{ "summary": { "snap": { "added": [], "removed": [], "diff": [ "core20", "snapd" ] }, "deb": { "added": [ "linux-headers-5.4.0-215", "linux-headers-5.4.0-215-generic", "linux-image-5.4.0-215-generic", "linux-modules-5.4.0-215-generic" ], "removed": [ "linux-headers-5.4.0-214", "linux-headers-5.4.0-214-generic", "linux-image-5.4.0-214-generic", "linux-modules-5.4.0-214-generic" ], "diff": [ "cryptsetup", "cryptsetup-bin", "cryptsetup-initramfs", "cryptsetup-run", "distro-info-data", "libcryptsetup12:ppc64el", "libsoup2.4-1:ppc64el", "linux-headers-generic", "linux-headers-virtual", "linux-image-virtual", "linux-virtual", "ubuntu-advantage-tools", "ubuntu-pro-client", "ubuntu-pro-client-l10n" ] } }, "diff": { "deb": [ { "name": "cryptsetup", "from_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.2.2-3ubuntu2.4", "version": "2:2.2.2-3ubuntu2.4" }, "to_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.2.2-3ubuntu2.5", "version": "2:2.2.2-3ubuntu2.5" }, "cves": [], "launchpad_bugs_fixed": [ 2054390, 1830110 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * Refine proc mounts entries traversal (LP: #2054390)", " - d/i/h/cryptroot: Backport upstream commit 95fd4be9b4c6: d/functions:", " get_mnt_devno(): Speed up execution time on large /proc/mounts.", "", " [ Heitor Alves de Siqueira ]", " * Ignore ZFS entries that don't have major/minor (LP: #1830110):", " - d/i/h/cryptroot: add $fstype check for zfs in get_mnt_devno(), add", " checks for $devnos in generate_initrd_crypttab()", "" ], "package": "cryptsetup", "version": "2:2.2.2-3ubuntu2.5", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2054390, 1830110 ], "author": "Heitor Alves de Siqueira ", "date": "Wed, 29 Jan 2025 18:37:57 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "cryptsetup-bin", "from_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.2.2-3ubuntu2.4", "version": "2:2.2.2-3ubuntu2.4" }, "to_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.2.2-3ubuntu2.5", "version": "2:2.2.2-3ubuntu2.5" }, "cves": [], "launchpad_bugs_fixed": [ 2054390, 1830110 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * Refine proc mounts entries traversal (LP: #2054390)", " - d/i/h/cryptroot: Backport upstream commit 95fd4be9b4c6: d/functions:", " get_mnt_devno(): Speed up execution time on large /proc/mounts.", "", " [ Heitor Alves de Siqueira ]", " * Ignore ZFS entries that don't have major/minor (LP: #1830110):", " - d/i/h/cryptroot: add $fstype check for zfs in get_mnt_devno(), add", " checks for $devnos in generate_initrd_crypttab()", "" ], "package": "cryptsetup", "version": "2:2.2.2-3ubuntu2.5", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2054390, 1830110 ], "author": "Heitor Alves de Siqueira ", "date": "Wed, 29 Jan 2025 18:37:57 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "cryptsetup-initramfs", "from_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.2.2-3ubuntu2.4", "version": "2:2.2.2-3ubuntu2.4" }, "to_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.2.2-3ubuntu2.5", "version": "2:2.2.2-3ubuntu2.5" }, "cves": [], "launchpad_bugs_fixed": [ 2054390, 1830110 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * Refine proc mounts entries traversal (LP: #2054390)", " - d/i/h/cryptroot: Backport upstream commit 95fd4be9b4c6: d/functions:", " get_mnt_devno(): Speed up execution time on large /proc/mounts.", "", " [ Heitor Alves de Siqueira ]", " * Ignore ZFS entries that don't have major/minor (LP: #1830110):", " - d/i/h/cryptroot: add $fstype check for zfs in get_mnt_devno(), add", " checks for $devnos in generate_initrd_crypttab()", "" ], "package": "cryptsetup", "version": "2:2.2.2-3ubuntu2.5", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2054390, 1830110 ], "author": "Heitor Alves de Siqueira ", "date": "Wed, 29 Jan 2025 18:37:57 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "cryptsetup-run", "from_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.2.2-3ubuntu2.4", "version": "2:2.2.2-3ubuntu2.4" }, "to_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.2.2-3ubuntu2.5", "version": "2:2.2.2-3ubuntu2.5" }, "cves": [], "launchpad_bugs_fixed": [ 2054390, 1830110 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * Refine proc mounts entries traversal (LP: #2054390)", " - d/i/h/cryptroot: Backport upstream commit 95fd4be9b4c6: d/functions:", " get_mnt_devno(): Speed up execution time on large /proc/mounts.", "", " [ Heitor Alves de Siqueira ]", " * Ignore ZFS entries that don't have major/minor (LP: #1830110):", " - d/i/h/cryptroot: add $fstype check for zfs in get_mnt_devno(), add", " checks for $devnos in generate_initrd_crypttab()", "" ], "package": "cryptsetup", "version": "2:2.2.2-3ubuntu2.5", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2054390, 1830110 ], "author": "Heitor Alves de Siqueira ", "date": "Wed, 29 Jan 2025 18:37:57 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "distro-info-data", "from_version": { "source_package_name": "distro-info-data", "source_package_version": "0.43ubuntu1.17", "version": "0.43ubuntu1.17" }, "to_version": { "source_package_name": "distro-info-data", "source_package_version": "0.43ubuntu1.18", "version": "0.43ubuntu1.18" }, "cves": [], "launchpad_bugs_fixed": [ 2107391 ], "changes": [ { "cves": [], "log": [ "", " * Add Ubuntu 25.10 \"Questing Quokka\" (LP: #2107391)", " * Add Debian 15 \"Duke\"", "" ], "package": "distro-info-data", "version": "0.43ubuntu1.18", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2107391 ], "author": "Benjamin Drung ", "date": "Wed, 23 Apr 2025 12:03:33 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcryptsetup12:ppc64el", "from_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.2.2-3ubuntu2.4", "version": "2:2.2.2-3ubuntu2.4" }, "to_version": { "source_package_name": "cryptsetup", "source_package_version": "2:2.2.2-3ubuntu2.5", "version": "2:2.2.2-3ubuntu2.5" }, "cves": [], "launchpad_bugs_fixed": [ 2054390, 1830110 ], "changes": [ { "cves": [], "log": [ "", " [ Chengen Du ]", " * Refine proc mounts entries traversal (LP: #2054390)", " - d/i/h/cryptroot: Backport upstream commit 95fd4be9b4c6: d/functions:", " get_mnt_devno(): Speed up execution time on large /proc/mounts.", "", " [ Heitor Alves de Siqueira ]", " * Ignore ZFS entries that don't have major/minor (LP: #1830110):", " - d/i/h/cryptroot: add $fstype check for zfs in get_mnt_devno(), add", " checks for $devnos in generate_initrd_crypttab()", "" ], "package": "cryptsetup", "version": "2:2.2.2-3ubuntu2.5", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2054390, 1830110 ], "author": "Heitor Alves de Siqueira ", "date": "Wed, 29 Jan 2025 18:37:57 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsoup2.4-1:ppc64el", "from_version": { "source_package_name": "libsoup2.4", "source_package_version": "2.70.0-1ubuntu0.2", "version": "2.70.0-1ubuntu0.2" }, "to_version": { "source_package_name": "libsoup2.4", "source_package_version": "2.70.0-1ubuntu0.4", "version": "2.70.0-1ubuntu0.4" }, "cves": [ { "cve": "CVE-2025-32912", "url": "https://ubuntu.com/security/CVE-2025-32912", "cve_description": "A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.", "cve_priority": "medium", "cve_public_date": "2025-04-14 15:15:00 UTC" }, { "cve": "CVE-2025-32906", "url": "https://ubuntu.com/security/CVE-2025-32906", "cve_description": "A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.", "cve_priority": "medium", "cve_public_date": "2025-04-14 14:15:00 UTC" }, { "cve": "CVE-2025-32914", "url": "https://ubuntu.com/security/CVE-2025-32914", "cve_description": "A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.", "cve_priority": "medium", "cve_public_date": "2025-04-14 15:15:00 UTC" }, { "cve": "CVE-2025-32909", "url": "https://ubuntu.com/security/CVE-2025-32909", "cve_description": "A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.", "cve_priority": "medium", "cve_public_date": "2025-04-14 15:15:00 UTC" }, { "cve": "CVE-2025-32910", "url": "https://ubuntu.com/security/CVE-2025-32910", "cve_description": "A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.", "cve_priority": "medium", "cve_public_date": "2025-04-14 15:15:00 UTC" }, { "cve": "CVE-2025-32912", "url": "https://ubuntu.com/security/CVE-2025-32912", "cve_description": "A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.", "cve_priority": "medium", "cve_public_date": "2025-04-14 15:15:00 UTC" }, { "cve": "CVE-2025-32911", "url": "https://ubuntu.com/security/CVE-2025-32911", "cve_description": "A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.", "cve_priority": "medium", "cve_public_date": "2025-04-15 16:16:00 UTC" }, { "cve": "CVE-2025-32913", "url": "https://ubuntu.com/security/CVE-2025-32913", "cve_description": "A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.", "cve_priority": "medium", "cve_public_date": "2025-04-14 14:15:00 UTC" }, { "cve": "CVE-2025-46420", "url": "https://ubuntu.com/security/CVE-2025-46420", "cve_description": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.", "cve_priority": "medium", "cve_public_date": "2025-04-24 13:15:00 UTC" }, { "cve": "CVE-2025-46421", "url": "https://ubuntu.com/security/CVE-2025-46421", "cve_description": "A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.", "cve_priority": "medium", "cve_public_date": "2025-04-24 13:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2110056 ], "changes": [ { "cves": [ { "cve": "CVE-2025-32912", "url": "https://ubuntu.com/security/CVE-2025-32912", "cve_description": "A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.", "cve_priority": "medium", "cve_public_date": "2025-04-14 15:15:00 UTC" } ], "log": [ "", " * SECURITY REGRESSION: Incomplete fix for CVE-2025-32912 (LP: #2110056)", " - debian/patches/CVE-2025-32912-fix1.patch: Replace g_hash_table_contains", " with g_hash_table_lookup in ./libsoup/soup-auth-digest.c.", " - CVE-2025-32912", "" ], "package": "libsoup2.4", "version": "2.70.0-1ubuntu0.4", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [ 2110056 ], "author": "Hlib Korzhynskyy ", "date": "Tue, 06 May 2025 15:05:13 -0230" }, { "cves": [ { "cve": "CVE-2025-32906", "url": "https://ubuntu.com/security/CVE-2025-32906", "cve_description": "A flaw was found in libsoup, where the soup_headers_parse_request() function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server.", "cve_priority": "medium", "cve_public_date": "2025-04-14 14:15:00 UTC" }, { "cve": "CVE-2025-32914", "url": "https://ubuntu.com/security/CVE-2025-32914", "cve_description": "A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.", "cve_priority": "medium", "cve_public_date": "2025-04-14 15:15:00 UTC" }, { "cve": "CVE-2025-32909", "url": "https://ubuntu.com/security/CVE-2025-32909", "cve_description": "A flaw was found in libsoup. SoupContentSniffer may be vulnerable to a NULL pointer dereference in the sniff_mp4 function. The HTTP server may cause the libsoup client to crash.", "cve_priority": "medium", "cve_public_date": "2025-04-14 15:15:00 UTC" }, { "cve": "CVE-2025-32910", "url": "https://ubuntu.com/security/CVE-2025-32910", "cve_description": "A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash.", "cve_priority": "medium", "cve_public_date": "2025-04-14 15:15:00 UTC" }, { "cve": "CVE-2025-32912", "url": "https://ubuntu.com/security/CVE-2025-32912", "cve_description": "A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash.", "cve_priority": "medium", "cve_public_date": "2025-04-14 15:15:00 UTC" }, { "cve": "CVE-2025-32911", "url": "https://ubuntu.com/security/CVE-2025-32911", "cve_description": "A use-after-free type vulnerability was found in libsoup, in the soup_message_headers_get_content_disposition() function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server.", "cve_priority": "medium", "cve_public_date": "2025-04-15 16:16:00 UTC" }, { "cve": "CVE-2025-32913", "url": "https://ubuntu.com/security/CVE-2025-32913", "cve_description": "A flaw was found in libsoup, where the soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. This flaw allows a malicious HTTP peer to crash a libsoup client or server that uses this function.", "cve_priority": "medium", "cve_public_date": "2025-04-14 14:15:00 UTC" }, { "cve": "CVE-2025-46420", "url": "https://ubuntu.com/security/CVE-2025-46420", "cve_description": "A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes.", "cve_priority": "medium", "cve_public_date": "2025-04-24 13:15:00 UTC" }, { "cve": "CVE-2025-46421", "url": "https://ubuntu.com/security/CVE-2025-46421", "cve_description": "A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect.", "cve_priority": "medium", "cve_public_date": "2025-04-24 13:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Out of bound read.", " - debian/patches/CVE-2025-32906-*.patch: Add out of bound checks in", " soup_headers_parse_request in ./libsoup/soup-headers.c.", " - debian/patches/CVE-2025-32914.patch: Replace strstr operation with", " g_strstr_len in ./libsoup/soup-multipart.c.", " - CVE-2025-32906", " - CVE-2025-32914", " * SECURITY UPDATE: Null pointer dereference.", " - debian/patches/CVE-2025-32909.patch: Add resource size check in", " ./libsoup/soup-content-sniffer.c.", " - debian/patches/CVE-2025-32910-32912-*.patch: Add checks for missing realm", " and nonce, and fix memory leak in ./libsoup/soup-auth-digest.c.", " - debian/patches/CVE-2025-32912.patch: Add additional checks for nonce in", " ./libsoup/soup-auth-digest.c.", " - CVE-2025-32909", " - CVE-2025-32910", " - CVE-2025-32912", " * SECURITY UPDATE: Memory corruption.", " - debian/patches/CVE-2025-32911-32913-*.patch: Add checks for empty", " filename in ./libsoup/soup-message-headers.c.", " - CVE-2025-32911", " - CVE-2025-32913", " * SECURITY UPDATE: Memory leak.", " - debian/patches/CVE-2025-46420.patch: Free allocated strings during", " iteration in ./libsoup/soup-headers.c.", " - CVE-2025-46420", " * SECURITY UPDATE: Information exposure through host impersonation.", " - debian/patches/CVE-2025-46421.patch: Strip credentials on cross-origin", " redirects in ./libsoup/soup-session.c.", " - CVE-2025-46421", " * debian/patches/Extend-test-cert-to-2049.patch: Extend expiration to 2049 of", " a certificate used for build tests.", "" ], "package": "libsoup2.4", "version": "2.70.0-1ubuntu0.3", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Fri, 02 May 2025 16:54:30 -0230" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-generic", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.4.0.214.207", "version": "5.4.0.214.207" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.4.0.215.208", "version": "5.4.0.215.208" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.4.0-215", "" ], "package": "linux-meta", "version": "5.4.0.215.208", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 11 Apr 2025 23:00:27 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.4.0.214.207", "version": "5.4.0.214.207" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.4.0.215.208", "version": "5.4.0.215.208" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.4.0-215", "" ], "package": "linux-meta", "version": "5.4.0.215.208", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 11 Apr 2025 23:00:27 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.4.0.214.207", "version": "5.4.0.214.207" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.4.0.215.208", "version": "5.4.0.215.208" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.4.0-215", "" ], "package": "linux-meta", "version": "5.4.0.215.208", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 11 Apr 2025 23:00:27 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.4.0.214.207", "version": "5.4.0.214.207" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.4.0.215.208", "version": "5.4.0.215.208" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.4.0-215", "" ], "package": "linux-meta", "version": "5.4.0.215.208", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 11 Apr 2025 23:00:27 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-advantage-tools", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "34~20.04", "version": "34~20.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "35.1ubuntu0~20.04", "version": "35.1ubuntu0~20.04" }, "cves": [], "launchpad_bugs_fixed": [ 2106660, 2106660, 2083665, 2083973, 2070095, 2084677, 2091327, 2098862, 2098862, 2083665 ], "changes": [ { "cves": [], "log": [ "", " * Backport 35.1ubuntu0 to focal (LP: #2106660)", "" ], "package": "ubuntu-advantage-tools", "version": "35.1ubuntu0~20.04", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2106660 ], "author": "Renan Rodrigo ", "date": "Thu, 10 Apr 2025 10:38:36 -0300" }, { "cves": [], "log": [ "", " * apt: support ESM snapshots by adding snapshot URLs for ESM repositories", " to the authentication file (released in version 35)", " * lxd: store the configuration in /var/lib/ubuntu-advantage instead of", " /var/lib/ubuntu-pro (LP: #2106660)", "" ], "package": "ubuntu-advantage-tools", "version": "35.1ubuntu0", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2106660 ], "author": "Renan Rodrigo ", "date": "Wed, 09 Apr 2025 13:19:50 -0300" }, { "cves": [], "log": [ "", " * d/tests/usage: add more scenarios to dep8 tests", " * d/control: drop strict dependency on python3-pkg-resources (LP: #2083665)", " * d/rules: add conditional python3-pkg-resources dependency up to noble", " * d/ubuntu-pro-client.postrm: remove /var/lib/ubuntu-pro cache dir on purge", " * New upstream release 35: (LP: #2083973)", " - api:", " + new endpoints:", " * u.pro.attach.guest.get_guest_token.v1: Get the Pro client guest", " token", " * u.pro.security.cves.v1: List the fixable CVEs that affect the system", " + u.pro.packages.updates.v1: create new package status:", " upgrade_available_not_preferred (GH: #3184)", " + fixes for u.unattended_upgrades.status.v1:", " * do not crash when a Unattended-Upgrade config is missing", " * do not report unattended-upgrade disabled if any config is false", " * report missing Unattended-Upgrade configs as turned off", " - apt:", " + always ensure the ESM cache is present (GH: #3132)", " + fix permission warning when fetching apt-news (GH: #3209, LP: #2070095)", " + update logging for apt errors (GH: #3299)", " + only run the apt upgrade hook when run as root (LP: #2084677)", " - auto-attach:", " + aws: skip operation if no product codes found", " + gcp: add minimal image license codes", " - cli:", " + add support for vulnerability commands:", " * pro cves: List cves in the machine", " * pro cve: Show information about a specific cve", " + deduplicate entries in 'pro help' output (LP: #2091327)", " - config: add option lxd_guest_attach to control LXD integration with Pro", " - contract:", " + check onlySeries on reboot (GH: #3189)", " + collect cpu type for activity info", " - landscape:", " + update message if service not available through Pro (GH: #3331)", " - livepatch: do not enable livepatch on wsl (GH: #3156)", " - lxd: allow pro auto-attach to work on a LXD container", "" ], "package": "ubuntu-advantage-tools", "version": "35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2083665, 2083973, 2070095, 2084677, 2091327 ], "author": "Renan Rodrigo ", "date": "Thu, 20 Feb 2025 12:00:14 -0300" }, { "cves": [], "log": [ "", " * apt-hook: set C++ standards version to c++17 for APT 2.9.30 compatibility", " (LP: #2098862)", " * tests: remove argparse error tests from unit tests (LP: #2098862)", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.3", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2098862, 2098862 ], "author": "Renan Rodrigo ", "date": "Wed, 19 Feb 2025 11:53:40 -0300" }, { "cves": [], "log": [ "", " * No change rebuild against libapt-pkg7.0.", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.2build1", "urgency": "high", "distributions": "plucky", "launchpad_bugs_fixed": [], "author": "Julian Andres Klode ", "date": "Mon, 17 Feb 2025 22:47:04 +0100" }, { "cves": [], "log": [ "", " * check-versions-are-consistent.py: fix regexp to cope with X.Y.Z version", " formats", " * version.py: bump to 34.1.2", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.2", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Andreas Hasenack ", "date": "Fri, 04 Oct 2024 17:06:07 -0300" }, { "cves": [], "log": [ "", " * Bump version.py.", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Robie Basak ", "date": "Fri, 04 Oct 2024 20:34:56 +0100" }, { "cves": [], "log": [ "", " * Drop direct dependency on python3-pkg-resources to resolve priority", " mismatch (LP: #2083665)", "" ], "package": "ubuntu-advantage-tools", "version": "34.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2083665 ], "author": "Robie Basak ", "date": "Fri, 04 Oct 2024 17:51:47 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "34~20.04", "version": "34~20.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "35.1ubuntu0~20.04", "version": "35.1ubuntu0~20.04" }, "cves": [], "launchpad_bugs_fixed": [ 2106660, 2106660, 2083665, 2083973, 2070095, 2084677, 2091327, 2098862, 2098862, 2083665 ], "changes": [ { "cves": [], "log": [ "", " * Backport 35.1ubuntu0 to focal (LP: #2106660)", "" ], "package": "ubuntu-advantage-tools", "version": "35.1ubuntu0~20.04", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2106660 ], "author": "Renan Rodrigo ", "date": "Thu, 10 Apr 2025 10:38:36 -0300" }, { "cves": [], "log": [ "", " * apt: support ESM snapshots by adding snapshot URLs for ESM repositories", " to the authentication file (released in version 35)", " * lxd: store the configuration in /var/lib/ubuntu-advantage instead of", " /var/lib/ubuntu-pro (LP: #2106660)", "" ], "package": "ubuntu-advantage-tools", "version": "35.1ubuntu0", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2106660 ], "author": "Renan Rodrigo ", "date": "Wed, 09 Apr 2025 13:19:50 -0300" }, { "cves": [], "log": [ "", " * d/tests/usage: add more scenarios to dep8 tests", " * d/control: drop strict dependency on python3-pkg-resources (LP: #2083665)", " * d/rules: add conditional python3-pkg-resources dependency up to noble", " * d/ubuntu-pro-client.postrm: remove /var/lib/ubuntu-pro cache dir on purge", " * New upstream release 35: (LP: #2083973)", " - api:", " + new endpoints:", " * u.pro.attach.guest.get_guest_token.v1: Get the Pro client guest", " token", " * u.pro.security.cves.v1: List the fixable CVEs that affect the system", " + u.pro.packages.updates.v1: create new package status:", " upgrade_available_not_preferred (GH: #3184)", " + fixes for u.unattended_upgrades.status.v1:", " * do not crash when a Unattended-Upgrade config is missing", " * do not report unattended-upgrade disabled if any config is false", " * report missing Unattended-Upgrade configs as turned off", " - apt:", " + always ensure the ESM cache is present (GH: #3132)", " + fix permission warning when fetching apt-news (GH: #3209, LP: #2070095)", " + update logging for apt errors (GH: #3299)", " + only run the apt upgrade hook when run as root (LP: #2084677)", " - auto-attach:", " + aws: skip operation if no product codes found", " + gcp: add minimal image license codes", " - cli:", " + add support for vulnerability commands:", " * pro cves: List cves in the machine", " * pro cve: Show information about a specific cve", " + deduplicate entries in 'pro help' output (LP: #2091327)", " - config: add option lxd_guest_attach to control LXD integration with Pro", " - contract:", " + check onlySeries on reboot (GH: #3189)", " + collect cpu type for activity info", " - landscape:", " + update message if service not available through Pro (GH: #3331)", " - livepatch: do not enable livepatch on wsl (GH: #3156)", " - lxd: allow pro auto-attach to work on a LXD container", "" ], "package": "ubuntu-advantage-tools", "version": "35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2083665, 2083973, 2070095, 2084677, 2091327 ], "author": "Renan Rodrigo ", "date": "Thu, 20 Feb 2025 12:00:14 -0300" }, { "cves": [], "log": [ "", " * apt-hook: set C++ standards version to c++17 for APT 2.9.30 compatibility", " (LP: #2098862)", " * tests: remove argparse error tests from unit tests (LP: #2098862)", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.3", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2098862, 2098862 ], "author": "Renan Rodrigo ", "date": "Wed, 19 Feb 2025 11:53:40 -0300" }, { "cves": [], "log": [ "", " * No change rebuild against libapt-pkg7.0.", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.2build1", "urgency": "high", "distributions": "plucky", "launchpad_bugs_fixed": [], "author": "Julian Andres Klode ", "date": "Mon, 17 Feb 2025 22:47:04 +0100" }, { "cves": [], "log": [ "", " * check-versions-are-consistent.py: fix regexp to cope with X.Y.Z version", " formats", " * version.py: bump to 34.1.2", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.2", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Andreas Hasenack ", "date": "Fri, 04 Oct 2024 17:06:07 -0300" }, { "cves": [], "log": [ "", " * Bump version.py.", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Robie Basak ", "date": "Fri, 04 Oct 2024 20:34:56 +0100" }, { "cves": [], "log": [ "", " * Drop direct dependency on python3-pkg-resources to resolve priority", " mismatch (LP: #2083665)", "" ], "package": "ubuntu-advantage-tools", "version": "34.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2083665 ], "author": "Robie Basak ", "date": "Fri, 04 Oct 2024 17:51:47 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-pro-client-l10n", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "34~20.04", "version": "34~20.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "35.1ubuntu0~20.04", "version": "35.1ubuntu0~20.04" }, "cves": [], "launchpad_bugs_fixed": [ 2106660, 2106660, 2083665, 2083973, 2070095, 2084677, 2091327, 2098862, 2098862, 2083665 ], "changes": [ { "cves": [], "log": [ "", " * Backport 35.1ubuntu0 to focal (LP: #2106660)", "" ], "package": "ubuntu-advantage-tools", "version": "35.1ubuntu0~20.04", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2106660 ], "author": "Renan Rodrigo ", "date": "Thu, 10 Apr 2025 10:38:36 -0300" }, { "cves": [], "log": [ "", " * apt: support ESM snapshots by adding snapshot URLs for ESM repositories", " to the authentication file (released in version 35)", " * lxd: store the configuration in /var/lib/ubuntu-advantage instead of", " /var/lib/ubuntu-pro (LP: #2106660)", "" ], "package": "ubuntu-advantage-tools", "version": "35.1ubuntu0", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2106660 ], "author": "Renan Rodrigo ", "date": "Wed, 09 Apr 2025 13:19:50 -0300" }, { "cves": [], "log": [ "", " * d/tests/usage: add more scenarios to dep8 tests", " * d/control: drop strict dependency on python3-pkg-resources (LP: #2083665)", " * d/rules: add conditional python3-pkg-resources dependency up to noble", " * d/ubuntu-pro-client.postrm: remove /var/lib/ubuntu-pro cache dir on purge", " * New upstream release 35: (LP: #2083973)", " - api:", " + new endpoints:", " * u.pro.attach.guest.get_guest_token.v1: Get the Pro client guest", " token", " * u.pro.security.cves.v1: List the fixable CVEs that affect the system", " + u.pro.packages.updates.v1: create new package status:", " upgrade_available_not_preferred (GH: #3184)", " + fixes for u.unattended_upgrades.status.v1:", " * do not crash when a Unattended-Upgrade config is missing", " * do not report unattended-upgrade disabled if any config is false", " * report missing Unattended-Upgrade configs as turned off", " - apt:", " + always ensure the ESM cache is present (GH: #3132)", " + fix permission warning when fetching apt-news (GH: #3209, LP: #2070095)", " + update logging for apt errors (GH: #3299)", " + only run the apt upgrade hook when run as root (LP: #2084677)", " - auto-attach:", " + aws: skip operation if no product codes found", " + gcp: add minimal image license codes", " - cli:", " + add support for vulnerability commands:", " * pro cves: List cves in the machine", " * pro cve: Show information about a specific cve", " + deduplicate entries in 'pro help' output (LP: #2091327)", " - config: add option lxd_guest_attach to control LXD integration with Pro", " - contract:", " + check onlySeries on reboot (GH: #3189)", " + collect cpu type for activity info", " - landscape:", " + update message if service not available through Pro (GH: #3331)", " - livepatch: do not enable livepatch on wsl (GH: #3156)", " - lxd: allow pro auto-attach to work on a LXD container", "" ], "package": "ubuntu-advantage-tools", "version": "35", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2083665, 2083973, 2070095, 2084677, 2091327 ], "author": "Renan Rodrigo ", "date": "Thu, 20 Feb 2025 12:00:14 -0300" }, { "cves": [], "log": [ "", " * apt-hook: set C++ standards version to c++17 for APT 2.9.30 compatibility", " (LP: #2098862)", " * tests: remove argparse error tests from unit tests (LP: #2098862)", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.3", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2098862, 2098862 ], "author": "Renan Rodrigo ", "date": "Wed, 19 Feb 2025 11:53:40 -0300" }, { "cves": [], "log": [ "", " * No change rebuild against libapt-pkg7.0.", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.2build1", "urgency": "high", "distributions": "plucky", "launchpad_bugs_fixed": [], "author": "Julian Andres Klode ", "date": "Mon, 17 Feb 2025 22:47:04 +0100" }, { "cves": [], "log": [ "", " * check-versions-are-consistent.py: fix regexp to cope with X.Y.Z version", " formats", " * version.py: bump to 34.1.2", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.2", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Andreas Hasenack ", "date": "Fri, 04 Oct 2024 17:06:07 -0300" }, { "cves": [], "log": [ "", " * Bump version.py.", "" ], "package": "ubuntu-advantage-tools", "version": "34.1.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [], "author": "Robie Basak ", "date": "Fri, 04 Oct 2024 20:34:56 +0100" }, { "cves": [], "log": [ "", " * Drop direct dependency on python3-pkg-resources to resolve priority", " mismatch (LP: #2083665)", "" ], "package": "ubuntu-advantage-tools", "version": "34.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2083665 ], "author": "Robie Basak ", "date": "Fri, 04 Oct 2024 17:51:47 +0100" } ], "notes": null, "is_version_downgrade": false } ], "snap": [ { "name": "core20", "from_version": { "source_package_name": null, "source_package_version": null, "version": "2504" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": "2574" } }, { "name": "snapd", "from_version": { "source_package_name": null, "source_package_version": null, "version": "23778" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": "24673" } } ] }, "added": { "deb": [ { "name": "linux-headers-5.4.0-215", "from_version": { "source_package_name": "linux", "source_package_version": "5.4.0-214.234", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.4.0-215.235", "version": "5.4.0-215.235" }, "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2106919, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "log": [ "", " * focal/linux: 5.4.0-215.235 -proposed tracker (LP: #2106919)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update annotations scripts", "", " * CVE-2023-52664", " - net: atlantic: eliminate double free in error handling logic", "", " * CVE-2024-26689", " - ceph: prevent use-after-free in encode_cap_msg()", "", " * CVE-2023-52927", " - netfilter: allow exp not to be removed in nf_ct_find_expectation", "" ], "package": "linux", "version": "5.4.0-215.235", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2106919, 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 11 Apr 2025 22:35:29 +0200" } ], "notes": "linux-headers-5.4.0-215 version '5.4.0-215.235' (source package linux version '5.4.0-215.235') was added. linux-headers-5.4.0-215 version '5.4.0-215.235' has the same source package name, linux, as removed package linux-headers-5.4.0-214. As such we can use the source package version of the removed package, '5.4.0-214.234', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-headers-5.4.0-215-generic", "from_version": { "source_package_name": "linux", "source_package_version": "5.4.0-214.234", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.4.0-215.235", "version": "5.4.0-215.235" }, "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2106919, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "log": [ "", " * focal/linux: 5.4.0-215.235 -proposed tracker (LP: #2106919)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update annotations scripts", "", " * CVE-2023-52664", " - net: atlantic: eliminate double free in error handling logic", "", " * CVE-2024-26689", " - ceph: prevent use-after-free in encode_cap_msg()", "", " * CVE-2023-52927", " - netfilter: allow exp not to be removed in nf_ct_find_expectation", "" ], "package": "linux", "version": "5.4.0-215.235", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2106919, 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 11 Apr 2025 22:35:29 +0200" } ], "notes": "linux-headers-5.4.0-215-generic version '5.4.0-215.235' (source package linux version '5.4.0-215.235') was added. linux-headers-5.4.0-215-generic version '5.4.0-215.235' has the same source package name, linux, as removed package linux-headers-5.4.0-214. As such we can use the source package version of the removed package, '5.4.0-214.234', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-image-5.4.0-215-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "5.4.0-214.234", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "5.4.0-215.235", "version": "5.4.0-215.235" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 5.4.0-215.235", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "5.4.0-215.235", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 11 Apr 2025 23:00:37 +0200" } ], "notes": "linux-image-5.4.0-215-generic version '5.4.0-215.235' (source package linux-signed version '5.4.0-215.235') was added. linux-image-5.4.0-215-generic version '5.4.0-215.235' has the same source package name, linux-signed, as removed package linux-image-5.4.0-214-generic. As such we can use the source package version of the removed package, '5.4.0-214.234', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-5.4.0-215-generic", "from_version": { "source_package_name": "linux", "source_package_version": "5.4.0-214.234", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.4.0-215.235", "version": "5.4.0-215.235" }, "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2106919, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2023-52664", "url": "https://ubuntu.com/security/CVE-2023-52664", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer.", "cve_priority": "high", "cve_public_date": "2024-05-17 14:15:00 UTC" }, { "cve": "CVE-2024-26689", "url": "https://ubuntu.com/security/CVE-2024-26689", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in \"handle_cap_grant()\" refcount is decremented by this line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race occurred and resource was freed by the latter line before the former line could increment it. encode_cap_msg() is called by __send_cap() and __send_cap() is called by ceph_check_caps() after calling __prep_cap(). __prep_cap() is where arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where the refcount must be increased to prevent \"use after free\" error.", "cve_priority": "high", "cve_public_date": "2024-04-03 15:15:00 UTC" }, { "cve": "CVE-2023-52927", "url": "https://ubuntu.com/security/CVE-2023-52927", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack in the following patches. This patch allows exp not to be removed by setting IPS_CONFIRMED in the status of the tmpl.", "cve_priority": "high", "cve_public_date": "2025-03-14 15:15:00 UTC" } ], "log": [ "", " * focal/linux: 5.4.0-215.235 -proposed tracker (LP: #2106919)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update annotations scripts", "", " * CVE-2023-52664", " - net: atlantic: eliminate double free in error handling logic", "", " * CVE-2024-26689", " - ceph: prevent use-after-free in encode_cap_msg()", "", " * CVE-2023-52927", " - netfilter: allow exp not to be removed in nf_ct_find_expectation", "" ], "package": "linux", "version": "5.4.0-215.235", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2106919, 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 11 Apr 2025 22:35:29 +0200" } ], "notes": "linux-modules-5.4.0-215-generic version '5.4.0-215.235' (source package linux version '5.4.0-215.235') was added. linux-modules-5.4.0-215-generic version '5.4.0-215.235' has the same source package name, linux, as removed package linux-headers-5.4.0-214. As such we can use the source package version of the removed package, '5.4.0-214.234', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-5.4.0-214", "from_version": { "source_package_name": "linux", "source_package_version": "5.4.0-214.234", "version": "5.4.0-214.234" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-5.4.0-214-generic", "from_version": { "source_package_name": "linux", "source_package_version": "5.4.0-214.234", "version": "5.4.0-214.234" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-5.4.0-214-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "5.4.0-214.234", "version": "5.4.0-214.234" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-5.4.0-214-generic", "from_version": { "source_package_name": "linux", "source_package_version": "5.4.0-214.234", "version": "5.4.0-214.234" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 20.04 focal image from daily image serial 20250429 to 20250508.1", "from_series": "focal", "to_series": "focal", "from_serial": "20250429", "to_serial": "20250508.1", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }