{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-6.8.0-52-generic", "linux-image-6.8.0-52-generic", "linux-modules-6.8.0-52-generic", "linux-riscv-headers-6.8.0-52" ], "removed": [ "linux-headers-6.8.0-51-generic", "linux-image-6.8.0-51-generic", "linux-modules-6.8.0-51-generic", "linux-riscv-headers-6.8.0-51" ], "diff": [ "bind9-dnsutils", "bind9-host", "bind9-libs:riscv64", "bsdextrautils", "bsdutils", "eject", "fdisk", "kmod", "krb5-locales", "libaio1t64:riscv64", "libattr1:riscv64", "libblkid1:riscv64", "libbsd0:riscv64", "libc-bin", "libc6:riscv64", "libcap2:riscv64", "libcap2-bin", "libdrm-common", "libdrm2:riscv64", "libdw1t64:riscv64", "libelf1t64:riscv64", "libfdisk1:riscv64", "libgmp10:riscv64", "libgpg-error-l10n", "libgpg-error0:riscv64", "libgssapi-krb5-2:riscv64", "libidn2-0:riscv64", "libk5crypto3:riscv64", "libkmod2:riscv64", "libkrb5-3:riscv64", "libkrb5support0:riscv64", "libmd0:riscv64", "libmount1:riscv64", "libmpfr6:riscv64", "libnghttp2-14:riscv64", "libnl-3-200:riscv64", "libnl-genl-3-200:riscv64", "libnl-route-3-200:riscv64", "libnss-systemd:riscv64", "libpam-cap:riscv64", "libpam-systemd:riscv64", "libpcre2-8-0:riscv64", "libperl5.38t64:riscv64", "libselinux1:riscv64", "libsmartcols1:riscv64", "libsqlite3-0:riscv64", "libsystemd-shared:riscv64", "libsystemd0:riscv64", "libudev1:riscv64", "libunistring5:riscv64", "libunwind8:riscv64", "libuuid1:riscv64", "libxml2:riscv64", "linux-headers-generic", "linux-headers-virtual", "linux-image-virtual", "linux-virtual", "locales", "mount", "perl", "perl-base", "perl-modules-5.38", "python-apt-common", "python3-apt", "python3-distupgrade", "python3-jinja2", "systemd", "systemd-dev", "systemd-resolved", "systemd-sysv", "systemd-timesyncd", "tzdata", "ubuntu-minimal", "ubuntu-release-upgrader-core", "ubuntu-server", "ubuntu-standard", "udev", "util-linux", "uuid-runtime", "wireless-regdb", "xfsprogs" ] } }, "diff": { "deb": [ { "name": "bind9-dnsutils", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.24.04.1", "version": "1:9.18.30-0ubuntu0.24.04.1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.24.04.2", "version": "1:9.18.30-0ubuntu0.24.04.2" }, "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Many records in the additional section cause CPU", " exhaustion", " - debian/patches/CVE-2024-11187.patch: limit the additional processing", " for large RDATA sets in bin/tests/*, lib/dns/include/dns/rdataset.h,", " lib/dns/rbtdb.c, lib/dns/rdataset.c, lib/dns/resolver.c,", " lib/ns/query.c.", " - CVE-2024-11187", " * SECURITY UPDATE: DNS-over-HTTPS implementation suffers from multiple", " issues under heavy query load", " - debian/patches/CVE-2024-12705.patch: fix flooding issues in", " lib/isc/netmgr/http.c, lib/isc/netmgr/netmgr-int.h,", " lib/isc/netmgr/netmgr.c, lib/isc/netmgr/tcp.c,", " lib/isc/netmgr/tlsstream.c. ", " - CVE-2024-12705", "" ], "package": "bind9", "version": "1:9.18.30-0ubuntu0.24.04.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 28 Jan 2025 09:26:30 -0500" } ], "notes": null }, { "name": "bind9-host", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.24.04.1", "version": "1:9.18.30-0ubuntu0.24.04.1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.24.04.2", "version": "1:9.18.30-0ubuntu0.24.04.2" }, "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Many records in the additional section cause CPU", " exhaustion", " - debian/patches/CVE-2024-11187.patch: limit the additional processing", " for large RDATA sets in bin/tests/*, lib/dns/include/dns/rdataset.h,", " lib/dns/rbtdb.c, lib/dns/rdataset.c, lib/dns/resolver.c,", " lib/ns/query.c.", " - CVE-2024-11187", " * SECURITY UPDATE: DNS-over-HTTPS implementation suffers from multiple", " issues under heavy query load", " - debian/patches/CVE-2024-12705.patch: fix flooding issues in", " lib/isc/netmgr/http.c, lib/isc/netmgr/netmgr-int.h,", " lib/isc/netmgr/netmgr.c, lib/isc/netmgr/tcp.c,", " lib/isc/netmgr/tlsstream.c. ", " - CVE-2024-12705", "" ], "package": "bind9", "version": "1:9.18.30-0ubuntu0.24.04.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 28 Jan 2025 09:26:30 -0500" } ], "notes": null }, { "name": "bind9-libs:riscv64", "from_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.24.04.1", "version": "1:9.18.30-0ubuntu0.24.04.1" }, "to_version": { "source_package_name": "bind9", "source_package_version": "1:9.18.30-0ubuntu0.24.04.2", "version": "1:9.18.30-0ubuntu0.24.04.2" }, "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11187", "url": "https://ubuntu.com/security/CVE-2024-11187", "cve_description": "It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure. This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" }, { "cve": "CVE-2024-12705", "url": "https://ubuntu.com/security/CVE-2024-12705", "cve_description": "Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver's CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic. This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.", "cve_priority": "medium", "cve_public_date": "2025-01-29 22:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Many records in the additional section cause CPU", " exhaustion", " - debian/patches/CVE-2024-11187.patch: limit the additional processing", " for large RDATA sets in bin/tests/*, lib/dns/include/dns/rdataset.h,", " lib/dns/rbtdb.c, lib/dns/rdataset.c, lib/dns/resolver.c,", " lib/ns/query.c.", " - CVE-2024-11187", " * SECURITY UPDATE: DNS-over-HTTPS implementation suffers from multiple", " issues under heavy query load", " - debian/patches/CVE-2024-12705.patch: fix flooding issues in", " lib/isc/netmgr/http.c, lib/isc/netmgr/netmgr-int.h,", " lib/isc/netmgr/netmgr.c, lib/isc/netmgr/tcp.c,", " lib/isc/netmgr/tlsstream.c. ", " - CVE-2024-12705", "" ], "package": "bind9", "version": "1:9.18.30-0ubuntu0.24.04.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 28 Jan 2025 09:26:30 -0500" } ], "notes": null }, { "name": "bsdextrautils", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "bsdutils", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "1:2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "1:2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "eject", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "fdisk", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "kmod", "from_version": { "source_package_name": "kmod", "source_package_version": "31+20240202-2ubuntu7", "version": "31+20240202-2ubuntu7" }, "to_version": { "source_package_name": "kmod", "source_package_version": "31+20240202-2ubuntu7.1", "version": "31+20240202-2ubuntu7.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "kmod", "version": "31+20240202-2ubuntu7.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:49 +0200" } ], "notes": null }, { "name": "krb5-locales", "from_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.2", "version": "1.20.1-6ubuntu2.2" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.3", "version": "1.20.1-6ubuntu2.3" }, "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of MD5-based message authentication over plaintext", " communications could lead to forgery attacks.", " - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator", " by adding support for the Message-Authenticator attribute in non-EAP", " authentication methods.", " - CVE-2024-3596 ", " * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.", "" ], "package": "krb5", "version": "1.20.1-6ubuntu2.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nicolas Campuzano Jimenez ", "date": "Tue, 28 Jan 2025 00:57:01 -0500" } ], "notes": null }, { "name": "libaio1t64:riscv64", "from_version": { "source_package_name": "libaio", "source_package_version": "0.3.113-6build1", "version": "0.3.113-6build1" }, "to_version": { "source_package_name": "libaio", "source_package_version": "0.3.113-6build1.1", "version": "0.3.113-6build1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libaio", "version": "0.3.113-6build1.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:51 +0200" } ], "notes": null }, { "name": "libattr1:riscv64", "from_version": { "source_package_name": "attr", "source_package_version": "1:2.5.2-1build1", "version": "1:2.5.2-1build1" }, "to_version": { "source_package_name": "attr", "source_package_version": "1:2.5.2-1build1.1", "version": "1:2.5.2-1build1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "attr", "version": "1:2.5.2-1build1.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libblkid1:riscv64", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "libbsd0:riscv64", "from_version": { "source_package_name": "libbsd", "source_package_version": "0.12.1-1build1", "version": "0.12.1-1build1" }, "to_version": { "source_package_name": "libbsd", "source_package_version": "0.12.1-1build1.1", "version": "0.12.1-1build1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libbsd", "version": "0.12.1-1build1.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libc-bin", "from_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.3", "version": "2.39-0ubuntu8.3" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.4", "version": "2.39-0ubuntu8.4" }, "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Buffer overflow in the assert function.", " - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP", " calculation and include libc-pointer-arith.h in assert/assert.c and", " sysdeps/posix/libc_fatal.c.", " - CVE-2025-0395", "" ], "package": "glibc", "version": "2.39-0ubuntu8.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 28 Jan 2025 13:37:37 -0330" } ], "notes": null }, { "name": "libc6:riscv64", "from_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.3", "version": "2.39-0ubuntu8.3" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.4", "version": "2.39-0ubuntu8.4" }, "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Buffer overflow in the assert function.", " - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP", " calculation and include libc-pointer-arith.h in assert/assert.c and", " sysdeps/posix/libc_fatal.c.", " - CVE-2025-0395", "" ], "package": "glibc", "version": "2.39-0ubuntu8.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 28 Jan 2025 13:37:37 -0330" } ], "notes": null }, { "name": "libcap2:riscv64", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.66-5ubuntu2", "version": "1:2.66-5ubuntu2" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.66-5ubuntu2.1", "version": "1:2.66-5ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libcap2", "version": "1:2.66-5ubuntu2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libcap2-bin", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.66-5ubuntu2", "version": "1:2.66-5ubuntu2" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.66-5ubuntu2.1", "version": "1:2.66-5ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libcap2", "version": "1:2.66-5ubuntu2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libdrm-common", "from_version": { "source_package_name": "libdrm", "source_package_version": "2.4.120-2build1", "version": "2.4.120-2build1" }, "to_version": { "source_package_name": "libdrm", "source_package_version": "2.4.122-1~ubuntu0.24.04.1", "version": "2.4.122-1~ubuntu0.24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083020 ], "changes": [ { "cves": [], "log": [ "", " * Backport to noble. (LP: #2083020)", "" ], "package": "libdrm", "version": "2.4.122-1~ubuntu0.24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083020 ], "author": "Timo Aaltonen ", "date": "Fri, 02 Aug 2024 15:33:15 +0300" }, { "cves": [], "log": [ "", " * New upstream release. (Closes: #1059854)", " * control: Migrate to pkgconf.", "" ], "package": "libdrm", "version": "2.4.122-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Thu, 01 Aug 2024 13:52:56 +0300" }, { "cves": [], "log": [ "", " * rules: Enable intel on arm64. (Closes: #1070815)", "" ], "package": "libdrm", "version": "2.4.121-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Tue, 11 Jun 2024 18:26:23 +0300" }, { "cves": [], "log": [ "", " * New upstream release.", " * control: Add arm64 to libdrm-intel1 archs. (Closes: #1070815)", " * symbols: Updated.", "" ], "package": "libdrm", "version": "2.4.121-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Mon, 10 Jun 2024 19:31:37 +0300" } ], "notes": null }, { "name": "libdrm2:riscv64", "from_version": { "source_package_name": "libdrm", "source_package_version": "2.4.120-2build1", "version": "2.4.120-2build1" }, "to_version": { "source_package_name": "libdrm", "source_package_version": "2.4.122-1~ubuntu0.24.04.1", "version": "2.4.122-1~ubuntu0.24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083020 ], "changes": [ { "cves": [], "log": [ "", " * Backport to noble. (LP: #2083020)", "" ], "package": "libdrm", "version": "2.4.122-1~ubuntu0.24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083020 ], "author": "Timo Aaltonen ", "date": "Fri, 02 Aug 2024 15:33:15 +0300" }, { "cves": [], "log": [ "", " * New upstream release. (Closes: #1059854)", " * control: Migrate to pkgconf.", "" ], "package": "libdrm", "version": "2.4.122-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Thu, 01 Aug 2024 13:52:56 +0300" }, { "cves": [], "log": [ "", " * rules: Enable intel on arm64. (Closes: #1070815)", "" ], "package": "libdrm", "version": "2.4.121-2", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Tue, 11 Jun 2024 18:26:23 +0300" }, { "cves": [], "log": [ "", " * New upstream release.", " * control: Add arm64 to libdrm-intel1 archs. (Closes: #1070815)", " * symbols: Updated.", "" ], "package": "libdrm", "version": "2.4.121-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Timo Aaltonen ", "date": "Mon, 10 Jun 2024 19:31:37 +0300" } ], "notes": null }, { "name": "libdw1t64:riscv64", "from_version": { "source_package_name": "elfutils", "source_package_version": "0.190-1.1build4", "version": "0.190-1.1build4" }, "to_version": { "source_package_name": "elfutils", "source_package_version": "0.190-1.1build4.1", "version": "0.190-1.1build4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "elfutils", "version": "0.190-1.1build4.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:51 +0200" } ], "notes": null }, { "name": "libelf1t64:riscv64", "from_version": { "source_package_name": "elfutils", "source_package_version": "0.190-1.1build4", "version": "0.190-1.1build4" }, "to_version": { "source_package_name": "elfutils", "source_package_version": "0.190-1.1build4.1", "version": "0.190-1.1build4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "elfutils", "version": "0.190-1.1build4.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:51 +0200" } ], "notes": null }, { "name": "libfdisk1:riscv64", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "libgmp10:riscv64", "from_version": { "source_package_name": "gmp", "source_package_version": "2:6.3.0+dfsg-2ubuntu6", "version": "2:6.3.0+dfsg-2ubuntu6" }, "to_version": { "source_package_name": "gmp", "source_package_version": "2:6.3.0+dfsg-2ubuntu6.1", "version": "2:6.3.0+dfsg-2ubuntu6.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "gmp", "version": "2:6.3.0+dfsg-2ubuntu6.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:51 +0200" } ], "notes": null }, { "name": "libgpg-error-l10n", "from_version": { "source_package_name": "libgpg-error", "source_package_version": "1.47-3build2", "version": "1.47-3build2" }, "to_version": { "source_package_name": "libgpg-error", "source_package_version": "1.47-3build2.1", "version": "1.47-3build2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libgpg-error", "version": "1.47-3build2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libgpg-error0:riscv64", "from_version": { "source_package_name": "libgpg-error", "source_package_version": "1.47-3build2", "version": "1.47-3build2" }, "to_version": { "source_package_name": "libgpg-error", "source_package_version": "1.47-3build2.1", "version": "1.47-3build2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libgpg-error", "version": "1.47-3build2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libgssapi-krb5-2:riscv64", "from_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.2", "version": "1.20.1-6ubuntu2.2" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.3", "version": "1.20.1-6ubuntu2.3" }, "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of MD5-based message authentication over plaintext", " communications could lead to forgery attacks.", " - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator", " by adding support for the Message-Authenticator attribute in non-EAP", " authentication methods.", " - CVE-2024-3596 ", " * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.", "" ], "package": "krb5", "version": "1.20.1-6ubuntu2.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nicolas Campuzano Jimenez ", "date": "Tue, 28 Jan 2025 00:57:01 -0500" } ], "notes": null }, { "name": "libidn2-0:riscv64", "from_version": { "source_package_name": "libidn2", "source_package_version": "2.3.7-2build1", "version": "2.3.7-2build1" }, "to_version": { "source_package_name": "libidn2", "source_package_version": "2.3.7-2build1.1", "version": "2.3.7-2build1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libidn2", "version": "2.3.7-2build1.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libk5crypto3:riscv64", "from_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.2", "version": "1.20.1-6ubuntu2.2" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.3", "version": "1.20.1-6ubuntu2.3" }, "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of MD5-based message authentication over plaintext", " communications could lead to forgery attacks.", " - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator", " by adding support for the Message-Authenticator attribute in non-EAP", " authentication methods.", " - CVE-2024-3596 ", " * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.", "" ], "package": "krb5", "version": "1.20.1-6ubuntu2.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nicolas Campuzano Jimenez ", "date": "Tue, 28 Jan 2025 00:57:01 -0500" } ], "notes": null }, { "name": "libkmod2:riscv64", "from_version": { "source_package_name": "kmod", "source_package_version": "31+20240202-2ubuntu7", "version": "31+20240202-2ubuntu7" }, "to_version": { "source_package_name": "kmod", "source_package_version": "31+20240202-2ubuntu7.1", "version": "31+20240202-2ubuntu7.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "kmod", "version": "31+20240202-2ubuntu7.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:49 +0200" } ], "notes": null }, { "name": "libkrb5-3:riscv64", "from_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.2", "version": "1.20.1-6ubuntu2.2" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.3", "version": "1.20.1-6ubuntu2.3" }, "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of MD5-based message authentication over plaintext", " communications could lead to forgery attacks.", " - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator", " by adding support for the Message-Authenticator attribute in non-EAP", " authentication methods.", " - CVE-2024-3596 ", " * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.", "" ], "package": "krb5", "version": "1.20.1-6ubuntu2.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nicolas Campuzano Jimenez ", "date": "Tue, 28 Jan 2025 00:57:01 -0500" } ], "notes": null }, { "name": "libkrb5support0:riscv64", "from_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.2", "version": "1.20.1-6ubuntu2.2" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.3", "version": "1.20.1-6ubuntu2.3" }, "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-3596", "url": "https://ubuntu.com/security/CVE-2024-3596", "cve_description": "RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.", "cve_priority": "medium", "cve_public_date": "2024-07-09 12:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of MD5-based message authentication over plaintext", " communications could lead to forgery attacks.", " - debian/patches/CVE-2024-3596.patch: Secure Response Authenticator", " by adding support for the Message-Authenticator attribute in non-EAP", " authentication methods.", " - CVE-2024-3596 ", " * Update libk5crypto3 symbols: add k5_hmac_md5 symbol.", "" ], "package": "krb5", "version": "1.20.1-6ubuntu2.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Nicolas Campuzano Jimenez ", "date": "Tue, 28 Jan 2025 00:57:01 -0500" } ], "notes": null }, { "name": "libmd0:riscv64", "from_version": { "source_package_name": "libmd", "source_package_version": "1.1.0-2build1", "version": "1.1.0-2build1" }, "to_version": { "source_package_name": "libmd", "source_package_version": "1.1.0-2build1.1", "version": "1.1.0-2build1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libmd", "version": "1.1.0-2build1.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libmount1:riscv64", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "libmpfr6:riscv64", "from_version": { "source_package_name": "mpfr4", "source_package_version": "4.2.1-1build1", "version": "4.2.1-1build1" }, "to_version": { "source_package_name": "mpfr4", "source_package_version": "4.2.1-1build1.1", "version": "4.2.1-1build1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "mpfr4", "version": "4.2.1-1build1.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:52 +0200" } ], "notes": null }, { "name": "libnghttp2-14:riscv64", "from_version": { "source_package_name": "nghttp2", "source_package_version": "1.59.0-1ubuntu0.1", "version": "1.59.0-1ubuntu0.1" }, "to_version": { "source_package_name": "nghttp2", "source_package_version": "1.59.0-1ubuntu0.2", "version": "1.59.0-1ubuntu0.2" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "nghttp2", "version": "1.59.0-1ubuntu0.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:49 +0200" } ], "notes": null }, { "name": "libnl-3-200:riscv64", "from_version": { "source_package_name": "libnl3", "source_package_version": "3.7.0-0.3build1", "version": "3.7.0-0.3build1" }, "to_version": { "source_package_name": "libnl3", "source_package_version": "3.7.0-0.3build1.1", "version": "3.7.0-0.3build1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libnl3", "version": "3.7.0-0.3build1.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:51 +0200" } ], "notes": null }, { "name": "libnl-genl-3-200:riscv64", "from_version": { "source_package_name": "libnl3", "source_package_version": "3.7.0-0.3build1", "version": "3.7.0-0.3build1" }, "to_version": { "source_package_name": "libnl3", "source_package_version": "3.7.0-0.3build1.1", "version": "3.7.0-0.3build1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libnl3", "version": "3.7.0-0.3build1.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:51 +0200" } ], "notes": null }, { "name": "libnl-route-3-200:riscv64", "from_version": { "source_package_name": "libnl3", "source_package_version": "3.7.0-0.3build1", "version": "3.7.0-0.3build1" }, "to_version": { "source_package_name": "libnl3", "source_package_version": "3.7.0-0.3build1.1", "version": "3.7.0-0.3build1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libnl3", "version": "3.7.0-0.3build1.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:51 +0200" } ], "notes": null }, { "name": "libnss-systemd:riscv64", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.4", "version": "255.4-1ubuntu8.4" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.5", "version": "255.4-1ubuntu8.5" }, "cves": [], "launchpad_bugs_fixed": [ 2077779, 2081192 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * udev: Handle PTP device symlink properly on udev action 'change'", " (LP: #2077779)", "", " [ Nick Rosbrook ]", " * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call", " (LP: #2081192)", "" ], "package": "systemd", "version": "255.4-1ubuntu8.5", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077779, 2081192 ], "author": "Nick Rosbrook ", "date": "Thu, 17 Oct 2024 13:15:16 -0400" } ], "notes": null }, { "name": "libpam-cap:riscv64", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.66-5ubuntu2", "version": "1:2.66-5ubuntu2" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.66-5ubuntu2.1", "version": "1:2.66-5ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libcap2", "version": "1:2.66-5ubuntu2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libpam-systemd:riscv64", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.4", "version": "255.4-1ubuntu8.4" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.5", "version": "255.4-1ubuntu8.5" }, "cves": [], "launchpad_bugs_fixed": [ 2077779, 2081192 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * udev: Handle PTP device symlink properly on udev action 'change'", " (LP: #2077779)", "", " [ Nick Rosbrook ]", " * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call", " (LP: #2081192)", "" ], "package": "systemd", "version": "255.4-1ubuntu8.5", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077779, 2081192 ], "author": "Nick Rosbrook ", "date": "Thu, 17 Oct 2024 13:15:16 -0400" } ], "notes": null }, { "name": "libpcre2-8-0:riscv64", "from_version": { "source_package_name": "pcre2", "source_package_version": "10.42-4ubuntu2", "version": "10.42-4ubuntu2" }, "to_version": { "source_package_name": "pcre2", "source_package_version": "10.42-4ubuntu2.1", "version": "10.42-4ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "pcre2", "version": "10.42-4ubuntu2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:51 +0200" } ], "notes": null }, { "name": "libperl5.38t64:riscv64", "from_version": { "source_package_name": "perl", "source_package_version": "5.38.2-3.2build2", "version": "5.38.2-3.2build2" }, "to_version": { "source_package_name": "perl", "source_package_version": "5.38.2-3.2build2.1", "version": "5.38.2-3.2build2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "perl", "version": "5.38.2-3.2build2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libselinux1:riscv64", "from_version": { "source_package_name": "libselinux", "source_package_version": "3.5-2ubuntu2", "version": "3.5-2ubuntu2" }, "to_version": { "source_package_name": "libselinux", "source_package_version": "3.5-2ubuntu2.1", "version": "3.5-2ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libselinux", "version": "3.5-2ubuntu2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:52 +0200" } ], "notes": null }, { "name": "libsmartcols1:riscv64", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "libsqlite3-0:riscv64", "from_version": { "source_package_name": "sqlite3", "source_package_version": "3.45.1-1ubuntu2", "version": "3.45.1-1ubuntu2" }, "to_version": { "source_package_name": "sqlite3", "source_package_version": "3.45.1-1ubuntu2.1", "version": "3.45.1-1ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "sqlite3", "version": "3.45.1-1ubuntu2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libsystemd-shared:riscv64", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.4", "version": "255.4-1ubuntu8.4" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.5", "version": "255.4-1ubuntu8.5" }, "cves": [], "launchpad_bugs_fixed": [ 2077779, 2081192 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * udev: Handle PTP device symlink properly on udev action 'change'", " (LP: #2077779)", "", " [ Nick Rosbrook ]", " * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call", " (LP: #2081192)", "" ], "package": "systemd", "version": "255.4-1ubuntu8.5", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077779, 2081192 ], "author": "Nick Rosbrook ", "date": "Thu, 17 Oct 2024 13:15:16 -0400" } ], "notes": null }, { "name": "libsystemd0:riscv64", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.4", "version": "255.4-1ubuntu8.4" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.5", "version": "255.4-1ubuntu8.5" }, "cves": [], "launchpad_bugs_fixed": [ 2077779, 2081192 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * udev: Handle PTP device symlink properly on udev action 'change'", " (LP: #2077779)", "", " [ Nick Rosbrook ]", " * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call", " (LP: #2081192)", "" ], "package": "systemd", "version": "255.4-1ubuntu8.5", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077779, 2081192 ], "author": "Nick Rosbrook ", "date": "Thu, 17 Oct 2024 13:15:16 -0400" } ], "notes": null }, { "name": "libudev1:riscv64", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.4", "version": "255.4-1ubuntu8.4" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.5", "version": "255.4-1ubuntu8.5" }, "cves": [], "launchpad_bugs_fixed": [ 2077779, 2081192 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * udev: Handle PTP device symlink properly on udev action 'change'", " (LP: #2077779)", "", " [ Nick Rosbrook ]", " * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call", " (LP: #2081192)", "" ], "package": "systemd", "version": "255.4-1ubuntu8.5", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077779, 2081192 ], "author": "Nick Rosbrook ", "date": "Thu, 17 Oct 2024 13:15:16 -0400" } ], "notes": null }, { "name": "libunistring5:riscv64", "from_version": { "source_package_name": "libunistring", "source_package_version": "1.1-2build1", "version": "1.1-2build1" }, "to_version": { "source_package_name": "libunistring", "source_package_version": "1.1-2build1.1", "version": "1.1-2build1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libunistring", "version": "1.1-2build1.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "libunwind8:riscv64", "from_version": { "source_package_name": "libunwind", "source_package_version": "1.6.2-3build1", "version": "1.6.2-3build1" }, "to_version": { "source_package_name": "libunwind", "source_package_version": "1.6.2-3build1.1", "version": "1.6.2-3build1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "libunwind", "version": "1.6.2-3build1.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:51 +0200" } ], "notes": null }, { "name": "libuuid1:riscv64", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "libxml2:riscv64", "from_version": { "source_package_name": "libxml2", "source_package_version": "2.9.14+dfsg-1.3ubuntu3", "version": "2.9.14+dfsg-1.3ubuntu3" }, "to_version": { "source_package_name": "libxml2", "source_package_version": "2.9.14+dfsg-1.3ubuntu3.1", "version": "2.9.14+dfsg-1.3ubuntu3.1" }, "cves": [ { "cve": "CVE-2022-49043", "url": "https://ubuntu.com/security/CVE-2022-49043", "cve_description": "xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.", "cve_priority": "medium", "cve_public_date": "2025-01-26 06:15:00 UTC" }, { "cve": "CVE-2024-34459", "url": "https://ubuntu.com/security/CVE-2024-34459", "cve_description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cve_priority": "low", "cve_public_date": "2024-05-14 15:39:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2022-49043", "url": "https://ubuntu.com/security/CVE-2022-49043", "cve_description": "xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.", "cve_priority": "medium", "cve_public_date": "2025-01-26 06:15:00 UTC" }, { "cve": "CVE-2024-34459", "url": "https://ubuntu.com/security/CVE-2024-34459", "cve_description": "An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.", "cve_priority": "low", "cve_public_date": "2024-05-14 15:39:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: use-after-free in xmlXIncludeAddNode", " - debian/patches/CVE-2022-49043.patch: fix UaF in xinclude.c.", " - CVE-2022-49043", " * SECURITY UPDATE: buffer overread in xmllint", " - debian/patches/CVE-2024-34459.patch: fix buffer issue when using", " htmlout option in xmllint.c.", " - CVE-2024-34459", "" ], "package": "libxml2", "version": "2.9.14+dfsg-1.3ubuntu3.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 28 Jan 2025 08:19:16 -0500" } ], "notes": null }, { "name": "linux-headers-generic", "from_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.8.0-51.52.1", "version": "6.8.0-51.52.1" }, "to_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.8.0-52.53.1", "version": "6.8.0-52.53.1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-52.53.1", "" ], "package": "linux-meta-riscv", "version": "6.8.0-52.53.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [], "author": "Emil Renner Berthing ", "date": "Tue, 21 Jan 2025 16:56:15 +0100" } ], "notes": null }, { "name": "linux-headers-virtual", "from_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.8.0-51.52.1", "version": "6.8.0-51.52.1" }, "to_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.8.0-52.53.1", "version": "6.8.0-52.53.1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-52.53.1", "" ], "package": "linux-meta-riscv", "version": "6.8.0-52.53.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [], "author": "Emil Renner Berthing ", "date": "Tue, 21 Jan 2025 16:56:15 +0100" } ], "notes": null }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.8.0-51.52.1", "version": "6.8.0-51.52.1" }, "to_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.8.0-52.53.1", "version": "6.8.0-52.53.1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-52.53.1", "" ], "package": "linux-meta-riscv", "version": "6.8.0-52.53.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [], "author": "Emil Renner Berthing ", "date": "Tue, 21 Jan 2025 16:56:15 +0100" } ], "notes": null }, { "name": "linux-virtual", "from_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.8.0-51.52.1", "version": "6.8.0-51.52.1" }, "to_version": { "source_package_name": "linux-meta-riscv", "source_package_version": "6.8.0-52.53.1", "version": "6.8.0-52.53.1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-52.53.1", "" ], "package": "linux-meta-riscv", "version": "6.8.0-52.53.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [], "author": "Emil Renner Berthing ", "date": "Tue, 21 Jan 2025 16:56:15 +0100" } ], "notes": null }, { "name": "locales", "from_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.3", "version": "2.39-0ubuntu8.3" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.4", "version": "2.39-0ubuntu8.4" }, "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-0395", "url": "https://ubuntu.com/security/CVE-2025-0395", "cve_description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "cve_priority": "medium", "cve_public_date": "2025-01-22 13:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Buffer overflow in the assert function.", " - debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP", " calculation and include libc-pointer-arith.h in assert/assert.c and", " sysdeps/posix/libc_fatal.c.", " - CVE-2025-0395", "" ], "package": "glibc", "version": "2.39-0ubuntu8.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 28 Jan 2025 13:37:37 -0330" } ], "notes": null }, { "name": "mount", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "perl", "from_version": { "source_package_name": "perl", "source_package_version": "5.38.2-3.2build2", "version": "5.38.2-3.2build2" }, "to_version": { "source_package_name": "perl", "source_package_version": "5.38.2-3.2build2.1", "version": "5.38.2-3.2build2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "perl", "version": "5.38.2-3.2build2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "perl-base", "from_version": { "source_package_name": "perl", "source_package_version": "5.38.2-3.2build2", "version": "5.38.2-3.2build2" }, "to_version": { "source_package_name": "perl", "source_package_version": "5.38.2-3.2build2.1", "version": "5.38.2-3.2build2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "perl", "version": "5.38.2-3.2build2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "perl-modules-5.38", "from_version": { "source_package_name": "perl", "source_package_version": "5.38.2-3.2build2", "version": "5.38.2-3.2build2" }, "to_version": { "source_package_name": "perl", "source_package_version": "5.38.2-3.2build2.1", "version": "5.38.2-3.2build2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2083480 ], "changes": [ { "cves": [], "log": [ "", " * SRU: LP: #2083480: No-change rebuild to disable frame pointers on", " ppc64el and s390x.", "" ], "package": "perl", "version": "5.38.2-3.2build2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2083480 ], "author": "Matthias Klose ", "date": "Wed, 02 Oct 2024 14:40:50 +0200" } ], "notes": null }, { "name": "python-apt-common", "from_version": { "source_package_name": "python-apt", "source_package_version": "2.7.7ubuntu3", "version": "2.7.7ubuntu3" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "2.7.7ubuntu4", "version": "2.7.7ubuntu4" }, "cves": [], "launchpad_bugs_fixed": [ 2096775 ], "changes": [ { "cves": [], "log": [ "", " * Mirror list update for 24.04.2 (LP: #2096775)", "" ], "package": "python-apt", "version": "2.7.7ubuntu4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2096775 ], "author": "Florent 'Skia' Jacquet ", "date": "Mon, 27 Jan 2025 12:40:02 +0100" } ], "notes": null }, { "name": "python3-apt", "from_version": { "source_package_name": "python-apt", "source_package_version": "2.7.7ubuntu3", "version": "2.7.7ubuntu3" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "2.7.7ubuntu4", "version": "2.7.7ubuntu4" }, "cves": [], "launchpad_bugs_fixed": [ 2096775 ], "changes": [ { "cves": [], "log": [ "", " * Mirror list update for 24.04.2 (LP: #2096775)", "" ], "package": "python-apt", "version": "2.7.7ubuntu4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2096775 ], "author": "Florent 'Skia' Jacquet ", "date": "Mon, 27 Jan 2025 12:40:02 +0100" } ], "notes": null }, { "name": "python3-distupgrade", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:24.04.23", "version": "1:24.04.23" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:24.04.26", "version": "1:24.04.26" }, "cves": [], "launchpad_bugs_fixed": [ 2078639, 2078555, 2081864, 2078639 ], "changes": [ { "cves": [], "log": [ "", " [ Erich Eickmeyer ]", " * DistUpgradeQuirks: install pipewire-audio on ubuntu studio upgrades,", " uninstalling pulseaudio and preventing install of", " pulseaudio:i386 (LP: #2078639)", "", " [ Nick Rosbrook ]", " * Run pre-build.sh: updating mirrors and translations.", "" ], "package": "ubuntu-release-upgrader", "version": "1:24.04.26", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2078639 ], "author": "Nick Rosbrook ", "date": "Fri, 31 Jan 2025 12:11:23 -0500" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: skip sd-resolved quirk if it's not running (LP: #2078555)", " * Revert \"DistUpgradeQuirks: install pipewire-audio on ubuntu studio upgrades\"", " * Run pre-build.sh: updating mirrors and translations.", "" ], "package": "ubuntu-release-upgrader", "version": "1:24.04.25", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2078555 ], "author": "Nick Rosbrook ", "date": "Wed, 22 Jan 2025 16:05:37 -0500" }, { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Avoid breaking upgrade by treating cross-grades as replacements", " (LP: #2081864)", "", " [ Nick Rosbrook ]", " * DistUpgradeQuirks: install pipewire-audio on ubuntu studio upgrades", " (LP: #2078639)", " * Run pre-build.sh: updating mirrors and translations.", "" ], "package": "ubuntu-release-upgrader", "version": "1:24.04.24", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2081864, 2078639 ], "author": "Nick Rosbrook ", "date": "Thu, 16 Jan 2025 09:49:15 -0500" } ], "notes": null }, { "name": "python3-jinja2", "from_version": { "source_package_name": "jinja2", "source_package_version": "3.1.2-1ubuntu1.1", "version": "3.1.2-1ubuntu1.1" }, "to_version": { "source_package_name": "jinja2", "source_package_version": "3.1.2-1ubuntu1.2", "version": "3.1.2-1ubuntu1.2" }, "cves": [ { "cve": "CVE-2024-56201", "url": "https://ubuntu.com/security/CVE-2024-56201", "cve_description": "Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.", "cve_priority": "medium", "cve_public_date": "2024-12-23 16:15:00 UTC" }, { "cve": "CVE-2024-56326", "url": "https://ubuntu.com/security/CVE-2024-56326", "cve_description": "Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.", "cve_priority": "medium", "cve_public_date": "2024-12-23 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-56201", "url": "https://ubuntu.com/security/CVE-2024-56201", "cve_description": "Jinja is an extensible templating engine. In versions on the 3.x branch prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.", "cve_priority": "medium", "cve_public_date": "2024-12-23 16:15:00 UTC" }, { "cve": "CVE-2024-56326", "url": "https://ubuntu.com/security/CVE-2024-56326", "cve_description": "Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.", "cve_priority": "medium", "cve_public_date": "2024-12-23 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: arbitrary code execution issue in jinja compiler ", " - debian/patches/CVE-2024-56201.patch: f-string syntax handling in code ", " generation improved in src/jinja2/compiler.py. ", " - debian/patches/CVE-2024-56326.patch: oversight on calls to str.format ", " adjusted in src/jinja2/sandbox.py. ", " - CVE-2024-56201 ", " - CVE-2024-56326 ", "" ], "package": "jinja2", "version": "3.1.2-1ubuntu1.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Evan Caville ", "date": "Mon, 06 Jan 2025 14:55:29 +1000" } ], "notes": null }, { "name": "systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.4", "version": "255.4-1ubuntu8.4" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.5", "version": "255.4-1ubuntu8.5" }, "cves": [], "launchpad_bugs_fixed": [ 2077779, 2081192 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * udev: Handle PTP device symlink properly on udev action 'change'", " (LP: #2077779)", "", " [ Nick Rosbrook ]", " * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call", " (LP: #2081192)", "" ], "package": "systemd", "version": "255.4-1ubuntu8.5", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077779, 2081192 ], "author": "Nick Rosbrook ", "date": "Thu, 17 Oct 2024 13:15:16 -0400" } ], "notes": null }, { "name": "systemd-dev", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.4", "version": "255.4-1ubuntu8.4" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.5", "version": "255.4-1ubuntu8.5" }, "cves": [], "launchpad_bugs_fixed": [ 2077779, 2081192 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * udev: Handle PTP device symlink properly on udev action 'change'", " (LP: #2077779)", "", " [ Nick Rosbrook ]", " * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call", " (LP: #2081192)", "" ], "package": "systemd", "version": "255.4-1ubuntu8.5", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077779, 2081192 ], "author": "Nick Rosbrook ", "date": "Thu, 17 Oct 2024 13:15:16 -0400" } ], "notes": null }, { "name": "systemd-resolved", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.4", "version": "255.4-1ubuntu8.4" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.5", "version": "255.4-1ubuntu8.5" }, "cves": [], "launchpad_bugs_fixed": [ 2077779, 2081192 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * udev: Handle PTP device symlink properly on udev action 'change'", " (LP: #2077779)", "", " [ Nick Rosbrook ]", " * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call", " (LP: #2081192)", "" ], "package": "systemd", "version": "255.4-1ubuntu8.5", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077779, 2081192 ], "author": "Nick Rosbrook ", "date": "Thu, 17 Oct 2024 13:15:16 -0400" } ], "notes": null }, { "name": "systemd-sysv", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.4", "version": "255.4-1ubuntu8.4" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.5", "version": "255.4-1ubuntu8.5" }, "cves": [], "launchpad_bugs_fixed": [ 2077779, 2081192 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * udev: Handle PTP device symlink properly on udev action 'change'", " (LP: #2077779)", "", " [ Nick Rosbrook ]", " * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call", " (LP: #2081192)", "" ], "package": "systemd", "version": "255.4-1ubuntu8.5", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077779, 2081192 ], "author": "Nick Rosbrook ", "date": "Thu, 17 Oct 2024 13:15:16 -0400" } ], "notes": null }, { "name": "systemd-timesyncd", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.4", "version": "255.4-1ubuntu8.4" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.5", "version": "255.4-1ubuntu8.5" }, "cves": [], "launchpad_bugs_fixed": [ 2077779, 2081192 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * udev: Handle PTP device symlink properly on udev action 'change'", " (LP: #2077779)", "", " [ Nick Rosbrook ]", " * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call", " (LP: #2081192)", "" ], "package": "systemd", "version": "255.4-1ubuntu8.5", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077779, 2081192 ], "author": "Nick Rosbrook ", "date": "Thu, 17 Oct 2024 13:15:16 -0400" } ], "notes": null }, { "name": "tzdata", "from_version": { "source_package_name": "tzdata", "source_package_version": "2024a-3ubuntu1.1", "version": "2024a-3ubuntu1.1" }, "to_version": { "source_package_name": "tzdata", "source_package_version": "2024b-0ubuntu0.24.04.1", "version": "2024b-0ubuntu0.24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2096974, 2079966, 2070285 ], "changes": [ { "cves": [], "log": [ "", " * Revert using %z in tzdata.zi data form (LP: #2096974):", " - Enable link to link feature also for rearguard dataform", " - Use dataform rearguard for C++ std::chrono", " - Add chrono autopkgtest to test C++ std::chrono::tzdb parser", "" ], "package": "tzdata", "version": "2024b-0ubuntu0.24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2096974 ], "author": "Benjamin Drung ", "date": "Thu, 30 Jan 2025 22:33:14 +0100" }, { "cves": [], "log": [ "", " * New upstream release (LP: #2079966):", " - Improve historical data for Mexico, Mongolia, and Portugal.", " - System V names are now obsolescent (reverted, see below).", " - The main data form now uses %z.", " - Asia/Choibalsan is now an alias for Asia/Ulaanbaatar", " * Add autopkgtest test case for 2024b release", " * Update the ICU timezone data to 2024b", " * Add autopkgtest test case for ICU timezone data 2024b", " * Build timezones with zic -b 'fat' (Closes: #1084111)", " * Move UNIX System V zones back from backzone to backwards file", " to keep them unchanged for the stable release updates.", " * Make remaining legacy timezones selectable in debconf (LP: #2070285)", "" ], "package": "tzdata", "version": "2024b-0ubuntu0.24.04", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2079966, 2070285 ], "author": "Benjamin Drung ", "date": "Tue, 03 Dec 2024 22:59:32 +0100" } ], "notes": null }, { "name": "ubuntu-minimal", "from_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.539.1", "version": "1.539.1" }, "to_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.539.2", "version": "1.539.2" }, "cves": [], "launchpad_bugs_fixed": [ 2062667, 2062667, 2062667 ], "changes": [ { "cves": [], "log": [ "", " * Refreshed dependencies", " * Removed flash-kernel from desktop-minimal-recommends [arm64],", " desktop-recommends [arm64] (LP: #2062667)", " * Removed protection-domain-mapper from desktop-minimal-recommends", " [arm64], desktop-recommends [arm64] (LP: #2062667)", " * Removed qrtr-tools from desktop-minimal-recommends [arm64], desktop-", " recommends [arm64] (LP: #2062667)", "" ], "package": "ubuntu-meta", "version": "1.539.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2062667, 2062667, 2062667 ], "author": "Dave Jones ", "date": "Thu, 30 Jan 2025 11:50:22 +0000" } ], "notes": null }, { "name": "ubuntu-release-upgrader-core", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:24.04.23", "version": "1:24.04.23" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:24.04.26", "version": "1:24.04.26" }, "cves": [], "launchpad_bugs_fixed": [ 2078639, 2078555, 2081864, 2078639 ], "changes": [ { "cves": [], "log": [ "", " [ Erich Eickmeyer ]", " * DistUpgradeQuirks: install pipewire-audio on ubuntu studio upgrades,", " uninstalling pulseaudio and preventing install of", " pulseaudio:i386 (LP: #2078639)", "", " [ Nick Rosbrook ]", " * Run pre-build.sh: updating mirrors and translations.", "" ], "package": "ubuntu-release-upgrader", "version": "1:24.04.26", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2078639 ], "author": "Nick Rosbrook ", "date": "Fri, 31 Jan 2025 12:11:23 -0500" }, { "cves": [], "log": [ "", " * DistUpgradeQuirks: skip sd-resolved quirk if it's not running (LP: #2078555)", " * Revert \"DistUpgradeQuirks: install pipewire-audio on ubuntu studio upgrades\"", " * Run pre-build.sh: updating mirrors and translations.", "" ], "package": "ubuntu-release-upgrader", "version": "1:24.04.25", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2078555 ], "author": "Nick Rosbrook ", "date": "Wed, 22 Jan 2025 16:05:37 -0500" }, { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Avoid breaking upgrade by treating cross-grades as replacements", " (LP: #2081864)", "", " [ Nick Rosbrook ]", " * DistUpgradeQuirks: install pipewire-audio on ubuntu studio upgrades", " (LP: #2078639)", " * Run pre-build.sh: updating mirrors and translations.", "" ], "package": "ubuntu-release-upgrader", "version": "1:24.04.24", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2081864, 2078639 ], "author": "Nick Rosbrook ", "date": "Thu, 16 Jan 2025 09:49:15 -0500" } ], "notes": null }, { "name": "ubuntu-server", "from_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.539.1", "version": "1.539.1" }, "to_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.539.2", "version": "1.539.2" }, "cves": [], "launchpad_bugs_fixed": [ 2062667, 2062667, 2062667 ], "changes": [ { "cves": [], "log": [ "", " * Refreshed dependencies", " * Removed flash-kernel from desktop-minimal-recommends [arm64],", " desktop-recommends [arm64] (LP: #2062667)", " * Removed protection-domain-mapper from desktop-minimal-recommends", " [arm64], desktop-recommends [arm64] (LP: #2062667)", " * Removed qrtr-tools from desktop-minimal-recommends [arm64], desktop-", " recommends [arm64] (LP: #2062667)", "" ], "package": "ubuntu-meta", "version": "1.539.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2062667, 2062667, 2062667 ], "author": "Dave Jones ", "date": "Thu, 30 Jan 2025 11:50:22 +0000" } ], "notes": null }, { "name": "ubuntu-standard", "from_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.539.1", "version": "1.539.1" }, "to_version": { "source_package_name": "ubuntu-meta", "source_package_version": "1.539.2", "version": "1.539.2" }, "cves": [], "launchpad_bugs_fixed": [ 2062667, 2062667, 2062667 ], "changes": [ { "cves": [], "log": [ "", " * Refreshed dependencies", " * Removed flash-kernel from desktop-minimal-recommends [arm64],", " desktop-recommends [arm64] (LP: #2062667)", " * Removed protection-domain-mapper from desktop-minimal-recommends", " [arm64], desktop-recommends [arm64] (LP: #2062667)", " * Removed qrtr-tools from desktop-minimal-recommends [arm64], desktop-", " recommends [arm64] (LP: #2062667)", "" ], "package": "ubuntu-meta", "version": "1.539.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2062667, 2062667, 2062667 ], "author": "Dave Jones ", "date": "Thu, 30 Jan 2025 11:50:22 +0000" } ], "notes": null }, { "name": "udev", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.4", "version": "255.4-1ubuntu8.4" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.5", "version": "255.4-1ubuntu8.5" }, "cves": [], "launchpad_bugs_fixed": [ 2077779, 2081192 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * udev: Handle PTP device symlink properly on udev action 'change'", " (LP: #2077779)", "", " [ Nick Rosbrook ]", " * core/exec-invoke: Fix missing arguments for PR_SET_MEMORY_MERGE call", " (LP: #2081192)", "" ], "package": "systemd", "version": "255.4-1ubuntu8.5", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077779, 2081192 ], "author": "Nick Rosbrook ", "date": "Thu, 17 Oct 2024 13:15:16 -0400" } ], "notes": null }, { "name": "util-linux", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "uuid-runtime", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.1", "version": "2.39.3-9ubuntu6.1" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.39.3-9ubuntu6.2", "version": "2.39.3-9ubuntu6.2" }, "cves": [], "launchpad_bugs_fixed": [ 2090972 ], "changes": [ { "cves": [], "log": [ "", " * Read the ext4 superblock with O_DIRECT if the first read produces a", " checksum failure. This fixes a race where the underlying superblock", " can be changed in memory but not on disk, resulting in checksum", " failures which in turn causes systemd-udevd to remove by-uuid and", " by-label symlinks. (LP: #2090972)", " - d/p/ubuntu/lp2090972-libblkid-fix-spurious-ext-superblock-checksum-mismat.patch", "" ], "package": "util-linux", "version": "2.39.3-9ubuntu6.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090972 ], "author": "Matthew Ruffell ", "date": "Thu, 05 Dec 2024 15:26:54 +1300" } ], "notes": null }, { "name": "wireless-regdb", "from_version": { "source_package_name": "wireless-regdb", "source_package_version": "2022.06.06-0ubuntu2", "version": "2022.06.06-0ubuntu2" }, "to_version": { "source_package_name": "wireless-regdb", "source_package_version": "2024.07.04-0ubuntu1~24.04.1", "version": "2024.07.04-0ubuntu1~24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2073274, 2073274 ], "changes": [ { "cves": [], "log": [ "", " * Backport to noble (LP: #2073274)", "" ], "package": "wireless-regdb", "version": "2024.07.04-0ubuntu1~24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2073274 ], "author": "Noah Wager ", "date": "Fri, 13 Sep 2024 10:33:29 -0700" }, { "cves": [], "log": [ "", " * New upstream version 2024.07.04 (LP: #2073274)", "" ], "package": "wireless-regdb", "version": "2024.07.04-0ubuntu1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2073274 ], "author": "Noah Wager ", "date": "Fri, 12 Jul 2024 19:08:59 -0400" } ], "notes": null }, { "name": "xfsprogs", "from_version": { "source_package_name": "xfsprogs", "source_package_version": "6.6.0-1ubuntu2", "version": "6.6.0-1ubuntu2" }, "to_version": { "source_package_name": "xfsprogs", "source_package_version": "6.6.0-1ubuntu2.1", "version": "6.6.0-1ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2081163 ], "changes": [ { "cves": [], "log": [ "", " * Backport from upstream:", " - fix fsck.xfs run by different shells when fsck.mode=force is set", " (LP: #2081163).", "" ], "package": "xfsprogs", "version": "6.6.0-1ubuntu2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2081163 ], "author": "Gerald Yang ", "date": "Thu, 17 Oct 2024 07:36:15 +0000" } ], "notes": null } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-6.8.0-52-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-51.52.1", "version": null }, "to_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-52.53.1", "version": "6.8.0-52.53.1" }, "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2093517, 2093521 ], "changes": [ { "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "log": [ "", " * noble/linux-riscv: 6.8.0-52.53.1 -proposed tracker (LP: #2093517)", "", " [ Ubuntu: 6.8.0-52.53 ]", "", " * noble/linux: 6.8.0-52.53 -proposed tracker (LP: #2093521)", " * CVE-2024-53164", " - net: sched: fix ordering of qlen adjustment", " * CVE-2024-53141", " - netfilter: ipset: add missing range check in bitmap_ip_uadt", " * CVE-2024-53103", " - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer", "" ], "package": "linux-riscv", "version": "6.8.0-52.53.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2093517, 2093521 ], "author": "Emil Renner Berthing ", "date": "Tue, 21 Jan 2025 16:52:05 +0100" } ], "notes": "linux-headers-6.8.0-52-generic version '6.8.0-52.53.1' (source package linux-riscv version '6.8.0-52.53.1') was added. linux-headers-6.8.0-52-generic version '6.8.0-52.53.1' has the same source package name, linux-riscv, as removed package linux-headers-6.8.0-51-generic. As such we can use the source package version of the removed package, '6.8.0-51.52.1', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-image-6.8.0-52-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-51.52.1", "version": null }, "to_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-52.53.1", "version": "6.8.0-52.53.1" }, "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2093517, 2093521 ], "changes": [ { "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "log": [ "", " * noble/linux-riscv: 6.8.0-52.53.1 -proposed tracker (LP: #2093517)", "", " [ Ubuntu: 6.8.0-52.53 ]", "", " * noble/linux: 6.8.0-52.53 -proposed tracker (LP: #2093521)", " * CVE-2024-53164", " - net: sched: fix ordering of qlen adjustment", " * CVE-2024-53141", " - netfilter: ipset: add missing range check in bitmap_ip_uadt", " * CVE-2024-53103", " - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer", "" ], "package": "linux-riscv", "version": "6.8.0-52.53.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2093517, 2093521 ], "author": "Emil Renner Berthing ", "date": "Tue, 21 Jan 2025 16:52:05 +0100" } ], "notes": "linux-image-6.8.0-52-generic version '6.8.0-52.53.1' (source package linux-riscv version '6.8.0-52.53.1') was added. linux-image-6.8.0-52-generic version '6.8.0-52.53.1' has the same source package name, linux-riscv, as removed package linux-headers-6.8.0-51-generic. As such we can use the source package version of the removed package, '6.8.0-51.52.1', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-modules-6.8.0-52-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-51.52.1", "version": null }, "to_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-52.53.1", "version": "6.8.0-52.53.1" }, "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2093517, 2093521 ], "changes": [ { "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "log": [ "", " * noble/linux-riscv: 6.8.0-52.53.1 -proposed tracker (LP: #2093517)", "", " [ Ubuntu: 6.8.0-52.53 ]", "", " * noble/linux: 6.8.0-52.53 -proposed tracker (LP: #2093521)", " * CVE-2024-53164", " - net: sched: fix ordering of qlen adjustment", " * CVE-2024-53141", " - netfilter: ipset: add missing range check in bitmap_ip_uadt", " * CVE-2024-53103", " - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer", "" ], "package": "linux-riscv", "version": "6.8.0-52.53.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2093517, 2093521 ], "author": "Emil Renner Berthing ", "date": "Tue, 21 Jan 2025 16:52:05 +0100" } ], "notes": "linux-modules-6.8.0-52-generic version '6.8.0-52.53.1' (source package linux-riscv version '6.8.0-52.53.1') was added. linux-modules-6.8.0-52-generic version '6.8.0-52.53.1' has the same source package name, linux-riscv, as removed package linux-headers-6.8.0-51-generic. As such we can use the source package version of the removed package, '6.8.0-51.52.1', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-riscv-headers-6.8.0-52", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-51.52.1", "version": null }, "to_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-52.53.1", "version": "6.8.0-52.53.1" }, "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2093517, 2093521 ], "changes": [ { "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "log": [ "", " * noble/linux-riscv: 6.8.0-52.53.1 -proposed tracker (LP: #2093517)", "", " [ Ubuntu: 6.8.0-52.53 ]", "", " * noble/linux: 6.8.0-52.53 -proposed tracker (LP: #2093521)", " * CVE-2024-53164", " - net: sched: fix ordering of qlen adjustment", " * CVE-2024-53141", " - netfilter: ipset: add missing range check in bitmap_ip_uadt", " * CVE-2024-53103", " - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer", "" ], "package": "linux-riscv", "version": "6.8.0-52.53.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2093517, 2093521 ], "author": "Emil Renner Berthing ", "date": "Tue, 21 Jan 2025 16:52:05 +0100" } ], "notes": "linux-riscv-headers-6.8.0-52 version '6.8.0-52.53.1' (source package linux-riscv version '6.8.0-52.53.1') was added. linux-riscv-headers-6.8.0-52 version '6.8.0-52.53.1' has the same source package name, linux-riscv, as removed package linux-headers-6.8.0-51-generic. As such we can use the source package version of the removed package, '6.8.0-51.52.1', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-6.8.0-51-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-51.52.1", "version": "6.8.0-51.52.1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-image-6.8.0-51-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-51.52.1", "version": "6.8.0-51.52.1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-modules-6.8.0-51-generic", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-51.52.1", "version": "6.8.0-51.52.1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-riscv-headers-6.8.0-51", "from_version": { "source_package_name": "linux-riscv", "source_package_version": "6.8.0-51.52.1", "version": "6.8.0-51.52.1" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from daily image serial 20250122 to 20250207", "from_series": "noble", "to_series": "noble", "from_serial": "20250122", "to_serial": "20250207", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }