{
"summary": {
"snap": {
"added": [],
"removed": [],
"diff": []
},
"deb": {
"added": [],
"removed": [],
"diff": [
"apparmor",
"libapparmor1",
"lxd-installer",
"openssh-client",
"openssh-server",
"openssh-sftp-server"
]
}
},
"diff": {
"deb": [
{
"name": "apparmor",
"from_version": {
"source_package_name": "apparmor",
"source_package_version": "4.0.0-beta3-0ubuntu3",
"version": "4.0.0-beta3-0ubuntu3"
},
"to_version": {
"source_package_name": "apparmor",
"source_package_version": "4.0.1-0ubuntu0.24.04.2",
"version": "4.0.1-0ubuntu0.24.04.2"
},
"cves": [],
"launchpad_bugs_fixed": [
2064672,
2046844,
2046844,
2060100,
2056297,
2046844,
2065708
],
"changes": [
{
"cves": [],
"log": [
"",
" [Georgia Garcia]",
" * New upstream release. (LP: #2064672)",
" * Refresh",
" - d/p/u/parser-add-support-for-prompting.patch",
" - Add condition in policydb serialization to only encode xtable if",
" kernel_supports_permstable32",
" * Add patch to add balena-etcher profile (LP: #2046844)",
" - d/p/u/profiles-add-unconfined-balena-etcher-profile.patch",
" * Fix d/p/u/userns-runtime-disable.patch to work when",
" kernel.apparmor_restrict_unprivileged_userns does not exist by adding",
" -e to sysctl.",
" * d/apparmor.install",
" - install new profiles",
" - wike - changed installation from apparmor to apparmor.d",
" - foliate",
" - balena-etcher",
" - transmission",
"",
" [Alex Murray]",
" * Add upstream patch to relax mount rules to fix use of virtiofs and",
" other file-system types",
" - d/p/u/mountrule-relaxing-constraints-on-fstype.patch",
" * Remove patches which got dropped from quilt series earlier",
" - d/p/u/parser-support-uin128_t-key-as-a-pair-of-uint64_t-nu.patch",
" - d/p/u/Minor-improvements-for-MountRule.patch",
" * d/control: Remove obsolete lsb-base Depends and swap pkg-config to",
" pkgconf for Build-Depends",
""
],
"package": "apparmor",
"version": "4.0.1-0ubuntu0.24.04.2",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2064672,
2046844
],
"author": "Georgia Garcia <georgia.garcia@canonical.com>",
"date": "Tue, 30 Apr 2024 14:12:01 -0300"
},
{
"cves": [],
"log": [
"",
" * New upstream release.",
" (LP: #2046844, LP: #2060100, LP: #2056297)",
" * Refresh",
" - d/p/u/samba-systemd-interaction.patch",
" * Drop patches which have now been applied updatea",
" - d/p/u/parser-fix-issues-appointed-by-coverity.patch",
" - d/p/u/profiles-add-unconfined-profile-for-tuxedo-control-c.patch",
" * Add patch to enable bwrap profile",
" - d/p/u/enable-bwrap-profile.patch",
" (LP: #2046844, LP: #2065708)",
" * d/apparmor.install",
" - install new profile",
" - bwrap-userns-restrict",
" * d/apparmor-profiles.install",
" - install new profile",
" - unshare-userns-restrict"
],
"package": "apparmor",
"version": "4.0.0-beta4-0ubuntu1",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2046844,
2060100,
2056297,
2046844,
2065708
],
"author": "John Johansen <johnjohansen@canonical.com>",
"date": "Mon, 08 Apr 2024 03:40:37 -0700"
}
],
"notes": null
},
{
"name": "libapparmor1",
"from_version": {
"source_package_name": "apparmor",
"source_package_version": "4.0.0-beta3-0ubuntu3",
"version": "4.0.0-beta3-0ubuntu3"
},
"to_version": {
"source_package_name": "apparmor",
"source_package_version": "4.0.1-0ubuntu0.24.04.2",
"version": "4.0.1-0ubuntu0.24.04.2"
},
"cves": [],
"launchpad_bugs_fixed": [
2064672,
2046844,
2046844,
2060100,
2056297,
2046844,
2065708
],
"changes": [
{
"cves": [],
"log": [
"",
" [Georgia Garcia]",
" * New upstream release. (LP: #2064672)",
" * Refresh",
" - d/p/u/parser-add-support-for-prompting.patch",
" - Add condition in policydb serialization to only encode xtable if",
" kernel_supports_permstable32",
" * Add patch to add balena-etcher profile (LP: #2046844)",
" - d/p/u/profiles-add-unconfined-balena-etcher-profile.patch",
" * Fix d/p/u/userns-runtime-disable.patch to work when",
" kernel.apparmor_restrict_unprivileged_userns does not exist by adding",
" -e to sysctl.",
" * d/apparmor.install",
" - install new profiles",
" - wike - changed installation from apparmor to apparmor.d",
" - foliate",
" - balena-etcher",
" - transmission",
"",
" [Alex Murray]",
" * Add upstream patch to relax mount rules to fix use of virtiofs and",
" other file-system types",
" - d/p/u/mountrule-relaxing-constraints-on-fstype.patch",
" * Remove patches which got dropped from quilt series earlier",
" - d/p/u/parser-support-uin128_t-key-as-a-pair-of-uint64_t-nu.patch",
" - d/p/u/Minor-improvements-for-MountRule.patch",
" * d/control: Remove obsolete lsb-base Depends and swap pkg-config to",
" pkgconf for Build-Depends",
""
],
"package": "apparmor",
"version": "4.0.1-0ubuntu0.24.04.2",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2064672,
2046844
],
"author": "Georgia Garcia <georgia.garcia@canonical.com>",
"date": "Tue, 30 Apr 2024 14:12:01 -0300"
},
{
"cves": [],
"log": [
"",
" * New upstream release.",
" (LP: #2046844, LP: #2060100, LP: #2056297)",
" * Refresh",
" - d/p/u/samba-systemd-interaction.patch",
" * Drop patches which have now been applied updatea",
" - d/p/u/parser-fix-issues-appointed-by-coverity.patch",
" - d/p/u/profiles-add-unconfined-profile-for-tuxedo-control-c.patch",
" * Add patch to enable bwrap profile",
" - d/p/u/enable-bwrap-profile.patch",
" (LP: #2046844, LP: #2065708)",
" * d/apparmor.install",
" - install new profile",
" - bwrap-userns-restrict",
" * d/apparmor-profiles.install",
" - install new profile",
" - unshare-userns-restrict"
],
"package": "apparmor",
"version": "4.0.0-beta4-0ubuntu1",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2046844,
2060100,
2056297,
2046844,
2065708
],
"author": "John Johansen <johnjohansen@canonical.com>",
"date": "Mon, 08 Apr 2024 03:40:37 -0700"
}
],
"notes": null
},
{
"name": "lxd-installer",
"from_version": {
"source_package_name": "lxd-installer",
"source_package_version": "4",
"version": "4"
},
"to_version": {
"source_package_name": "lxd-installer",
"source_package_version": "4ubuntu0.1",
"version": "4ubuntu0.1"
},
"cves": [],
"launchpad_bugs_fixed": [
2061017
],
"changes": [
{
"cves": [],
"log": [
"",
" * scripts/lxc: check if socket is writeable (LP: #2061017)",
" - scripts/lxc: give time to snapd to make command available",
" - d/tests/not-member-of-lxd-group: new test",
""
],
"package": "lxd-installer",
"version": "4ubuntu0.1",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2061017
],
"author": "Simon Deziel <simon.deziel@canonical.com>",
"date": "Tue, 07 May 2024 19:33:14 -0400"
}
],
"notes": null
},
{
"name": "openssh-client",
"from_version": {
"source_package_name": "openssh",
"source_package_version": "1:9.6p1-3ubuntu13.3",
"version": "1:9.6p1-3ubuntu13.3"
},
"to_version": {
"source_package_name": "openssh",
"source_package_version": "1:9.6p1-3ubuntu13.4",
"version": "1:9.6p1-3ubuntu13.4"
},
"cves": [
{
"cve": "CVE-2024-39894",
"url": "https://ubuntu.com/security/CVE-2024-39894",
"cve_description": "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.",
"cve_priority": "medium",
"cve_public_date": "2024-07-02 18:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-39894",
"url": "https://ubuntu.com/security/CVE-2024-39894",
"cve_description": "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.",
"cve_priority": "medium",
"cve_public_date": "2024-07-02 18:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: timing attack against echo-off password entry",
" - debian/patches/CVE-2024-39894.patch: don't rely on",
" channel_did_enqueue in clientloop.c",
" - CVE-2024-39894",
""
],
"package": "openssh",
"version": "1:9.6p1-3ubuntu13.4",
"urgency": "medium",
"distributions": "noble-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Tue, 09 Jul 2024 07:31:27 -0400"
}
],
"notes": null
},
{
"name": "openssh-server",
"from_version": {
"source_package_name": "openssh",
"source_package_version": "1:9.6p1-3ubuntu13.3",
"version": "1:9.6p1-3ubuntu13.3"
},
"to_version": {
"source_package_name": "openssh",
"source_package_version": "1:9.6p1-3ubuntu13.4",
"version": "1:9.6p1-3ubuntu13.4"
},
"cves": [
{
"cve": "CVE-2024-39894",
"url": "https://ubuntu.com/security/CVE-2024-39894",
"cve_description": "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.",
"cve_priority": "medium",
"cve_public_date": "2024-07-02 18:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-39894",
"url": "https://ubuntu.com/security/CVE-2024-39894",
"cve_description": "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.",
"cve_priority": "medium",
"cve_public_date": "2024-07-02 18:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: timing attack against echo-off password entry",
" - debian/patches/CVE-2024-39894.patch: don't rely on",
" channel_did_enqueue in clientloop.c",
" - CVE-2024-39894",
""
],
"package": "openssh",
"version": "1:9.6p1-3ubuntu13.4",
"urgency": "medium",
"distributions": "noble-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Tue, 09 Jul 2024 07:31:27 -0400"
}
],
"notes": null
},
{
"name": "openssh-sftp-server",
"from_version": {
"source_package_name": "openssh",
"source_package_version": "1:9.6p1-3ubuntu13.3",
"version": "1:9.6p1-3ubuntu13.3"
},
"to_version": {
"source_package_name": "openssh",
"source_package_version": "1:9.6p1-3ubuntu13.4",
"version": "1:9.6p1-3ubuntu13.4"
},
"cves": [
{
"cve": "CVE-2024-39894",
"url": "https://ubuntu.com/security/CVE-2024-39894",
"cve_description": "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.",
"cve_priority": "medium",
"cve_public_date": "2024-07-02 18:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-39894",
"url": "https://ubuntu.com/security/CVE-2024-39894",
"cve_description": "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.",
"cve_priority": "medium",
"cve_public_date": "2024-07-02 18:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: timing attack against echo-off password entry",
" - debian/patches/CVE-2024-39894.patch: don't rely on",
" channel_did_enqueue in clientloop.c",
" - CVE-2024-39894",
""
],
"package": "openssh",
"version": "1:9.6p1-3ubuntu13.4",
"urgency": "medium",
"distributions": "noble-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Tue, 09 Jul 2024 07:31:27 -0400"
}
],
"notes": null
}
],
"snap": []
},
"added": {
"deb": [],
"snap": []
},
"removed": {
"deb": [],
"snap": []
},
"notes": "Changelog diff for Ubuntu 24.04 noble image from daily image serial 20240702 to 20240710",
"from_series": "noble",
"to_series": "noble",
"from_serial": "20240702",
"to_serial": "20240710",
"from_manifest_filename": "daily_manifest.previous",
"to_manifest_filename": "manifest.current"
}