{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "apport", "apport-core-dump-handler", "apt", "apt-utils", "cloud-init", "gir1.2-glib-2.0:ppc64el", "ibverbs-providers:ppc64el", "krb5-locales", "libapt-pkg6.0t64:ppc64el", "libglib2.0-0t64:ppc64el", "libglib2.0-bin", "libglib2.0-data", "libgssapi-krb5-2:ppc64el", "libibverbs1:ppc64el", "libk5crypto3:ppc64el", "libkrb5-3:ppc64el", "libkrb5support0:ppc64el", "libnss-systemd:ppc64el", "libpam-systemd:ppc64el", "libsqlite3-0:ppc64el", "libsystemd-shared:ppc64el", "libsystemd0:ppc64el", "libtraceevent1:ppc64el", "libtraceevent1-plugin:ppc64el", "libudev1:ppc64el", "openssh-client", "openssh-server", "openssh-sftp-server", "python3-apport", "python3-pkg-resources", "python3-problem-report", "python3-setuptools", "python3-update-manager", "systemd", "systemd-dev", "systemd-resolved", "systemd-sysv", "systemd-timesyncd", "tzdata", "udev", "update-manager-core", "update-notifier-common" ] } }, "diff": { "deb": [ { "name": "apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3.5", "version": "2.28.1-0ubuntu3.5" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3.7", "version": "2.28.1-0ubuntu3.7" }, "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2112272, 2106338, 2107472 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: apport not generating core dumps inside containers", " (LP: #2112272)", " - d/p/check-exe-mtime.patch: Check the exe mtime within the proc root", " mount.", "" ], "package": "apport", "version": "2.28.1-0ubuntu3.7", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [ 2112272 ], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 15:59:08 -0300" }, { "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Insecure report permissions (LP: #2106338)", " - d/p/apport-Do-not-change-report-group-to-report-owners-primar.patch: Do", " not change report group to report owners primary group.", " - CVE-2025-5467", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " (LP: #2107472)", " - d/p/apport-move-consistency_checks-call-further-up.patch: Move", " consistency_checks call further up.", " - d/p/apport-do-not-override-options.pid.patch: Do not override", " options.pid.", " - d/p/apport-open-proc-pid-as-early-as-possible.patch: Open /proc/ as", " early as possible.", " - d/p/fileutils-respect-proc_pid_fd-in-get_core_path.patch: Respect", " proc_pid_fd in get_core_path.", " - d/p/apport-use-opened-proc-pid-everywhere.patch: Use opened /proc/", " everywhere.", " - d/p/apport-do-consistency-check-before-forwarding-crashes.patch: Do", " consistency check before forwarding crashes.", " - d/p/apport-require-dump-mode-to-be-specified.patch: Require --dump-mode", " to be specified.", " - d/p/apport-determine-report-owner-by-dump_mode.patch: Determine report", " owner by dump_mode.", " - d/p/apport-do-not-forward-crash-for-dump_mode-2.patch: Do not forward", " crash for dump_mode == 2.", " - d/p/apport-support-pidfd-F-parameter-from-kernel.patch: Support pidfd", " (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.28.1-0ubuntu3.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [ 2106338, 2107472 ], "author": "Octavio Galland ", "date": "Fri, 23 May 2025 09:41:47 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "apport-core-dump-handler", "from_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3.5", "version": "2.28.1-0ubuntu3.5" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3.7", "version": "2.28.1-0ubuntu3.7" }, "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2112272, 2106338, 2107472 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: apport not generating core dumps inside containers", " (LP: #2112272)", " - d/p/check-exe-mtime.patch: Check the exe mtime within the proc root", " mount.", "" ], "package": "apport", "version": "2.28.1-0ubuntu3.7", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [ 2112272 ], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 15:59:08 -0300" }, { "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Insecure report permissions (LP: #2106338)", " - d/p/apport-Do-not-change-report-group-to-report-owners-primar.patch: Do", " not change report group to report owners primary group.", " - CVE-2025-5467", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " (LP: #2107472)", " - d/p/apport-move-consistency_checks-call-further-up.patch: Move", " consistency_checks call further up.", " - d/p/apport-do-not-override-options.pid.patch: Do not override", " options.pid.", " - d/p/apport-open-proc-pid-as-early-as-possible.patch: Open /proc/ as", " early as possible.", " - d/p/fileutils-respect-proc_pid_fd-in-get_core_path.patch: Respect", " proc_pid_fd in get_core_path.", " - d/p/apport-use-opened-proc-pid-everywhere.patch: Use opened /proc/", " everywhere.", " - d/p/apport-do-consistency-check-before-forwarding-crashes.patch: Do", " consistency check before forwarding crashes.", " - d/p/apport-require-dump-mode-to-be-specified.patch: Require --dump-mode", " to be specified.", " - d/p/apport-determine-report-owner-by-dump_mode.patch: Determine report", " owner by dump_mode.", " - d/p/apport-do-not-forward-crash-for-dump_mode-2.patch: Do not forward", " crash for dump_mode == 2.", " - d/p/apport-support-pidfd-F-parameter-from-kernel.patch: Support pidfd", " (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.28.1-0ubuntu3.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [ 2106338, 2107472 ], "author": "Octavio Galland ", "date": "Fri, 23 May 2025 09:41:47 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "apt", "from_version": { "source_package_name": "apt", "source_package_version": "2.7.14build2", "version": "2.7.14build2" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.8.3", "version": "2.8.3" }, "cves": [], "launchpad_bugs_fixed": [ 2073126, 2078720, 2083697, 2073126, 2073126, 2073126, 2060721 ], "changes": [ { "cves": [], "log": [ "", " * Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)", " - Revert \"Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment\"", " - Revert \"Only warn about ", "date": "Tue, 22 Oct 2024 15:02:22 +0200" }, { "cves": [], "log": [ "", " * Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment", " (follow-up for LP: #2073126)", "" ], "package": "apt", "version": "2.8.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2073126 ], "author": "Julian Andres Klode ", "date": "Tue, 13 Aug 2024 16:47:13 +0200" }, { "cves": [], "log": [ "", " * Only revoke weak RSA keys for now, add 'next' and 'future' levels", " (backported from 2.9.7)", " Note that the changes to warn about keys not matching the future level", " in the --audit level are not fully included, as the --audit feature", " has not yet been backported. (LP: #2073126)", " * Introduce further mitigation on upgrades from 2.7.x to allow these", " systems to continue using rsa1024 repositories with warnings", " until the 24.04.2 point release (LP: #2073126)", "" ], "package": "apt", "version": "2.8.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2073126, 2073126 ], "author": "Julian Andres Klode ", "date": "Tue, 30 Jul 2024 17:12:00 +0900" }, { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Revert \"Temporarily downgrade key assertions to \"soon worthless\"\"", " We temporarily downgraded the errors to warnings to give the", " launchpad PPAs time to be fixed, but warnings are not safe:", " Untrusted keys could be hiding on your system, but just not", " used at the moment. Hence revert this so we get the errors we", " want. (LP: #2060721)", " * Branch off the stable 2.8.y branch for noble:", " - CI: Test in ubuntu:noble images for 2.8.y", " - debian/gbp.conf: Point at the 2.8.y branch", "", " [ David Kalnischkies ]", " * Test suite fixes:", " - Avoid subshell hiding failure report from testfilestats", " - Ignore umask of leftover diff_Index in failed pdiff test", " * Documentation translation fixes:", " - Fix and unfuzzy previous VCG/Graphviz URI change", "" ], "package": "apt", "version": "2.8.0", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2060721 ], "author": "Julian Andres Klode ", "date": "Tue, 16 Apr 2024 16:59:14 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "apt-utils", "from_version": { "source_package_name": "apt", "source_package_version": "2.7.14build2", "version": "2.7.14build2" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.8.3", "version": "2.8.3" }, "cves": [], "launchpad_bugs_fixed": [ 2073126, 2078720, 2083697, 2073126, 2073126, 2073126, 2060721 ], "changes": [ { "cves": [], "log": [ "", " * Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)", " - Revert \"Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment\"", " - Revert \"Only warn about ", "date": "Tue, 22 Oct 2024 15:02:22 +0200" }, { "cves": [], "log": [ "", " * Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment", " (follow-up for LP: #2073126)", "" ], "package": "apt", "version": "2.8.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2073126 ], "author": "Julian Andres Klode ", "date": "Tue, 13 Aug 2024 16:47:13 +0200" }, { "cves": [], "log": [ "", " * Only revoke weak RSA keys for now, add 'next' and 'future' levels", " (backported from 2.9.7)", " Note that the changes to warn about keys not matching the future level", " in the --audit level are not fully included, as the --audit feature", " has not yet been backported. (LP: #2073126)", " * Introduce further mitigation on upgrades from 2.7.x to allow these", " systems to continue using rsa1024 repositories with warnings", " until the 24.04.2 point release (LP: #2073126)", "" ], "package": "apt", "version": "2.8.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2073126, 2073126 ], "author": "Julian Andres Klode ", "date": "Tue, 30 Jul 2024 17:12:00 +0900" }, { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Revert \"Temporarily downgrade key assertions to \"soon worthless\"\"", " We temporarily downgraded the errors to warnings to give the", " launchpad PPAs time to be fixed, but warnings are not safe:", " Untrusted keys could be hiding on your system, but just not", " used at the moment. Hence revert this so we get the errors we", " want. (LP: #2060721)", " * Branch off the stable 2.8.y branch for noble:", " - CI: Test in ubuntu:noble images for 2.8.y", " - debian/gbp.conf: Point at the 2.8.y branch", "", " [ David Kalnischkies ]", " * Test suite fixes:", " - Avoid subshell hiding failure report from testfilestats", " - Ignore umask of leftover diff_Index in failed pdiff test", " * Documentation translation fixes:", " - Fix and unfuzzy previous VCG/Graphviz URI change", "" ], "package": "apt", "version": "2.8.0", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2060721 ], "author": "Julian Andres Klode ", "date": "Tue, 16 Apr 2024 16:59:14 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "24.4.1-0ubuntu0~24.04.3", "version": "24.4.1-0ubuntu0~24.04.3" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "25.1.2-0ubuntu0~24.04.1", "version": "25.1.2-0ubuntu0~24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2104165, 2100963 ], "changes": [ { "cves": [], "log": [ "", " * Upstream snapshot based on 25.1.2. (LP: #2104165).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/25.1.2/ChangeLog", "" ], "package": "cloud-init", "version": "25.1.2-0ubuntu0~24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2104165 ], "author": "James Falcon ", "date": "Mon, 19 May 2025 15:00:58 -0500" }, { "cves": [], "log": [ "", " * Drop cpicks which are now upstream:", " - cpick-d75840be-fix-retry-AWS-hotplug-for-async-IMDS-5995", " - cpick-84806336-chore-Add-feature-flag-for-manual-network-waiting", " - d/p/cpick-c60771d8-test-pytestify-test_url_helper.py", " - d/p/cpick-8810a2dc-test-Remove-CiTestCase-from-test_url_helper.py", " - d/p/cpick-582f16c1-test-add-OauthUrlHelper-tests", " - d/p/cpick-9311e066-fix-Update-OauthUrlHelper-to-use-readurl-exception_cb", " * refresh patches", " - d/p/deprecation-version-boundary.patch", " - d/p/grub-dpkg-support.patch", " - d/p/no-nocloud-network.patch", " - d/p/no-single-process.patch", " * sort hunks within all patches (--sort on quilt refresh)", " * Upstream snapshot based on 25.1.1.", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/25.1.1/ChangeLog", "" ], "package": "cloud-init", "version": "25.1.1-0ubuntu1~24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [], "author": "Chad Smith ", "date": "Tue, 25 Mar 2025 11:02:28 -0600" }, { "cves": [], "log": [ "", " * cherry-pick fixes for MAAS traceback (LP: #2100963)", " - cherry-pick c60771d8: test: pytestify test_url_helper.py", " - cherry-pick 8810a2dc: test: Remove CiTestCase from", " test_url_helper.py", " - cherry-pick 582f16c1: test: add OauthUrlHelper tests", " - cherry-pick 9311e066: fix: Update OauthUrlHelper to use readurl", " exception_cb", "" ], "package": "cloud-init", "version": "24.4.1-0ubuntu0~20.04.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2100963 ], "author": "James Falcon ", "date": "Thu, 13 Mar 2025 11:28:57 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "gir1.2-glib-2.0:ppc64el", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.2", "version": "2.80.0-6ubuntu3.2" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.4", "version": "2.80.0-6ubuntu3.4" }, "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Integer Overflow", " - debian/patches/CVE-2025-4373-1.patch: carefully handle gssize", " in glib/gstring.c.", " - debian/patches/CVE-2025-4373-2.patch: make len_unsigned", " unsigned in glib/gstring.c", " - CVE-2025-4373", " * Disable some consistently failing gio tests", " - debian/patches/disable_failing_gio_tests.patch: disable gdbus-peer", " and gdbus-address-get-session in gio/tests/meson.build.", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Thu, 15 May 2025 09:06:49 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "ibverbs-providers:ppc64el", "from_version": { "source_package_name": "rdma-core", "source_package_version": "50.0-2build2", "version": "50.0-2build2" }, "to_version": { "source_package_name": "rdma-core", "source_package_version": "50.0-2ubuntu0.2", "version": "50.0-2ubuntu0.2" }, "cves": [], "launchpad_bugs_fixed": [ 2100089, 2100089 ], "changes": [ { "cves": [], "log": [ "", " * Revert non-MANA 50.0-2ubuntu0.1 changes (LP: #2100089)", " * Improve synchronization around MANA provider shadow queue", "" ], "package": "rdma-core", "version": "50.0-2ubuntu0.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2100089 ], "author": "Daniel Draper ", "date": "Mon, 14 Apr 2025 12:00:22 +0200" }, { "cves": [], "log": [ "", " * Incorporate all upstream changes to Microsoft Azure Network Adapter (MANA)", " RDMA provider (LP: #2100089)", " * Bump libibverbs symbol for private ibv_cmd_reg_dmabuf_mr", "" ], "package": "rdma-core", "version": "50.0-2ubuntu0.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2100089 ], "author": "Daniel Draper ", "date": "Tue, 04 Mar 2025 22:38:59 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "krb5-locales", "from_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.5", "version": "1.20.1-6ubuntu2.5" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.6", "version": "1.20.1-6ubuntu2.6" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.20.1-6ubuntu2.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 10:09:20 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libapt-pkg6.0t64:ppc64el", "from_version": { "source_package_name": "apt", "source_package_version": "2.7.14build2", "version": "2.7.14build2" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.8.3", "version": "2.8.3" }, "cves": [], "launchpad_bugs_fixed": [ 2073126, 2078720, 2083697, 2073126, 2073126, 2073126, 2060721 ], "changes": [ { "cves": [], "log": [ "", " * Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)", " - Revert \"Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment\"", " - Revert \"Only warn about ", "date": "Tue, 22 Oct 2024 15:02:22 +0200" }, { "cves": [], "log": [ "", " * Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment", " (follow-up for LP: #2073126)", "" ], "package": "apt", "version": "2.8.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2073126 ], "author": "Julian Andres Klode ", "date": "Tue, 13 Aug 2024 16:47:13 +0200" }, { "cves": [], "log": [ "", " * Only revoke weak RSA keys for now, add 'next' and 'future' levels", " (backported from 2.9.7)", " Note that the changes to warn about keys not matching the future level", " in the --audit level are not fully included, as the --audit feature", " has not yet been backported. (LP: #2073126)", " * Introduce further mitigation on upgrades from 2.7.x to allow these", " systems to continue using rsa1024 repositories with warnings", " until the 24.04.2 point release (LP: #2073126)", "" ], "package": "apt", "version": "2.8.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2073126, 2073126 ], "author": "Julian Andres Klode ", "date": "Tue, 30 Jul 2024 17:12:00 +0900" }, { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Revert \"Temporarily downgrade key assertions to \"soon worthless\"\"", " We temporarily downgraded the errors to warnings to give the", " launchpad PPAs time to be fixed, but warnings are not safe:", " Untrusted keys could be hiding on your system, but just not", " used at the moment. Hence revert this so we get the errors we", " want. (LP: #2060721)", " * Branch off the stable 2.8.y branch for noble:", " - CI: Test in ubuntu:noble images for 2.8.y", " - debian/gbp.conf: Point at the 2.8.y branch", "", " [ David Kalnischkies ]", " * Test suite fixes:", " - Avoid subshell hiding failure report from testfilestats", " - Ignore umask of leftover diff_Index in failed pdiff test", " * Documentation translation fixes:", " - Fix and unfuzzy previous VCG/Graphviz URI change", "" ], "package": "apt", "version": "2.8.0", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2060721 ], "author": "Julian Andres Klode ", "date": "Tue, 16 Apr 2024 16:59:14 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-0t64:ppc64el", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.2", "version": "2.80.0-6ubuntu3.2" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.4", "version": "2.80.0-6ubuntu3.4" }, "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Integer Overflow", " - debian/patches/CVE-2025-4373-1.patch: carefully handle gssize", " in glib/gstring.c.", " - debian/patches/CVE-2025-4373-2.patch: make len_unsigned", " unsigned in glib/gstring.c", " - CVE-2025-4373", " * Disable some consistently failing gio tests", " - debian/patches/disable_failing_gio_tests.patch: disable gdbus-peer", " and gdbus-address-get-session in gio/tests/meson.build.", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Thu, 15 May 2025 09:06:49 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-bin", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.2", "version": "2.80.0-6ubuntu3.2" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.4", "version": "2.80.0-6ubuntu3.4" }, "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Integer Overflow", " - debian/patches/CVE-2025-4373-1.patch: carefully handle gssize", " in glib/gstring.c.", " - debian/patches/CVE-2025-4373-2.patch: make len_unsigned", " unsigned in glib/gstring.c", " - CVE-2025-4373", " * Disable some consistently failing gio tests", " - debian/patches/disable_failing_gio_tests.patch: disable gdbus-peer", " and gdbus-address-get-session in gio/tests/meson.build.", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Thu, 15 May 2025 09:06:49 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-data", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.2", "version": "2.80.0-6ubuntu3.2" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.80.0-6ubuntu3.4", "version": "2.80.0-6ubuntu3.4" }, "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4373", "url": "https://ubuntu.com/security/CVE-2025-4373", "cve_description": "A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.", "cve_priority": "medium", "cve_public_date": "2025-05-06 15:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Integer Overflow", " - debian/patches/CVE-2025-4373-1.patch: carefully handle gssize", " in glib/gstring.c.", " - debian/patches/CVE-2025-4373-2.patch: make len_unsigned", " unsigned in glib/gstring.c", " - CVE-2025-4373", " * Disable some consistently failing gio tests", " - debian/patches/disable_failing_gio_tests.patch: disable gdbus-peer", " and gdbus-address-get-session in gio/tests/meson.build.", "" ], "package": "glib2.0", "version": "2.80.0-6ubuntu3.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Thu, 15 May 2025 09:06:49 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgssapi-krb5-2:ppc64el", "from_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.5", "version": "1.20.1-6ubuntu2.5" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.6", "version": "1.20.1-6ubuntu2.6" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.20.1-6ubuntu2.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 10:09:20 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libibverbs1:ppc64el", "from_version": { "source_package_name": "rdma-core", "source_package_version": "50.0-2build2", "version": "50.0-2build2" }, "to_version": { "source_package_name": "rdma-core", "source_package_version": "50.0-2ubuntu0.2", "version": "50.0-2ubuntu0.2" }, "cves": [], "launchpad_bugs_fixed": [ 2100089, 2100089 ], "changes": [ { "cves": [], "log": [ "", " * Revert non-MANA 50.0-2ubuntu0.1 changes (LP: #2100089)", " * Improve synchronization around MANA provider shadow queue", "" ], "package": "rdma-core", "version": "50.0-2ubuntu0.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2100089 ], "author": "Daniel Draper ", "date": "Mon, 14 Apr 2025 12:00:22 +0200" }, { "cves": [], "log": [ "", " * Incorporate all upstream changes to Microsoft Azure Network Adapter (MANA)", " RDMA provider (LP: #2100089)", " * Bump libibverbs symbol for private ibv_cmd_reg_dmabuf_mr", "" ], "package": "rdma-core", "version": "50.0-2ubuntu0.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2100089 ], "author": "Daniel Draper ", "date": "Tue, 04 Mar 2025 22:38:59 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libk5crypto3:ppc64el", "from_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.5", "version": "1.20.1-6ubuntu2.5" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.6", "version": "1.20.1-6ubuntu2.6" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.20.1-6ubuntu2.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 10:09:20 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libkrb5-3:ppc64el", "from_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.5", "version": "1.20.1-6ubuntu2.5" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.6", "version": "1.20.1-6ubuntu2.6" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.20.1-6ubuntu2.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 10:09:20 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libkrb5support0:ppc64el", "from_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.5", "version": "1.20.1-6ubuntu2.5" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.20.1-6ubuntu2.6", "version": "1.20.1-6ubuntu2.6" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.20.1-6ubuntu2.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 10:09:20 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libnss-systemd:ppc64el", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.6", "version": "255.4-1ubuntu8.6" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.8", "version": "255.4-1ubuntu8.8" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", " * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed", "" ], "package": "systemd", "version": "255.4-1ubuntu8.8", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 09:24:15 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpam-systemd:ppc64el", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.6", "version": "255.4-1ubuntu8.6" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.8", "version": "255.4-1ubuntu8.8" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", " * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed", "" ], "package": "systemd", "version": "255.4-1ubuntu8.8", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 09:24:15 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsqlite3-0:ppc64el", "from_version": { "source_package_name": "sqlite3", "source_package_version": "3.45.1-1ubuntu2.1", "version": "3.45.1-1ubuntu2.1" }, "to_version": { "source_package_name": "sqlite3", "source_package_version": "3.45.1-1ubuntu2.3", "version": "3.45.1-1ubuntu2.3" }, "cves": [ { "cve": "CVE-2025-29087", "url": "https://ubuntu.com/security/CVE-2025-29087", "cve_description": "In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.", "cve_priority": "medium", "cve_public_date": "2025-04-07 20:15:00 UTC" }, { "cve": "CVE-2025-3277", "url": "https://ubuntu.com/security/CVE-2025-3277", "cve_description": "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "cve_priority": "medium", "cve_public_date": "2025-04-14 17:15:00 UTC" }, { "cve": "CVE-2025-29088", "url": "https://ubuntu.com/security/CVE-2025-29088", "cve_description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", "cve_priority": "medium", "cve_public_date": "2025-04-10 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-29087", "url": "https://ubuntu.com/security/CVE-2025-29087", "cve_description": "In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.", "cve_priority": "medium", "cve_public_date": "2025-04-07 20:15:00 UTC" }, { "cve": "CVE-2025-3277", "url": "https://ubuntu.com/security/CVE-2025-3277", "cve_description": "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "cve_priority": "medium", "cve_public_date": "2025-04-14 17:15:00 UTC" }, { "cve": "CVE-2025-29088", "url": "https://ubuntu.com/security/CVE-2025-29088", "cve_description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", "cve_priority": "medium", "cve_public_date": "2025-04-10 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: integer overflow through the concat function", " - debian/patches/CVE-2025-29087_3277.patch: add a typecast to avoid", " 32-bit integer overflow in src/func.c.", " - CVE-2025-29087", " - CVE-2025-3277", " * SECURITY UPDATE: DoS via sqlite3_db_config arguments", " - debian/patches/CVE-2025-29088.patch: harden SQLITE_DBCONFIG_LOOKASIDE", " interface against misuse in src/main.c, src/sqlite.h.in.", " - CVE-2025-29088", "" ], "package": "sqlite3", "version": "3.45.1-1ubuntu2.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 29 Apr 2025 12:34:06 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd-shared:ppc64el", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.6", "version": "255.4-1ubuntu8.6" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.8", "version": "255.4-1ubuntu8.8" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", " * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed", "" ], "package": "systemd", "version": "255.4-1ubuntu8.8", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 09:24:15 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd0:ppc64el", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.6", "version": "255.4-1ubuntu8.6" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.8", "version": "255.4-1ubuntu8.8" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", " * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed", "" ], "package": "systemd", "version": "255.4-1ubuntu8.8", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 09:24:15 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libtraceevent1:ppc64el", "from_version": { "source_package_name": "libtraceevent", "source_package_version": "1:1.8.2-1ubuntu2", "version": "1:1.8.2-1ubuntu2" }, "to_version": { "source_package_name": "libtraceevent", "source_package_version": "1:1.8.2-1ubuntu2.1", "version": "1:1.8.2-1ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2062118, 2101149 ], "changes": [ { "cves": [], "log": [ "", " * Set default file_bigendian in struct tep_handle", " - d/p/0004-fix-file-endianness.patch: make file_bigendian the same", " as host_bignendian in tep_alloc() (LP: #2062118), (LP: #2101149)", "" ], "package": "libtraceevent", "version": "1:1.8.2-1ubuntu2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2062118, 2101149 ], "author": "Pragyansh Chaturvedi ", "date": "Fri, 07 Mar 2025 18:47:32 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libtraceevent1-plugin:ppc64el", "from_version": { "source_package_name": "libtraceevent", "source_package_version": "1:1.8.2-1ubuntu2", "version": "1:1.8.2-1ubuntu2" }, "to_version": { "source_package_name": "libtraceevent", "source_package_version": "1:1.8.2-1ubuntu2.1", "version": "1:1.8.2-1ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2062118, 2101149 ], "changes": [ { "cves": [], "log": [ "", " * Set default file_bigendian in struct tep_handle", " - d/p/0004-fix-file-endianness.patch: make file_bigendian the same", " as host_bignendian in tep_alloc() (LP: #2062118), (LP: #2101149)", "" ], "package": "libtraceevent", "version": "1:1.8.2-1ubuntu2.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2062118, 2101149 ], "author": "Pragyansh Chaturvedi ", "date": "Fri, 07 Mar 2025 18:47:32 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libudev1:ppc64el", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.6", "version": "255.4-1ubuntu8.6" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.8", "version": "255.4-1ubuntu8.8" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", " * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed", "" ], "package": "systemd", "version": "255.4-1ubuntu8.8", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 09:24:15 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssh-client", "from_version": { "source_package_name": "openssh", "source_package_version": "1:9.6p1-3ubuntu13.11", "version": "1:9.6p1-3ubuntu13.11" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:9.6p1-3ubuntu13.12", "version": "1:9.6p1-3ubuntu13.12" }, "cves": [], "launchpad_bugs_fixed": [ 2069041 ], "changes": [ { "cves": [], "log": [ "", " * d/p/sshd-socket-generator.patch: add note to sshd_config", " Explain that a systemctl daemon-reload is needed for changes", " to Port et al to take effect.", " (LP: #2069041)", "" ], "package": "openssh", "version": "1:9.6p1-3ubuntu13.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2069041 ], "author": "Nick Rosbrook ", "date": "Tue, 29 Apr 2025 10:57:04 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssh-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:9.6p1-3ubuntu13.11", "version": "1:9.6p1-3ubuntu13.11" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:9.6p1-3ubuntu13.12", "version": "1:9.6p1-3ubuntu13.12" }, "cves": [], "launchpad_bugs_fixed": [ 2069041 ], "changes": [ { "cves": [], "log": [ "", " * d/p/sshd-socket-generator.patch: add note to sshd_config", " Explain that a systemctl daemon-reload is needed for changes", " to Port et al to take effect.", " (LP: #2069041)", "" ], "package": "openssh", "version": "1:9.6p1-3ubuntu13.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2069041 ], "author": "Nick Rosbrook ", "date": "Tue, 29 Apr 2025 10:57:04 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssh-sftp-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:9.6p1-3ubuntu13.11", "version": "1:9.6p1-3ubuntu13.11" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:9.6p1-3ubuntu13.12", "version": "1:9.6p1-3ubuntu13.12" }, "cves": [], "launchpad_bugs_fixed": [ 2069041 ], "changes": [ { "cves": [], "log": [ "", " * d/p/sshd-socket-generator.patch: add note to sshd_config", " Explain that a systemctl daemon-reload is needed for changes", " to Port et al to take effect.", " (LP: #2069041)", "" ], "package": "openssh", "version": "1:9.6p1-3ubuntu13.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2069041 ], "author": "Nick Rosbrook ", "date": "Tue, 29 Apr 2025 10:57:04 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3.5", "version": "2.28.1-0ubuntu3.5" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3.7", "version": "2.28.1-0ubuntu3.7" }, "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2112272, 2106338, 2107472 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: apport not generating core dumps inside containers", " (LP: #2112272)", " - d/p/check-exe-mtime.patch: Check the exe mtime within the proc root", " mount.", "" ], "package": "apport", "version": "2.28.1-0ubuntu3.7", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [ 2112272 ], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 15:59:08 -0300" }, { "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Insecure report permissions (LP: #2106338)", " - d/p/apport-Do-not-change-report-group-to-report-owners-primar.patch: Do", " not change report group to report owners primary group.", " - CVE-2025-5467", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " (LP: #2107472)", " - d/p/apport-move-consistency_checks-call-further-up.patch: Move", " consistency_checks call further up.", " - d/p/apport-do-not-override-options.pid.patch: Do not override", " options.pid.", " - d/p/apport-open-proc-pid-as-early-as-possible.patch: Open /proc/ as", " early as possible.", " - d/p/fileutils-respect-proc_pid_fd-in-get_core_path.patch: Respect", " proc_pid_fd in get_core_path.", " - d/p/apport-use-opened-proc-pid-everywhere.patch: Use opened /proc/", " everywhere.", " - d/p/apport-do-consistency-check-before-forwarding-crashes.patch: Do", " consistency check before forwarding crashes.", " - d/p/apport-require-dump-mode-to-be-specified.patch: Require --dump-mode", " to be specified.", " - d/p/apport-determine-report-owner-by-dump_mode.patch: Determine report", " owner by dump_mode.", " - d/p/apport-do-not-forward-crash-for-dump_mode-2.patch: Do not forward", " crash for dump_mode == 2.", " - d/p/apport-support-pidfd-F-parameter-from-kernel.patch: Support pidfd", " (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.28.1-0ubuntu3.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [ 2106338, 2107472 ], "author": "Octavio Galland ", "date": "Fri, 23 May 2025 09:41:47 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-pkg-resources", "from_version": { "source_package_name": "setuptools", "source_package_version": "68.1.2-2ubuntu1.1", "version": "68.1.2-2ubuntu1.1" }, "to_version": { "source_package_name": "setuptools", "source_package_version": "68.1.2-2ubuntu1.2", "version": "68.1.2-2ubuntu1.2" }, "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: path traversal vulnerability", " - debian/patches/CVE-2025-47273-pre1.patch: Extract", " _resolve_download_filename with test.", " - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name", " resolves relative to the tmpdir.", " - CVE-2025-47273", "" ], "package": "setuptools", "version": "68.1.2-2ubuntu1.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Fabian Toepfer ", "date": "Wed, 28 May 2025 19:00:32 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-problem-report", "from_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3.5", "version": "2.28.1-0ubuntu3.5" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.28.1-0ubuntu3.7", "version": "2.28.1-0ubuntu3.7" }, "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2112272, 2106338, 2107472 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: apport not generating core dumps inside containers", " (LP: #2112272)", " - d/p/check-exe-mtime.patch: Check the exe mtime within the proc root", " mount.", "" ], "package": "apport", "version": "2.28.1-0ubuntu3.7", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [ 2112272 ], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 15:59:08 -0300" }, { "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Insecure report permissions (LP: #2106338)", " - d/p/apport-Do-not-change-report-group-to-report-owners-primar.patch: Do", " not change report group to report owners primary group.", " - CVE-2025-5467", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " (LP: #2107472)", " - d/p/apport-move-consistency_checks-call-further-up.patch: Move", " consistency_checks call further up.", " - d/p/apport-do-not-override-options.pid.patch: Do not override", " options.pid.", " - d/p/apport-open-proc-pid-as-early-as-possible.patch: Open /proc/ as", " early as possible.", " - d/p/fileutils-respect-proc_pid_fd-in-get_core_path.patch: Respect", " proc_pid_fd in get_core_path.", " - d/p/apport-use-opened-proc-pid-everywhere.patch: Use opened /proc/", " everywhere.", " - d/p/apport-do-consistency-check-before-forwarding-crashes.patch: Do", " consistency check before forwarding crashes.", " - d/p/apport-require-dump-mode-to-be-specified.patch: Require --dump-mode", " to be specified.", " - d/p/apport-determine-report-owner-by-dump_mode.patch: Determine report", " owner by dump_mode.", " - d/p/apport-do-not-forward-crash-for-dump_mode-2.patch: Do not forward", " crash for dump_mode == 2.", " - d/p/apport-support-pidfd-F-parameter-from-kernel.patch: Support pidfd", " (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.28.1-0ubuntu3.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [ 2106338, 2107472 ], "author": "Octavio Galland ", "date": "Fri, 23 May 2025 09:41:47 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-setuptools", "from_version": { "source_package_name": "setuptools", "source_package_version": "68.1.2-2ubuntu1.1", "version": "68.1.2-2ubuntu1.1" }, "to_version": { "source_package_name": "setuptools", "source_package_version": "68.1.2-2ubuntu1.2", "version": "68.1.2-2ubuntu1.2" }, "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: path traversal vulnerability", " - debian/patches/CVE-2025-47273-pre1.patch: Extract", " _resolve_download_filename with test.", " - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name", " resolves relative to the tmpdir.", " - CVE-2025-47273", "" ], "package": "setuptools", "version": "68.1.2-2ubuntu1.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Fabian Toepfer ", "date": "Wed, 28 May 2025 19:00:32 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-update-manager", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:24.04.9", "version": "1:24.04.9" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:24.04.12", "version": "1:24.04.12" }, "cves": [], "launchpad_bugs_fixed": [ 2109339, 2109339, 1105371, 2068805, 1105371 ], "changes": [ { "cves": [], "log": [ "", " * test_update_origin.py: Update to noble, and packaged archive keys", " (LP: #2109339)", " * test_update_origin: close the dpkg status file when tearing down", " (also tracked in LP: #2109339)", "" ], "package": "update-manager", "version": "1:24.04.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2109339, 2109339 ], "author": "Julian Andres Klode ", "date": "Fri, 25 Apr 2025 15:16:13 +0200" }, { "cves": [], "log": [ "", " * Screen reader: announce status header for update dialogue (LP: #1105371).", " Although that was claimed to be fixed in the prevoius version, the part", " of the patch corresponding to it was actually left behind.", "" ], "package": "update-manager", "version": "1:24.04.11", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 1105371 ], "author": "Nathan Pratta Teodosio ", "date": "Mon, 31 Mar 2025 10:06:38 +0200" }, { "cves": [], "log": [ "", " * When all packages are unselected, install button goes away; Fix it not", " coming back after once a package is selected again (LP: #2068805).", " * Screen reader: announce status header for update dialogue and checkbox", " state when the highlighted package changes or is toggled.", " (lp: #1105371)", "" ], "package": "update-manager", "version": "1:24.04.10", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2068805, 1105371 ], "author": "Nathan Pratta Teodosio ", "date": "Thu, 20 Mar 2025 11:43:31 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.6", "version": "255.4-1ubuntu8.6" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.8", "version": "255.4-1ubuntu8.8" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", " * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed", "" ], "package": "systemd", "version": "255.4-1ubuntu8.8", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 09:24:15 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-dev", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.6", "version": "255.4-1ubuntu8.6" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.8", "version": "255.4-1ubuntu8.8" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", " * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed", "" ], "package": "systemd", "version": "255.4-1ubuntu8.8", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 09:24:15 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-resolved", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.6", "version": "255.4-1ubuntu8.6" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.8", "version": "255.4-1ubuntu8.8" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", " * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed", "" ], "package": "systemd", "version": "255.4-1ubuntu8.8", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 09:24:15 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-sysv", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.6", "version": "255.4-1ubuntu8.6" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.8", "version": "255.4-1ubuntu8.8" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", " * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed", "" ], "package": "systemd", "version": "255.4-1ubuntu8.8", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 09:24:15 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-timesyncd", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.6", "version": "255.4-1ubuntu8.6" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.8", "version": "255.4-1ubuntu8.8" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", " * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed", "" ], "package": "systemd", "version": "255.4-1ubuntu8.8", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 09:24:15 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "tzdata", "from_version": { "source_package_name": "tzdata", "source_package_version": "2025b-0ubuntu0.24.04", "version": "2025b-0ubuntu0.24.04" }, "to_version": { "source_package_name": "tzdata", "source_package_version": "2025b-0ubuntu0.24.04.1", "version": "2025b-0ubuntu0.24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2107950 ], "changes": [ { "cves": [], "log": [ "", " * Update the ICU timezone data to 2025b (LP: #2107950)", " * Add autopkgtest test case for ICU timezone data 2025b", "" ], "package": "tzdata", "version": "2025b-0ubuntu0.24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2107950 ], "author": "Benjamin Drung ", "date": "Tue, 22 Apr 2025 12:11:08 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "udev", "from_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.6", "version": "255.4-1ubuntu8.6" }, "to_version": { "source_package_name": "systemd", "source_package_version": "255.4-1ubuntu8.8", "version": "255.4-1ubuntu8.8" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", " * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed", "" ], "package": "systemd", "version": "255.4-1ubuntu8.8", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 09:24:15 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "update-manager-core", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:24.04.9", "version": "1:24.04.9" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:24.04.12", "version": "1:24.04.12" }, "cves": [], "launchpad_bugs_fixed": [ 2109339, 2109339, 1105371, 2068805, 1105371 ], "changes": [ { "cves": [], "log": [ "", " * test_update_origin.py: Update to noble, and packaged archive keys", " (LP: #2109339)", " * test_update_origin: close the dpkg status file when tearing down", " (also tracked in LP: #2109339)", "" ], "package": "update-manager", "version": "1:24.04.12", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2109339, 2109339 ], "author": "Julian Andres Klode ", "date": "Fri, 25 Apr 2025 15:16:13 +0200" }, { "cves": [], "log": [ "", " * Screen reader: announce status header for update dialogue (LP: #1105371).", " Although that was claimed to be fixed in the prevoius version, the part", " of the patch corresponding to it was actually left behind.", "" ], "package": "update-manager", "version": "1:24.04.11", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 1105371 ], "author": "Nathan Pratta Teodosio ", "date": "Mon, 31 Mar 2025 10:06:38 +0200" }, { "cves": [], "log": [ "", " * When all packages are unselected, install button goes away; Fix it not", " coming back after once a package is selected again (LP: #2068805).", " * Screen reader: announce status header for update dialogue and checkbox", " state when the highlighted package changes or is toggled.", " (lp: #1105371)", "" ], "package": "update-manager", "version": "1:24.04.10", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2068805, 1105371 ], "author": "Nathan Pratta Teodosio ", "date": "Thu, 20 Mar 2025 11:43:31 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "update-notifier-common", "from_version": { "source_package_name": "update-notifier", "source_package_version": "3.192.68.1", "version": "3.192.68.1" }, "to_version": { "source_package_name": "update-notifier", "source_package_version": "3.192.68.2", "version": "3.192.68.2" }, "cves": [], "launchpad_bugs_fixed": [ 2103445 ], "changes": [ { "cves": [], "log": [ "", " * update-notifier: Do not call GdkX11 functions on Wayland (LP: #2103445)", "" ], "package": "update-notifier", "version": "3.192.68.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2103445 ], "author": "Alessandro Astone ", "date": "Wed, 02 Apr 2025 11:15:39 +0200" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from release image serial 20250516 to 20250610", "from_series": "noble", "to_series": "noble", "from_serial": "20250516", "to_serial": "20250610", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }