{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "libtasn1-6:s390x", "openssh-client", "openssh-server", "openssh-sftp-server" ] } }, "diff": { "deb": [ { "name": "libtasn1-6:s390x", "from_version": { "source_package_name": "libtasn1-6", "source_package_version": "4.18.0-4build1", "version": "4.18.0-4build1" }, "to_version": { "source_package_name": "libtasn1-6", "source_package_version": "4.18.0-4ubuntu0.1", "version": "4.18.0-4ubuntu0.1" }, "cves": [ { "cve": "CVE-2024-12133", "url": "https://ubuntu.com/security/CVE-2024-12133", "cve_description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "cve_priority": "medium", "cve_public_date": "2025-02-10 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-12133", "url": "https://ubuntu.com/security/CVE-2024-12133", "cve_description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "cve_priority": "medium", "cve_public_date": "2025-02-10 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service through inefficient algorithm.", " - CVE-2024-12133-x.patch: Add caching and optimize algorithms in", " lib/decoding.c, lib/element.c, lib/element.h, lib/int.h,", " lib/parser_aux.c, and lib/structure.c.", " - CVE-2024-12133", "" ], "package": "libtasn1-6", "version": "4.18.0-4ubuntu0.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 11 Feb 2025 17:49:16 -0330" } ], "notes": null }, { "name": "openssh-client", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.10", "version": "1:8.9p1-3ubuntu0.10" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.11", "version": "1:8.9p1-3ubuntu0.11" }, "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "log": [ "", " * SECURITY UPDATE: MitM with VerifyHostKeyDNS option", " - debian/patches/CVE-2025-26465.patch: fix error code handling in", " krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.", " - CVE-2025-26465", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.11", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 11 Feb 2025 08:51:51 -0500" } ], "notes": null }, { "name": "openssh-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.10", "version": "1:8.9p1-3ubuntu0.10" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.11", "version": "1:8.9p1-3ubuntu0.11" }, "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "log": [ "", " * SECURITY UPDATE: MitM with VerifyHostKeyDNS option", " - debian/patches/CVE-2025-26465.patch: fix error code handling in", " krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.", " - CVE-2025-26465", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.11", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 11 Feb 2025 08:51:51 -0500" } ], "notes": null }, { "name": "openssh-sftp-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.10", "version": "1:8.9p1-3ubuntu0.10" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.11", "version": "1:8.9p1-3ubuntu0.11" }, "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "log": [ "", " * SECURITY UPDATE: MitM with VerifyHostKeyDNS option", " - debian/patches/CVE-2025-26465.patch: fix error code handling in", " krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.", " - CVE-2025-26465", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.11", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 11 Feb 2025 08:51:51 -0500" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20250213 to 20250219", "from_series": "jammy", "to_series": "jammy", "from_serial": "20250213", "to_serial": "20250219", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }