024-43374", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Tue, 27 Aug 2024 15:34:22 +1000" } ], "notes": null }, { "name": "vim-runtime", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.17", "version": "2:8.2.3995-1ubuntu2.17" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.18", "version": "2:8.2.3995-1ubuntu2.18" }, "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-41957.patch: set tagname to NULL", " after being freed", " - CVE-2024-41957", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-43374.patch: add lock to keep", " reference valid", " - CVE-2024-43374", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Tue, 27 Aug 2024 15:34:22 +1000" } ], "notes": null }, { "name": "vim-tiny", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.17", "version": "2:8.2.3995-1ubuntu2.17" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.18", "version": "2:8.2.3995-1ubuntu2.18" }, "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-41957.patch: set tagname to NULL", " after being freed", " - CVE-2024-41957", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-43374.patch: add lock to keep", " reference valid", " - CVE-2024-43374", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Tue, 27 Aug 2024 15:34:22 +1000" } ], "notes": null }, { "name": "xxd", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.17", "version": "2:8.2.3995-1ubuntu2.17" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.18", "version": "2:8.2.3995-1ubuntu2.18" }, "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-41957", "url": "https://ubuntu.com/security/CVE-2024-41957", "cve_description": "Vim is an open source command line text editor. Vim < v9.1.0647 has double free in src/alloc.c:616. When closing a window, the corresponding tagstack data will be cleared and freed. However a bit later, the quickfix list belonging to that window will also be cleared and if that quickfix list points to the same tagstack data, Vim will try to free it again, resulting in a double-free/use-after-free access exception. Impact is low since the user must intentionally execute vim with several non-default flags, but it may cause a crash of Vim. The issue has been fixed as of Vim patch v9.1.0647", "cve_priority": "medium", "cve_public_date": "2024-08-01 22:15:00 UTC" }, { "cve": "CVE-2024-43374", "url": "https://ubuntu.com/security/CVE-2024-43374", "cve_description": "The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678.", "cve_priority": "medium", "cve_public_date": "2024-08-16 02:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-41957.patch: set tagname to NULL", " after being freed", " - CVE-2024-41957", " * SECURITY UPDATE: use after free", " - debian/patches/CVE-2024-43374.patch: add lock to keep", " reference valid", " - CVE-2024-43374", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.18", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Tue, 27 Aug 2024 15:34:22 +1000" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20240823 to 20240912", "from_series": "jammy", "to_series": "jammy", "from_serial": "20240823", "to_serial": "20240912", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }