{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "libcap2", "libcap2-bin", "libiniparser1", "libpam-cap", "libxml2" ] } }, "diff": { "deb": [ { "name": "libcap2", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.44-1ubuntu0.22.04.1", "version": "1:2.44-1ubuntu0.22.04.1" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.44-1ubuntu0.22.04.2", "version": "1:2.44-1ubuntu0.22.04.2" }, "cves": [ { "cve": "CVE-2025-1390", "url": "https://ubuntu.com/security/CVE-2025-1390", "cve_description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "cve_priority": "medium", "cve_public_date": "2025-02-20" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-1390", "url": "https://ubuntu.com/security/CVE-2025-1390", "cve_description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "cve_priority": "medium", "cve_public_date": "2025-02-20" } ], "log": [ "", " * SECURITY UPDATE: incorrect group name handling", " - debian/patches/CVE-2025-1390-1.patch: fix potential configuration", " parsing error in pam_cap/pam_cap.c.", " - debian/patches/CVE-2025-1390-2.patch: add a test for bad group prefix", " in pam_cap/sudotest.conf.", " - CVE-2025-1390", "" ], "package": "libcap2", "version": "1:2.44-1ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 20 Feb 2025 10:51:02 -0500" } ], "notes": null }, { "name": "libcap2-bin", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.44-1ubuntu0.22.04.1", "version": "1:2.44-1ubuntu0.22.04.1" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.44-1ubuntu0.22.04.2", "version": "1:2.44-1ubuntu0.22.04.2" }, "cves": [ { "cve": "CVE-2025-1390", "url": "https://ubuntu.com/security/CVE-2025-1390", "cve_description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "cve_priority": "medium", "cve_public_date": "2025-02-20" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-1390", "url": "https://ubuntu.com/security/CVE-2025-1390", "cve_description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "cve_priority": "medium", "cve_public_date": "2025-02-20" } ], "log": [ "", " * SECURITY UPDATE: incorrect group name handling", " - debian/patches/CVE-2025-1390-1.patch: fix potential configuration", " parsing error in pam_cap/pam_cap.c.", " - debian/patches/CVE-2025-1390-2.patch: add a test for bad group prefix", " in pam_cap/sudotest.conf.", " - CVE-2025-1390", "" ], "package": "libcap2", "version": "1:2.44-1ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 20 Feb 2025 10:51:02 -0500" } ], "notes": null }, { "name": "libiniparser1", "from_version": { "source_package_name": "iniparser", "source_package_version": "4.1-4ubuntu4.1", "version": "4.1-4ubuntu4.1" }, "to_version": { "source_package_name": "iniparser", "source_package_version": "4.1-4ubuntu4.2", "version": "4.1-4ubuntu4.2" }, "cves": [ { "cve": "CVE-2025-0633", "url": "https://ubuntu.com/security/CVE-2025-0633", "cve_description": "Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory", "cve_priority": "medium", "cve_public_date": "2025-02-19 07:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-0633", "url": "https://ubuntu.com/security/CVE-2025-0633", "cve_description": "Heap-based Buffer Overflow vulnerability in iniparser_dumpsection_ini() in iniparser allows attacker to read out of bound memory", "cve_priority": "medium", "cve_public_date": "2025-02-19 07:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: heap overflow in iniparser_dumpsection_ini()", " - debian/patches/CVE-2025-0633.patch: return if name doesn't fit in", " buffer in src/iniparser.c.", " - CVE-2025-0633", "" ], "package": "iniparser", "version": "4.1-4ubuntu4.2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 21 Feb 2025 13:32:24 -0500" } ], "notes": null }, { "name": "libpam-cap", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.44-1ubuntu0.22.04.1", "version": "1:2.44-1ubuntu0.22.04.1" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.44-1ubuntu0.22.04.2", "version": "1:2.44-1ubuntu0.22.04.2" }, "cves": [ { "cve": "CVE-2025-1390", "url": "https://ubuntu.com/security/CVE-2025-1390", "cve_description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "cve_priority": "medium", "cve_public_date": "2025-02-20" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-1390", "url": "https://ubuntu.com/security/CVE-2025-1390", "cve_description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "cve_priority": "medium", "cve_public_date": "2025-02-20" } ], "log": [ "", " * SECURITY UPDATE: incorrect group name handling", " - debian/patches/CVE-2025-1390-1.patch: fix potential configuration", " parsing error in pam_cap/pam_cap.c.", " - debian/patches/CVE-2025-1390-2.patch: add a test for bad group prefix", " in pam_cap/sudotest.conf.", " - CVE-2025-1390", "" ], "package": "libcap2", "version": "1:2.44-1ubuntu0.22.04.2", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 20 Feb 2025 10:51:02 -0500" } ], "notes": null }, { "name": "libxml2", "from_version": { "source_package_name": "libxml2", "source_package_version": "2.9.13+dfsg-1ubuntu0.5", "version": "2.9.13+dfsg-1ubuntu0.5" }, "to_version": { "source_package_name": "libxml2", "source_package_version": "2.9.13+dfsg-1ubuntu0.6", "version": "2.9.13+dfsg-1ubuntu0.6" }, "cves": [ { "cve": "CVE-2024-56171", "url": "https://ubuntu.com/security/CVE-2024-56171", "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", "cve_priority": "medium", "cve_public_date": "2025-02-18 22:15:00 UTC" }, { "cve": "CVE-2025-24928", "url": "https://ubuntu.com/security/CVE-2025-24928", "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2025-27113", "url": "https://ubuntu.com/security/CVE-2025-27113", "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-56171", "url": "https://ubuntu.com/security/CVE-2024-56171", "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", "cve_priority": "medium", "cve_public_date": "2025-02-18 22:15:00 UTC" }, { "cve": "CVE-2025-24928", "url": "https://ubuntu.com/security/CVE-2025-24928", "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2025-27113", "url": "https://ubuntu.com/security/CVE-2025-27113", "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use-after-free", " - debian/patches/CVE-2024-56171.patch: Fix use-after-free after", " xmlSchemaItemListAdd.", " - CVE-2024-56171", " * SECURITY UPDATE: stack-based buffer overflow", " - debian/patches/CVE-2025-24928-pre1.patch: Check for NULL node->name", " in xmlSnprintfElements.", " - debian/patches/CVE-2025-24928.patch: Fix stack-buffer-overflow in", " xmlSnprintfElements.", " - CVE-2025-24928", " * SECURITY UPDATE: NULL pointer dereference", " - debian/patches/CVE-2025-27113.patch: Fix compilation of explicit", " child axis.", " - CVE-2025-27113", "" ], "package": "libxml2", "version": "2.9.13+dfsg-1ubuntu0.6", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Fabian Toepfer ", "date": "Fri, 21 Feb 2025 15:30:55 +0100" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20250221 to 20250226", "from_series": "jammy", "to_series": "jammy", "from_serial": "20250221", "to_serial": "20250226", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }