{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "bind9-dnsutils", "bind9-host", "bind9-libs:s390x", "libc-bin", "libc6:s390x", "libgssapi-krb5-2:s390x", "libk5crypto3:s390x", "libkrb5-3:s390x", "libkrb5support0:s390x", "libseccomp2:s390x", "libtasn1-6:s390x", "libxml2:s390x", "locales", "openssh-client", "openssh-server", "openssh-sftp-server", "python3-jinja2", "tzdata", "vim", "vim-common", "vim-runtime", "vim-tiny", "xxd" ] } }, "diff": { "deb": [ { "name": "bind9-dnsutils", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.22.04.1", "version": "1:9.18.30-0ubuntu0.22.04.1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.22.04.2", "version": "1:9.18.30-0ubuntu0.22.04.2" }, "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Many records in the additional section cause CPU", " exhaustion", " - debian/patches/CVE-2024-11187.patch: limit the additional processing", " for large RDATA sets in bin/tests/*, lib/dns/include/dns/rdataset.h,", " lib/dns/rbtdb.c, lib/dns/rdataset.c, lib/dns/resolver.c,", " lib/ns/query.c.", " - CVE-2024-11187", " * SECURITY UPDATE: DNS-over-HTTPS implementation suffers from multiple", " issues under heavy query load", " - debian/patches/CVE-2024-12705.patch: fix flooding issues in", " lib/isc/netmgr/http.c, lib/isc/netmgr/netmgr-int.h,", " lib/isc/netmgr/netmgr.c, lib/isc/netmgr/tcp.c,", " lib/isc/netmgr/tlsstream.c. ", " - CVE-2024-12705", "" ], "package": "bind9", "version": "1:9.18.30-0ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 28 Jan 2025 09:30:35 -0500" } ], "notes": null }, { "name": "bind9-host", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.22.04.1", "version": "1:9.18.30-0ubuntu0.22.04.1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.22.04.2", "version": "1:9.18.30-0ubuntu0.22.04.2" }, "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Many records in the additional section cause CPU", " exhaustion", " - debian/patches/CVE-2024-11187.patch: limit the additional processing", " for large RDATA sets in bin/tests/*, lib/dns/include/dns/rdataset.h,", " lib/dns/rbtdb.c, lib/dns/rdataset.c, lib/dns/resolver.c,", " lib/ns/query.c.", " - CVE-2024-11187", " * SECURITY UPDATE: DNS-over-HTTPS implementation suffers from multiple", " issues under heavy query load", " - debian/patches/CVE-2024-12705.patch: fix flooding issues in", " lib/isc/netmgr/http.c, lib/isc/netmgr/netmgr-int.h,", " lib/isc/netmgr/netmgr.c, lib/isc/netmgr/tcp.c,", " lib/isc/netmgr/tlsstream.c. ", " - CVE-2024-12705", "" ], "package": "bind9", "version": "1:9.18.30-0ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 28 Jan 2025 09:30:35 -0500" } ], "notes": null }, { "name": "bind9-libs:s390x", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.22.04.1", "version": "1:9.18.30-0ubuntu0.22.04.1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.22.04.2", "version": "1:9.18.30-0ubuntu0.22.04.2" }, "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Many records in the additional section cause CPU", " exhaustion", " - debian/patches/CVE-2024-11187.patch: limit the additional processing", " for large RDATA sets in bin/tests/*, lib/dns/include/dns/rdataset.h,", " lib/dns/rbtdb.c, lib/dns/rdataset.c, lib/dns/resolver.c,", " lib/ns/query.c.", " - CVE-2024-11187", " * SECURITY UPDATE: DNS-over-HTTPS implementation suffers from multiple", " issues under heavy query load", " - debian/patches/CVE-2024-12705.patch: fix flooding issues in", " lib/isc/netmgr/http.c, lib/isc/netmgr/netmgr-int.h,", " lib/isc/netmgr/netmgr.c, lib/isc/netmgr/tcp.c,", " lib/isc/netmgr/tlsstream.c. ", " - CVE-2024-12705", "" ], "package": "bind9", "version": "1:9.18.30-0ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 28 Jan 2025 09:30:35 -0500" } ], "notes": null }, { "name": "libc-bin", "from_version": { "source_package_name": "glibc", "source_package_version": "2.35-0ubuntu3.8", "version": "2.35-0ubuntu3.8" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.35-0ubuntu3.9", "version": "2.35-0ubuntu3.9" }, "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Buffer overflow in the assert function.", " - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP", " calculation and include libc-pointer-arith.h in assert/assert.c and", " sysdeps/posix/libc_fatal.c.", " - CVE-2025-0395", "" ], "package": "glibc", "version": "2.35-0ubuntu3.9", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 28 Jan 2025 16:55:30 -0330" } ], "notes": null }, { "name": "libc6:s390x", "from_version": { "source_package_name": "glibc", "source_package_version": "2.35-0ubuntu3.8", "version": "2.35-0ubuntu3.8" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.35-0ubuntu3.9", "version": "2.35-0ubuntu3.9" }, "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Buffer overflow in the assert function.", " - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP", " calculation and include libc-pointer-arith.h in assert/assert.c and", " sysdeps/posix/libc_fatal.c.", " - CVE-2025-0395", "" ], "package": "glibc", "version": "2.35-0ubuntu3.9", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 28 Jan 2025 16:55:30 -0330" } ], "notes": null }, { "name": "libgssapi-krb5-2:s390x", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.4", "version": "1.19.2-2ubuntu0.4" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.5", "version": "1.19.2-2ubuntu0.5" }, "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of MD5-based message authentication over plaintext", " communications could lead to forgery attacks.", " - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator", " by adding support for the Message-Authenticator attribute in non-EAP", " authentication methods.", " - CVE-2024-3596", " * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Nicolas Campuzano Jimenez ", "date": "Mon, 27 Jan 2025 19:37:24 -0500" } ], "notes": null }, { "name": "libk5crypto3:s390x", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.4", "version": "1.19.2-2ubuntu0.4" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.5", "version": "1.19.2-2ubuntu0.5" }, "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of MD5-based message authentication over plaintext", " communications could lead to forgery attacks.", " - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator", " by adding support for the Message-Authenticator attribute in non-EAP", " authentication methods.", " - CVE-2024-3596", " * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Nicolas Campuzano Jimenez ", "date": "Mon, 27 Jan 2025 19:37:24 -0500" } ], "notes": null }, { "name": "libkrb5-3:s390x", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.4", "version": "1.19.2-2ubuntu0.4" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.5", "version": "1.19.2-2ubuntu0.5" }, "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of MD5-based message authentication over plaintext", " communications could lead to forgery attacks.", " - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator", " by adding support for the Message-Authenticator attribute in non-EAP", " authentication methods.", " - CVE-2024-3596", " * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Nicolas Campuzano Jimenez ", "date": "Mon, 27 Jan 2025 19:37:24 -0500" } ], "notes": null }, { "name": "libkrb5support0:s390x", "from_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.4", "version": "1.19.2-2ubuntu0.4" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.19.2-2ubuntu0.5", "version": "1.19.2-2ubuntu0.5" }, "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of MD5-based message authentication over plaintext", " communications could lead to forgery attacks.", " - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator", " by adding support for the Message-Authenticator attribute in non-EAP", " authentication methods.", " - CVE-2024-3596", " * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.", "" ], "package": "krb5", "version": "1.19.2-2ubuntu0.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Nicolas Campuzano Jimenez ", "date": "Mon, 27 Jan 2025 19:37:24 -0500" } ], "notes": null }, { "name": "libseccomp2:s390x", "from_version": { "source_package_name": "libseccomp", "source_package_version": "2.5.3-2ubuntu2", "version": "2.5.3-2ubuntu2" }, "to_version": { "source_package_name": "libseccomp", "source_package_version": "2.5.3-2ubuntu3~22.04.1", "version": "2.5.3-2ubuntu3~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2059734 ], "changes": [ { "cves": [], "log": [ "", " * d/p/lp2059734-fix-fchmodat2-syscall-used-by-glibc-in-newer-containers.patch:", " - Fix fchmodat2 syscall in containers that use a newer version of glibc", " (LP: #2059734)", "" ], "package": "libseccomp", "version": "2.5.3-2ubuntu3~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2059734 ], "author": "Ghadi Elie Rahme ", "date": "Wed, 23 Oct 2024 15:44:34 +0000" } ], "notes": null }, { "name": "libtasn1-6:s390x", "from_version": { "source_package_name": "libtasn1-6", "source_package_version": "4.18.0-4build1", "version": "4.18.0-4build1" }, "to_version": { "source_package_name": "libtasn1-6", "source_package_version": "4.18.0-4ubuntu0.1", "version": "4.18.0-4ubuntu0.1" }, "cves": [ { "cve": "CVE-2024-12133", "url": "https://ubuntu.com/security/CVE-2024-12133", "cve_description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "cve_priority": "medium", "cve_public_date": "2025-02-10 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-12133", "url": "https://ubuntu.com/security/CVE-2024-12133", "cve_description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "cve_priority": "medium", "cve_public_date": "2025-02-10 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service through inefficient algorithm.", " - CVE-2024-12133-x.patch: Add caching and optimize algorithms in", " lib/decoding.c, lib/element.c, lib/element.h, lib/int.h,", " lib/parser_aux.c, and lib/structure.c.", " - CVE-2024-12133", "" ], "package": "libtasn1-6", "version": "4.18.0-4ubuntu0.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 11 Feb 2025 17:49:16 -0330" } ], "notes": null }, { "name": "libxml2:s390x", "from_version": { "source_package_name": "libxml2", "source_package_version": "2.9.13+dfsg-1ubuntu0.4", "version": "2.9.13+dfsg-1ubuntu0.4" }, "to_version": { "source_package_name": "libxml2", "source_package_version": "2.9.13+dfsg-1ubuntu0.5", "version": "2.9.13+dfsg-1ubuntu0.5" }, "cves": [ { "cve": "CVE-2022-49043", "url": "https://ubuntu.com/security/CVE-2022-49043", "cve_description": "xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.", "cve_priority": "medium", "cve_public_date": "2025-01-26 06:15:00 UTC" }, { "cve": "CVE-2024-34459", "url": "https://ubuntu.com/security/CVE-2024-34459", "cve_description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cve_priority": "low", "cve_public_date": "2024-05-14 15:39:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2022-49043", "url": "https://ubuntu.com/security/CVE-2022-49043", "cve_description": "xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.", "cve_priority": "medium", "cve_public_date": "2025-01-26 06:15:00 UTC" }, { "cve": "CVE-2024-34459", "url": "https://ubuntu.com/security/CVE-2024-34459", "cve_description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cve_priority": "low", "cve_public_date": "2024-05-14 15:39:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use-after-free in xmlXIncludeAddNode", " - debian/patches/CVE-2022-49043.patch: fix UaF in xinclude.c.", " - CVE-2022-49043", " * SECURITY UPDATE: buffer overread in xmllint", " - debian/patches/CVE-2024-34459.patch: fix buffer issue when using", " htmlout option in xmllint.c.", " - CVE-2024-34459", "" ], "package": "libxml2", "version": "2.9.13+dfsg-1ubuntu0.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 28 Jan 2025 08:30:32 -0500" } ], "notes": null }, { "name": "locales", "from_version": { "source_package_name": "glibc", "source_package_version": "2.35-0ubuntu3.8", "version": "2.35-0ubuntu3.8" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.35-0ubuntu3.9", "version": "2.35-0ubuntu3.9" }, "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Buffer overflow in the assert function.", " - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP", " calculation and include libc-pointer-arith.h in assert/assert.c and", " sysdeps/posix/libc_fatal.c.", " - CVE-2025-0395", "" ], "package": "glibc", "version": "2.35-0ubuntu3.9", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 28 Jan 2025 16:55:30 -0330" } ], "notes": null }, { "name": "openssh-client", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.10", "version": "1:8.9p1-3ubuntu0.10" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.11", "version": "1:8.9p1-3ubuntu0.11" }, "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "log": [ "", " * SECURITY UPDATE: MitM with VerifyHostKeyDNS option", " - debian/patches/CVE-2025-26465.patch: fix error code handling in", " krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.", " - CVE-2025-26465", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.11", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 11 Feb 2025 08:51:51 -0500" } ], "notes": null }, { "name": "openssh-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.10", "version": "1:8.9p1-3ubuntu0.10" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.11", "version": "1:8.9p1-3ubuntu0.11" }, "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "log": [ "", " * SECURITY UPDATE: MitM with VerifyHostKeyDNS option", " - debian/patches/CVE-2025-26465.patch: fix error code handling in", " krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.", " - CVE-2025-26465", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.11", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 11 Feb 2025 08:51:51 -0500" } ], "notes": null }, { "name": "openssh-sftp-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.10", "version": "1:8.9p1-3ubuntu0.10" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:8.9p1-3ubuntu0.11", "version": "1:8.9p1-3ubuntu0.11" }, "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-26465", "url": "https://ubuntu.com/security/CVE-2025-26465", "cve_description": "The OpenSSH client is vulnerable to an active machine-in-the-middle attack if the VerifyHostKeyDNS option is enabled (it is disabled by default): when a vulnerable client connects to a server, an active machine-in-the-middle can impersonate the server by completely bypassing the client's checks of the server's identity.", "cve_priority": "medium", "cve_public_date": "2025-02-18" } ], "log": [ "", " * SECURITY UPDATE: MitM with VerifyHostKeyDNS option", " - debian/patches/CVE-2025-26465.patch: fix error code handling in", " krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c.", " - CVE-2025-26465", "" ], "package": "openssh", "version": "1:8.9p1-3ubuntu0.11", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 11 Feb 2025 08:51:51 -0500" } ], "notes": null }, { "name": "python3-jinja2", "from_version": { "source_package_name": "jinja2", "source_package_version": "3.0.3-1ubuntu0.2", "version": "3.0.3-1ubuntu0.2" }, "to_version": { "source_package_name": "jinja2", "source_package_version": "3.0.3-1ubuntu0.3", "version": "3.0.3-1ubuntu0.3" }, "cves": [ { "cve": "CVE-2024-56201", "url": "https://ubuntu.com/security/CVE-2024-56201", "cve_description": "Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.", "cve_priority": "medium", "cve_public_date": "2024-12-23 16:15:00 UTC" }, { "cve": "CVE-2024-56326", "url": "https://ubuntu.com/security/CVE-2024-56326", "cve_description": "Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.", "cve_priority": "medium", "cve_public_date": "2024-12-23 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-56201", "url": "https://ubuntu.com/security/CVE-2024-56201", "cve_description": "Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.", "cve_priority": "medium", "cve_public_date": "2024-12-23 16:15:00 UTC" }, { "cve": "CVE-2024-56326", "url": "https://ubuntu.com/security/CVE-2024-56326", "cve_description": "Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.", "cve_priority": "medium", "cve_public_date": "2024-12-23 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: arbitrary code execution issue in jinja compiler", " - debian/patches/CVE-2024-56201.patch: f-string syntax handling in code", " generation improved in src/jinja2/compiler.py.", " - debian/patches/CVE-2024-56326.patch: oversight on calls to str.format", " adjusted in src/jinja2/sandbox.py.", " - CVE-2024-56201", " - CVE-2024-56326", "" ], "package": "jinja2", "version": "3.0.3-1ubuntu0.3", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Evan Caville ", "date": "Mon, 06 Jan 2025 15:27:20 +1000" } ], "notes": null }, { "name": "tzdata", "from_version": { "source_package_name": "tzdata", "source_package_version": "2024a-0ubuntu0.22.04.1", "version": "2024a-0ubuntu0.22.04.1" }, "to_version": { "source_package_name": "tzdata", "source_package_version": "2024b-0ubuntu0.22.04.1", "version": "2024b-0ubuntu0.22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2096974, 2079966, 2070285 ], "changes": [ { "cves": [], "log": [ "", " * Revert using %z in tzdata.zi data form (LP: #2096974):", " - Enable link to link feature also for rearguard dataform", " - Use dataform rearguard for C++ std::chrono", "" ], "package": "tzdata", "version": "2024b-0ubuntu0.22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2096974 ], "author": "Benjamin Drung ", "date": "Fri, 31 Jan 2025 13:53:56 +0100" }, { "cves": [], "log": [ "", " * New upstream release (LP: #2079966):", " - Improve historical data for Mexico, Mongolia, and Portugal.", " - System V names are now obsolescent (reverted, see below).", " - The main data form now uses %z.", " - Asia/Choibalsan is now an alias for Asia/Ulaanbaatar", " * Add autopkgtest test case for 2024b release", " * Update the ICU timezone data to 2024b", " * Add autopkgtest test case for ICU timezone data 2024b", " * Build timezones with zic -b 'fat' (Closes: #1084111)", " * Move UNIX System V zones back from backzone to backwards file", " to keep them unchanged for the stable release updates.", " * Test debconf configuration with autopkgtest", " * Make remaining legacy timezones selectable in debconf (LP: #2070285)", "" ], "package": "tzdata", "version": "2024b-0ubuntu0.22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2079966, 2070285 ], "author": "Benjamin Drung ", "date": "Wed, 04 Dec 2024 00:58:03 +0100" } ], "notes": null }, { "name": "vim", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.22", "version": "2:8.2.3995-1ubuntu2.22" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.23", "version": "2:8.2.3995-1ubuntu2.23" }, "cves": [ { "cve": "CVE-2025-24014", "url": "https://ubuntu.com/security/CVE-2025-24014", "cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", "cve_priority": "medium", "cve_public_date": "2025-01-20 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-24014", "url": "https://ubuntu.com/security/CVE-2025-24014", "cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", "cve_priority": "medium", "cve_public_date": "2025-01-20 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service", " - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()", " in files src/gui.c, src/testdir/crash/ex_redraw_crash,", " src/testdir/test_crash.vim.", " - CVE-2025-24014", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.23", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Mon, 03 Feb 2025 08:54:38 -0300" } ], "notes": null }, { "name": "vim-common", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.22", "version": "2:8.2.3995-1ubuntu2.22" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.23", "version": "2:8.2.3995-1ubuntu2.23" }, "cves": [ { "cve": "CVE-2025-24014", "url": "https://ubuntu.com/security/CVE-2025-24014", "cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", "cve_priority": "medium", "cve_public_date": "2025-01-20 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-24014", "url": "https://ubuntu.com/security/CVE-2025-24014", "cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", "cve_priority": "medium", "cve_public_date": "2025-01-20 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service", " - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()", " in files src/gui.c, src/testdir/crash/ex_redraw_crash,", " src/testdir/test_crash.vim.", " - CVE-2025-24014", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.23", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Mon, 03 Feb 2025 08:54:38 -0300" } ], "notes": null }, { "name": "vim-runtime", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.22", "version": "2:8.2.3995-1ubuntu2.22" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.23", "version": "2:8.2.3995-1ubuntu2.23" }, "cves": [ { "cve": "CVE-2025-24014", "url": "https://ubuntu.com/security/CVE-2025-24014", "cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", "cve_priority": "medium", "cve_public_date": "2025-01-20 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-24014", "url": "https://ubuntu.com/security/CVE-2025-24014", "cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", "cve_priority": "medium", "cve_public_date": "2025-01-20 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service", " - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()", " in files src/gui.c, src/testdir/crash/ex_redraw_crash,", " src/testdir/test_crash.vim.", " - CVE-2025-24014", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.23", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Mon, 03 Feb 2025 08:54:38 -0300" } ], "notes": null }, { "name": "vim-tiny", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.22", "version": "2:8.2.3995-1ubuntu2.22" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.23", "version": "2:8.2.3995-1ubuntu2.23" }, "cves": [ { "cve": "CVE-2025-24014", "url": "https://ubuntu.com/security/CVE-2025-24014", "cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", "cve_priority": "medium", "cve_public_date": "2025-01-20 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-24014", "url": "https://ubuntu.com/security/CVE-2025-24014", "cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", "cve_priority": "medium", "cve_public_date": "2025-01-20 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service", " - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()", " in files src/gui.c, src/testdir/crash/ex_redraw_crash,", " src/testdir/test_crash.vim.", " - CVE-2025-24014", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.23", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Mon, 03 Feb 2025 08:54:38 -0300" } ], "notes": null }, { "name": "xxd", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.22", "version": "2:8.2.3995-1ubuntu2.22" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.23", "version": "2:8.2.3995-1ubuntu2.23" }, "cves": [ { "cve": "CVE-2025-24014", "url": "https://ubuntu.com/security/CVE-2025-24014", "cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", "cve_priority": "medium", "cve_public_date": "2025-01-20 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-24014", "url": "https://ubuntu.com/security/CVE-2025-24014", "cve_description": "Vim is an open source, command line text editor. A segmentation fault was found in Vim before 9.1.1043. In silent Ex mode (-s -e), Vim typically doesn't show a screen and just operates silently in batch mode. However, it is still possible to trigger the function that handles the scrolling of a gui version of Vim by feeding some binary characters to Vim. The function that handles the scrolling however may be triggering a redraw, which will access the ScreenLines pointer, even so this variable hasn't been allocated (since there is no screen). This vulnerability is fixed in 9.1.1043.", "cve_priority": "medium", "cve_public_date": "2025-01-20 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service", " - debian/patches/CVE-2025-24014.patch: fix a segfault in win_line()", " in files src/gui.c, src/testdir/crash/ex_redraw_crash,", " src/testdir/test_crash.vim.", " - CVE-2025-24014", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.23", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Mon, 03 Feb 2025 08:54:38 -0300" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20250128 to 20250219", "from_series": "jammy", "to_series": "jammy", "from_serial": "20250128", "to_serial": "20250219", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }