{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "bind9-dnsutils", "bind9-host", "bind9-libs:riscv64", "cloud-init", "libgstreamer1.0-0:riscv64" ] } }, "diff": { "deb": [ { "name": "bind9-dnsutils", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.28-0ubuntu0.22.04.1", "version": "1:9.18.28-0ubuntu0.22.04.1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.22.04.1", "version": "1:9.18.30-0ubuntu0.22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2073310 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release 9.18.30 (LP: #2073310)", " - Features:", " + Print initial working directory during named startup, and changed", " working directory when loading or reloading the configuration file", " + Add max-query-restarts configuration statement", " - Updates:", " + Restrain named to specified number of cores when running via taskset,", " cpuset, or numactl", " + Reduce default max-recursion-queries value from 100 to 32", " + Raise the log level of priming failures", " - Bug Fixes:", " + Fix privacy verification of EDDSA keys", " + Fix algorithm rollover bug when there are two keys with the same keytag", " + Return SERVFAIL for a too long CNAME chain", " + Reconfigure catz member zones during named reconfiguration", " + Update key lifetime and metadata after dnssec-policy reconfiguration", " + Fix generation of 6to4-self name expansion from IPv4 address", " + Fix invalid dig +yaml output", " + Reject zero-length ALPN during SVBC ALPN text parsing", " + Fix false QNAME minimisation error being reported", " + Fix dig +timeout argument when using +http", " - See https://bind9.readthedocs.io/en/v9.18.30/notes.html for additional", " information.", "" ], "package": "bind9", "version": "1:9.18.30-0ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2073310 ], "author": "Lena Voytek ", "date": "Mon, 23 Sep 2024 17:16:16 -0400" } ], "notes": null }, { "name": "bind9-host", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.28-0ubuntu0.22.04.1", "version": "1:9.18.28-0ubuntu0.22.04.1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.22.04.1", "version": "1:9.18.30-0ubuntu0.22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2073310 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release 9.18.30 (LP: #2073310)", " - Features:", " + Print initial working directory during named startup, and changed", " working directory when loading or reloading the configuration file", " + Add max-query-restarts configuration statement", " - Updates:", " + Restrain named to specified number of cores when running via taskset,", " cpuset, or numactl", " + Reduce default max-recursion-queries value from 100 to 32", " + Raise the log level of priming failures", " - Bug Fixes:", " + Fix privacy verification of EDDSA keys", " + Fix algorithm rollover bug when there are two keys with the same keytag", " + Return SERVFAIL for a too long CNAME chain", " + Reconfigure catz member zones during named reconfiguration", " + Update key lifetime and metadata after dnssec-policy reconfiguration", " + Fix generation of 6to4-self name expansion from IPv4 address", " + Fix invalid dig +yaml output", " + Reject zero-length ALPN during SVBC ALPN text parsing", " + Fix false QNAME minimisation error being reported", " + Fix dig +timeout argument when using +http", " - See https://bind9.readthedocs.io/en/v9.18.30/notes.html for additional", " information.", "" ], "package": "bind9", "version": "1:9.18.30-0ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2073310 ], "author": "Lena Voytek ", "date": "Mon, 23 Sep 2024 17:16:16 -0400" } ], "notes": null }, { "name": "bind9-libs:riscv64", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.28-0ubuntu0.22.04.1", "version": "1:9.18.28-0ubuntu0.22.04.1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.22.04.1", "version": "1:9.18.30-0ubuntu0.22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2073310 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release 9.18.30 (LP: #2073310)", " - Features:", " + Print initial working directory during named startup, and changed", " working directory when loading or reloading the configuration file", " + Add max-query-restarts configuration statement", " - Updates:", " + Restrain named to specified number of cores when running via taskset,", " cpuset, or numactl", " + Reduce default max-recursion-queries value from 100 to 32", " + Raise the log level of priming failures", " - Bug Fixes:", " + Fix privacy verification of EDDSA keys", " + Fix algorithm rollover bug when there are two keys with the same keytag", " + Return SERVFAIL for a too long CNAME chain", " + Reconfigure catz member zones during named reconfiguration", " + Update key lifetime and metadata after dnssec-policy reconfiguration", " + Fix generation of 6to4-self name expansion from IPv4 address", " + Fix invalid dig +yaml output", " + Reject zero-length ALPN during SVBC ALPN text parsing", " + Fix false QNAME minimisation error being reported", " + Fix dig +timeout argument when using +http", " - See https://bind9.readthedocs.io/en/v9.18.30/notes.html for additional", " information.", "" ], "package": "bind9", "version": "1:9.18.30-0ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2073310 ], "author": "Lena Voytek ", "date": "Mon, 23 Sep 2024 17:16:16 -0400" } ], "notes": null }, { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "24.3.1-0ubuntu0~22.04.1", "version": "24.3.1-0ubuntu0~22.04.1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "24.4-0ubuntu1~22.04.1", "version": "24.4-0ubuntu1~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2089577 ], "changes": [ { "cves": [], "log": [ "", " * add d/p/grub-dpkg-support.patch", " - Revert the removal of grub-dpkg from default modules", " * refresh patches:", " - d/p/cli-retain-file-argument-as-main-cmd-arg.patch", " - d/p/expire-on-hashed-users.patch", " - d/p/keep-dhclient-as-priority-client.patch", " - d/p/no-nocloud-network.patch", " - d/p/no-single-process.patch", " - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch", " - d/p/status-do-not-remove-duplicated-data.patch", " * Upstream snapshot based on 24.4. (LP: #2089577).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/24.4/ChangeLog", "" ], "package": "cloud-init", "version": "24.4-0ubuntu1~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2089577 ], "author": "James Falcon ", "date": "Mon, 25 Nov 2024 11:51:07 -0600" } ], "notes": null }, { "name": "libgstreamer1.0-0:riscv64", "from_version": { "source_package_name": "gstreamer1.0", "source_package_version": "1.20.3-0ubuntu1", "version": "1.20.3-0ubuntu1" }, "to_version": { "source_package_name": "gstreamer1.0", "source_package_version": "1.20.3-0ubuntu1.1", "version": "1.20.3-0ubuntu1.1" }, "cves": [ { "cve": "CVE-2024-47606", "url": "https://ubuntu.com/security/CVE-2024-47606", "cve_description": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.", "cve_priority": "medium", "cve_public_date": "2024-12-12 02:03:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-47606", "url": "https://ubuntu.com/security/CVE-2024-47606", "cve_description": "GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10.", "cve_priority": "medium", "cve_public_date": "2024-12-12 02:03:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: code exec via integer overflow", " - debian/patches/CVE-2024-47606.patch: avoid integer overflow when", " allocating sysmem in gst/gstallocator.c.", " - CVE-2024-47606", "" ], "package": "gstreamer1.0", "version": "1.20.3-0ubuntu1.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 17 Dec 2024 07:54:32 -0500" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20241217 to 20250108", "from_series": "jammy", "to_series": "jammy", "from_serial": "20241217", "to_serial": "20250108", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }