{
"summary": {
"snap": {
"added": [],
"removed": [],
"diff": []
},
"deb": {
"added": [
"linux-headers-6.8.0-55",
"linux-headers-6.8.0-55-generic",
"linux-image-6.8.0-55-generic",
"linux-modules-6.8.0-55-generic",
"linux-tools-6.8.0-55",
"linux-tools-6.8.0-55-generic"
],
"removed": [
"linux-headers-6.8.0-54",
"linux-headers-6.8.0-54-generic",
"linux-image-6.8.0-54-generic",
"linux-modules-6.8.0-54-generic",
"linux-tools-6.8.0-54",
"linux-tools-6.8.0-54-generic"
],
"diff": [
"apport",
"apport-core-dump-handler",
"krb5-locales",
"libgssapi-krb5-2",
"libk5crypto3",
"libkrb5-3",
"libkrb5support0",
"linux-headers-generic",
"linux-headers-virtual",
"linux-image-virtual",
"linux-libc-dev",
"linux-tools-common",
"linux-virtual",
"python3-apport",
"python3-jinja2",
"python3-problem-report",
"snapd",
"sosreport"
]
}
},
"diff": {
"deb": [
{
"name": "apport",
"from_version": {
"source_package_name": "apport",
"source_package_version": "2.28.1-0ubuntu3.3",
"version": "2.28.1-0ubuntu3.3"
},
"to_version": {
"source_package_name": "apport",
"source_package_version": "2.28.1-0ubuntu3.5",
"version": "2.28.1-0ubuntu3.5"
},
"cves": [],
"launchpad_bugs_fixed": [
2097264,
2098415,
2098423,
2006981,
2100313,
2076269
],
"changes": [
{
"cves": [],
"log": [
"",
" [ Simon Chopin ]",
" * d/p/tests-skip-anonymization-test-on-environments-that-a.patch:",
" Fix FTBFS when building on the LP infra (LP: #2097264)",
"",
" [ Chris Peterson ]",
" * d/package-hooks/ubuntu-desktop-bootstrap.py: attach files with root",
" and add subiquity traceback, curtin logs, subiquity or system journal,",
" hardware information, and check if snap updated (LP: #2098415).",
" * d/package-hooks/subiquity.py: fix typo in path to curtin apt",
" configuration (LP: #2098423).",
"",
" [ Benjamin Drung ]",
" * apport-gtk: check for available display on startup (LP: #2006981)",
" * python3-apport: Bump python3-problem-report dependency to >= 2.28",
" for CompressedFile class (LP: #2100313)",
" * test:",
" - do not check for exact encoded gzip data (LP: #2076269)",
" - depend on apport-gtk for new UI integration test",
" - split test_find_package_desktopfile into separate test cases",
" and fix test_find_package_desktopfile_multiple",
" - autopkgtest: install xterm for test_find_package_desktopfile_multiple",
""
],
"package": "apport",
"version": "2.28.1-0ubuntu3.5",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2097264,
2098415,
2098423,
2006981,
2100313,
2076269
],
"author": "Benjamin Drung <bdrung@ubuntu.com>",
"date": "Thu, 27 Feb 2025 14:01:57 +0100"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "apport-core-dump-handler",
"from_version": {
"source_package_name": "apport",
"source_package_version": "2.28.1-0ubuntu3.3",
"version": "2.28.1-0ubuntu3.3"
},
"to_version": {
"source_package_name": "apport",
"source_package_version": "2.28.1-0ubuntu3.5",
"version": "2.28.1-0ubuntu3.5"
},
"cves": [],
"launchpad_bugs_fixed": [
2097264,
2098415,
2098423,
2006981,
2100313,
2076269
],
"changes": [
{
"cves": [],
"log": [
"",
" [ Simon Chopin ]",
" * d/p/tests-skip-anonymization-test-on-environments-that-a.patch:",
" Fix FTBFS when building on the LP infra (LP: #2097264)",
"",
" [ Chris Peterson ]",
" * d/package-hooks/ubuntu-desktop-bootstrap.py: attach files with root",
" and add subiquity traceback, curtin logs, subiquity or system journal,",
" hardware information, and check if snap updated (LP: #2098415).",
" * d/package-hooks/subiquity.py: fix typo in path to curtin apt",
" configuration (LP: #2098423).",
"",
" [ Benjamin Drung ]",
" * apport-gtk: check for available display on startup (LP: #2006981)",
" * python3-apport: Bump python3-problem-report dependency to >= 2.28",
" for CompressedFile class (LP: #2100313)",
" * test:",
" - do not check for exact encoded gzip data (LP: #2076269)",
" - depend on apport-gtk for new UI integration test",
" - split test_find_package_desktopfile into separate test cases",
" and fix test_find_package_desktopfile_multiple",
" - autopkgtest: install xterm for test_find_package_desktopfile_multiple",
""
],
"package": "apport",
"version": "2.28.1-0ubuntu3.5",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2097264,
2098415,
2098423,
2006981,
2100313,
2076269
],
"author": "Benjamin Drung <bdrung@ubuntu.com>",
"date": "Thu, 27 Feb 2025 14:01:57 +0100"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "krb5-locales",
"from_version": {
"source_package_name": "krb5",
"source_package_version": "1.20.1-6ubuntu2.4",
"version": "1.20.1-6ubuntu2.4"
},
"to_version": {
"source_package_name": "krb5",
"source_package_version": "1.20.1-6ubuntu2.5",
"version": "1.20.1-6ubuntu2.5"
},
"cves": [
{
"cve": "CVE-2024-26458",
"url": "https://ubuntu.com/security/CVE-2024-26458",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"cve_priority": "negligible",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26461",
"url": "https://ubuntu.com/security/CVE-2024-26461",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"cve_priority": "low",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26462",
"url": "https://ubuntu.com/security/CVE-2024-26462",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"cve_priority": "medium",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2025-24528",
"url": "https://ubuntu.com/security/CVE-2025-24528",
"cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.",
"cve_priority": "medium",
"cve_public_date": "2025-01-31"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-26458",
"url": "https://ubuntu.com/security/CVE-2024-26458",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"cve_priority": "negligible",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26461",
"url": "https://ubuntu.com/security/CVE-2024-26461",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"cve_priority": "low",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26462",
"url": "https://ubuntu.com/security/CVE-2024-26462",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"cve_priority": "medium",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2025-24528",
"url": "https://ubuntu.com/security/CVE-2025-24528",
"cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.",
"cve_priority": "medium",
"cve_public_date": "2025-01-31"
}
],
"log": [
"",
" * SECURITY UPDATE: denial of service via two memory leaks",
" - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in",
" src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.",
" - CVE-2024-26458",
" - CVE-2024-26461",
" * SECURITY UPDATE: denial of service via memory leak",
" - debian/patches/CVE-2024-26462.patch: fix leak in KDC NDR encoding in",
" src/kdc/ndr.c.",
" - CVE-2024-26462",
" * SECURITY UPDATE: kadmind DoS via iprop log file",
" - debian/patches/CVE-2025-24528.patch: prevent overflow when",
" calculating ulog block size in src/lib/kdb/kdb_log.c.",
" - CVE-2025-24528",
""
],
"package": "krb5",
"version": "1.20.1-6ubuntu2.5",
"urgency": "medium",
"distributions": "noble-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Tue, 25 Feb 2025 10:30:21 -0500"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "libgssapi-krb5-2",
"from_version": {
"source_package_name": "krb5",
"source_package_version": "1.20.1-6ubuntu2.4",
"version": "1.20.1-6ubuntu2.4"
},
"to_version": {
"source_package_name": "krb5",
"source_package_version": "1.20.1-6ubuntu2.5",
"version": "1.20.1-6ubuntu2.5"
},
"cves": [
{
"cve": "CVE-2024-26458",
"url": "https://ubuntu.com/security/CVE-2024-26458",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"cve_priority": "negligible",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26461",
"url": "https://ubuntu.com/security/CVE-2024-26461",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"cve_priority": "low",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26462",
"url": "https://ubuntu.com/security/CVE-2024-26462",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"cve_priority": "medium",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2025-24528",
"url": "https://ubuntu.com/security/CVE-2025-24528",
"cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.",
"cve_priority": "medium",
"cve_public_date": "2025-01-31"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-26458",
"url": "https://ubuntu.com/security/CVE-2024-26458",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"cve_priority": "negligible",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26461",
"url": "https://ubuntu.com/security/CVE-2024-26461",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"cve_priority": "low",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26462",
"url": "https://ubuntu.com/security/CVE-2024-26462",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"cve_priority": "medium",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2025-24528",
"url": "https://ubuntu.com/security/CVE-2025-24528",
"cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.",
"cve_priority": "medium",
"cve_public_date": "2025-01-31"
}
],
"log": [
"",
" * SECURITY UPDATE: denial of service via two memory leaks",
" - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in",
" src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.",
" - CVE-2024-26458",
" - CVE-2024-26461",
" * SECURITY UPDATE: denial of service via memory leak",
" - debian/patches/CVE-2024-26462.patch: fix leak in KDC NDR encoding in",
" src/kdc/ndr.c.",
" - CVE-2024-26462",
" * SECURITY UPDATE: kadmind DoS via iprop log file",
" - debian/patches/CVE-2025-24528.patch: prevent overflow when",
" calculating ulog block size in src/lib/kdb/kdb_log.c.",
" - CVE-2025-24528",
""
],
"package": "krb5",
"version": "1.20.1-6ubuntu2.5",
"urgency": "medium",
"distributions": "noble-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Tue, 25 Feb 2025 10:30:21 -0500"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "libk5crypto3",
"from_version": {
"source_package_name": "krb5",
"source_package_version": "1.20.1-6ubuntu2.4",
"version": "1.20.1-6ubuntu2.4"
},
"to_version": {
"source_package_name": "krb5",
"source_package_version": "1.20.1-6ubuntu2.5",
"version": "1.20.1-6ubuntu2.5"
},
"cves": [
{
"cve": "CVE-2024-26458",
"url": "https://ubuntu.com/security/CVE-2024-26458",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"cve_priority": "negligible",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26461",
"url": "https://ubuntu.com/security/CVE-2024-26461",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"cve_priority": "low",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26462",
"url": "https://ubuntu.com/security/CVE-2024-26462",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"cve_priority": "medium",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2025-24528",
"url": "https://ubuntu.com/security/CVE-2025-24528",
"cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.",
"cve_priority": "medium",
"cve_public_date": "2025-01-31"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-26458",
"url": "https://ubuntu.com/security/CVE-2024-26458",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"cve_priority": "negligible",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26461",
"url": "https://ubuntu.com/security/CVE-2024-26461",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"cve_priority": "low",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26462",
"url": "https://ubuntu.com/security/CVE-2024-26462",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"cve_priority": "medium",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2025-24528",
"url": "https://ubuntu.com/security/CVE-2025-24528",
"cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.",
"cve_priority": "medium",
"cve_public_date": "2025-01-31"
}
],
"log": [
"",
" * SECURITY UPDATE: denial of service via two memory leaks",
" - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in",
" src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.",
" - CVE-2024-26458",
" - CVE-2024-26461",
" * SECURITY UPDATE: denial of service via memory leak",
" - debian/patches/CVE-2024-26462.patch: fix leak in KDC NDR encoding in",
" src/kdc/ndr.c.",
" - CVE-2024-26462",
" * SECURITY UPDATE: kadmind DoS via iprop log file",
" - debian/patches/CVE-2025-24528.patch: prevent overflow when",
" calculating ulog block size in src/lib/kdb/kdb_log.c.",
" - CVE-2025-24528",
""
],
"package": "krb5",
"version": "1.20.1-6ubuntu2.5",
"urgency": "medium",
"distributions": "noble-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Tue, 25 Feb 2025 10:30:21 -0500"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "libkrb5-3",
"from_version": {
"source_package_name": "krb5",
"source_package_version": "1.20.1-6ubuntu2.4",
"version": "1.20.1-6ubuntu2.4"
},
"to_version": {
"source_package_name": "krb5",
"source_package_version": "1.20.1-6ubuntu2.5",
"version": "1.20.1-6ubuntu2.5"
},
"cves": [
{
"cve": "CVE-2024-26458",
"url": "https://ubuntu.com/security/CVE-2024-26458",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"cve_priority": "negligible",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26461",
"url": "https://ubuntu.com/security/CVE-2024-26461",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"cve_priority": "low",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26462",
"url": "https://ubuntu.com/security/CVE-2024-26462",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"cve_priority": "medium",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2025-24528",
"url": "https://ubuntu.com/security/CVE-2025-24528",
"cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.",
"cve_priority": "medium",
"cve_public_date": "2025-01-31"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-26458",
"url": "https://ubuntu.com/security/CVE-2024-26458",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"cve_priority": "negligible",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26461",
"url": "https://ubuntu.com/security/CVE-2024-26461",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"cve_priority": "low",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26462",
"url": "https://ubuntu.com/security/CVE-2024-26462",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"cve_priority": "medium",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2025-24528",
"url": "https://ubuntu.com/security/CVE-2025-24528",
"cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.",
"cve_priority": "medium",
"cve_public_date": "2025-01-31"
}
],
"log": [
"",
" * SECURITY UPDATE: denial of service via two memory leaks",
" - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in",
" src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.",
" - CVE-2024-26458",
" - CVE-2024-26461",
" * SECURITY UPDATE: denial of service via memory leak",
" - debian/patches/CVE-2024-26462.patch: fix leak in KDC NDR encoding in",
" src/kdc/ndr.c.",
" - CVE-2024-26462",
" * SECURITY UPDATE: kadmind DoS via iprop log file",
" - debian/patches/CVE-2025-24528.patch: prevent overflow when",
" calculating ulog block size in src/lib/kdb/kdb_log.c.",
" - CVE-2025-24528",
""
],
"package": "krb5",
"version": "1.20.1-6ubuntu2.5",
"urgency": "medium",
"distributions": "noble-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Tue, 25 Feb 2025 10:30:21 -0500"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "libkrb5support0",
"from_version": {
"source_package_name": "krb5",
"source_package_version": "1.20.1-6ubuntu2.4",
"version": "1.20.1-6ubuntu2.4"
},
"to_version": {
"source_package_name": "krb5",
"source_package_version": "1.20.1-6ubuntu2.5",
"version": "1.20.1-6ubuntu2.5"
},
"cves": [
{
"cve": "CVE-2024-26458",
"url": "https://ubuntu.com/security/CVE-2024-26458",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"cve_priority": "negligible",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26461",
"url": "https://ubuntu.com/security/CVE-2024-26461",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"cve_priority": "low",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26462",
"url": "https://ubuntu.com/security/CVE-2024-26462",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"cve_priority": "medium",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2025-24528",
"url": "https://ubuntu.com/security/CVE-2025-24528",
"cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.",
"cve_priority": "medium",
"cve_public_date": "2025-01-31"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-26458",
"url": "https://ubuntu.com/security/CVE-2024-26458",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.",
"cve_priority": "negligible",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26461",
"url": "https://ubuntu.com/security/CVE-2024-26461",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.",
"cve_priority": "low",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2024-26462",
"url": "https://ubuntu.com/security/CVE-2024-26462",
"cve_description": "Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.",
"cve_priority": "medium",
"cve_public_date": "2024-02-29 01:44:00 UTC"
},
{
"cve": "CVE-2025-24528",
"url": "https://ubuntu.com/security/CVE-2025-24528",
"cve_description": "In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.",
"cve_priority": "medium",
"cve_public_date": "2025-01-31"
}
],
"log": [
"",
" * SECURITY UPDATE: denial of service via two memory leaks",
" - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in",
" src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c.",
" - CVE-2024-26458",
" - CVE-2024-26461",
" * SECURITY UPDATE: denial of service via memory leak",
" - debian/patches/CVE-2024-26462.patch: fix leak in KDC NDR encoding in",
" src/kdc/ndr.c.",
" - CVE-2024-26462",
" * SECURITY UPDATE: kadmind DoS via iprop log file",
" - debian/patches/CVE-2025-24528.patch: prevent overflow when",
" calculating ulog block size in src/lib/kdb/kdb_log.c.",
" - CVE-2025-24528",
""
],
"package": "krb5",
"version": "1.20.1-6ubuntu2.5",
"urgency": "medium",
"distributions": "noble-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Tue, 25 Feb 2025 10:30:21 -0500"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "linux-headers-generic",
"from_version": {
"source_package_name": "linux-meta",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": "linux-meta",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [],
"log": [
"",
" * Main version: 6.8.0-55.57",
""
],
"package": "linux-meta",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 19:44:49 +0100"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "linux-headers-virtual",
"from_version": {
"source_package_name": "linux-meta",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": "linux-meta",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [],
"log": [
"",
" * Main version: 6.8.0-55.57",
""
],
"package": "linux-meta",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 19:44:49 +0100"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "linux-image-virtual",
"from_version": {
"source_package_name": "linux-meta",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": "linux-meta",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [],
"log": [
"",
" * Main version: 6.8.0-55.57",
""
],
"package": "linux-meta",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 19:44:49 +0100"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "linux-libc-dev",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2097981,
2089411
],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * noble/linux: 6.8.0-55.57 -proposed tracker (LP: #2097981)",
"",
" * python perf module missing in realtime kernel (LP: #2089411)",
" - [Packaging] linux-tools: Add missing python perf symlink",
" - [Packaging] linux-tools: Fix python perf library packaging",
" - [Packaging] linux-tools: Fall back to old python perf path",
"",
" * CVE-2024-53104",
" - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in",
" uvc_parse_format",
""
],
"package": "linux",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2097981,
2089411
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 20:54:42 +0100"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "linux-tools-common",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2097981,
2089411
],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * noble/linux: 6.8.0-55.57 -proposed tracker (LP: #2097981)",
"",
" * python perf module missing in realtime kernel (LP: #2089411)",
" - [Packaging] linux-tools: Add missing python perf symlink",
" - [Packaging] linux-tools: Fix python perf library packaging",
" - [Packaging] linux-tools: Fall back to old python perf path",
"",
" * CVE-2024-53104",
" - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in",
" uvc_parse_format",
""
],
"package": "linux",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2097981,
2089411
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 20:54:42 +0100"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "linux-virtual",
"from_version": {
"source_package_name": "linux-meta",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": "linux-meta",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [],
"log": [
"",
" * Main version: 6.8.0-55.57",
""
],
"package": "linux-meta",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 19:44:49 +0100"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "python3-apport",
"from_version": {
"source_package_name": "apport",
"source_package_version": "2.28.1-0ubuntu3.3",
"version": "2.28.1-0ubuntu3.3"
},
"to_version": {
"source_package_name": "apport",
"source_package_version": "2.28.1-0ubuntu3.5",
"version": "2.28.1-0ubuntu3.5"
},
"cves": [],
"launchpad_bugs_fixed": [
2097264,
2098415,
2098423,
2006981,
2100313,
2076269
],
"changes": [
{
"cves": [],
"log": [
"",
" [ Simon Chopin ]",
" * d/p/tests-skip-anonymization-test-on-environments-that-a.patch:",
" Fix FTBFS when building on the LP infra (LP: #2097264)",
"",
" [ Chris Peterson ]",
" * d/package-hooks/ubuntu-desktop-bootstrap.py: attach files with root",
" and add subiquity traceback, curtin logs, subiquity or system journal,",
" hardware information, and check if snap updated (LP: #2098415).",
" * d/package-hooks/subiquity.py: fix typo in path to curtin apt",
" configuration (LP: #2098423).",
"",
" [ Benjamin Drung ]",
" * apport-gtk: check for available display on startup (LP: #2006981)",
" * python3-apport: Bump python3-problem-report dependency to >= 2.28",
" for CompressedFile class (LP: #2100313)",
" * test:",
" - do not check for exact encoded gzip data (LP: #2076269)",
" - depend on apport-gtk for new UI integration test",
" - split test_find_package_desktopfile into separate test cases",
" and fix test_find_package_desktopfile_multiple",
" - autopkgtest: install xterm for test_find_package_desktopfile_multiple",
""
],
"package": "apport",
"version": "2.28.1-0ubuntu3.5",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2097264,
2098415,
2098423,
2006981,
2100313,
2076269
],
"author": "Benjamin Drung <bdrung@ubuntu.com>",
"date": "Thu, 27 Feb 2025 14:01:57 +0100"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "python3-jinja2",
"from_version": {
"source_package_name": "jinja2",
"source_package_version": "3.1.2-1ubuntu1.2",
"version": "3.1.2-1ubuntu1.2"
},
"to_version": {
"source_package_name": "jinja2",
"source_package_version": "3.1.2-1ubuntu1.3",
"version": "3.1.2-1ubuntu1.3"
},
"cves": [
{
"cve": "CVE-2025-27516",
"url": "https://ubuntu.com/security/CVE-2025-27516",
"cve_description": "Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.",
"cve_priority": "medium",
"cve_public_date": "2025-03-05 21:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-27516",
"url": "https://ubuntu.com/security/CVE-2025-27516",
"cve_description": "Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup. This vulnerability is fixed in 3.1.6.",
"cve_priority": "medium",
"cve_public_date": "2025-03-05 21:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Arbitrary code execution via |attr filter bypass",
" - debian/patches/CVE-2025-27516.patch: attr filter uses env.getattr",
" - CVE-2025-27516",
""
],
"package": "jinja2",
"version": "3.1.2-1ubuntu1.3",
"urgency": "medium",
"distributions": "noble-security",
"launchpad_bugs_fixed": [],
"author": "John Breton <john.breton@canonical.com>",
"date": "Mon, 10 Mar 2025 12:56:35 -0400"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "python3-problem-report",
"from_version": {
"source_package_name": "apport",
"source_package_version": "2.28.1-0ubuntu3.3",
"version": "2.28.1-0ubuntu3.3"
},
"to_version": {
"source_package_name": "apport",
"source_package_version": "2.28.1-0ubuntu3.5",
"version": "2.28.1-0ubuntu3.5"
},
"cves": [],
"launchpad_bugs_fixed": [
2097264,
2098415,
2098423,
2006981,
2100313,
2076269
],
"changes": [
{
"cves": [],
"log": [
"",
" [ Simon Chopin ]",
" * d/p/tests-skip-anonymization-test-on-environments-that-a.patch:",
" Fix FTBFS when building on the LP infra (LP: #2097264)",
"",
" [ Chris Peterson ]",
" * d/package-hooks/ubuntu-desktop-bootstrap.py: attach files with root",
" and add subiquity traceback, curtin logs, subiquity or system journal,",
" hardware information, and check if snap updated (LP: #2098415).",
" * d/package-hooks/subiquity.py: fix typo in path to curtin apt",
" configuration (LP: #2098423).",
"",
" [ Benjamin Drung ]",
" * apport-gtk: check for available display on startup (LP: #2006981)",
" * python3-apport: Bump python3-problem-report dependency to >= 2.28",
" for CompressedFile class (LP: #2100313)",
" * test:",
" - do not check for exact encoded gzip data (LP: #2076269)",
" - depend on apport-gtk for new UI integration test",
" - split test_find_package_desktopfile into separate test cases",
" and fix test_find_package_desktopfile_multiple",
" - autopkgtest: install xterm for test_find_package_desktopfile_multiple",
""
],
"package": "apport",
"version": "2.28.1-0ubuntu3.5",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2097264,
2098415,
2098423,
2006981,
2100313,
2076269
],
"author": "Benjamin Drung <bdrung@ubuntu.com>",
"date": "Thu, 27 Feb 2025 14:01:57 +0100"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "snapd",
"from_version": {
"source_package_name": "snapd",
"source_package_version": "2.66.1+24.04",
"version": "2.66.1+24.04"
},
"to_version": {
"source_package_name": "snapd",
"source_package_version": "2.67.1+24.04",
"version": "2.67.1+24.04"
},
"cves": [],
"launchpad_bugs_fixed": [
2089691,
2090938,
2084730,
2083961,
2085535,
2086203,
2083490
],
"changes": [
{
"cves": [],
"log": [
"",
" * New upstream release, LP: #2089691",
" - Fix apparmor permissions to allow snaps access to kernel modules",
" and firmware on UC24, which also fixes the kernel-modules-control",
" interface on UC24",
" - AppArmor prompting (experimental): disallow /./ and /../ in path",
" patterns",
" - LP: #2090938 Fix 'snap run' getent based user lookup in case of bad PATH",
" - Fix snapd using the incorrect AppArmor version during undo of an",
" refresh for regenerating snap profiles",
" - Add new syscalls to base templates",
" - hardware-observe interface: allow riscv_hwprobe syscall",
" - mount-observe interface: allow listmount and statmount syscalls",
""
],
"package": "snapd",
"version": "2.67.1+24.04",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2089691,
2090938
],
"author": "Ernest Lotter <ernest.lotter@canonical.com>",
"date": "Wed, 15 Jan 2025 22:02:37 +0200"
},
{
"cves": [],
"log": [
"",
" - AppArmor prompting (experimental): allow overlapping rules",
" - Registry view (experimental): Changes to registry data (from both",
" users and snaps) can be validated and saved by custodian snaps",
" - Registry view (experimental): Support 'snapctl get --pristine' to",
" read the registry data excluding staged transaction changes",
" - Registry view (experimental): Put registry commands behind",
" experimental feature flag",
" - Components: Make modules shipped/created by kernel-modules",
" components available right after reboot",
" - Components: Add tab completion for local component files",
" - Components: Allow installing snaps and components from local files",
" jointly on the CLI",
" - Components: Allow 'snapctl model' command for gadget and kernel",
" snaps",
" - Components: Add 'snap components' command",
" - Components: Bug fixes",
" - eMMC gadget updates (WIP): add syntax support in gadget.yaml for",
" eMMC schema",
" - Support for ephemeral recovery mode on hybrid systems",
" - Support for dm-verity options in snap-bootstrap",
" - Support for overlayfs options and allow empty what argument for",
" tmpfs",
" - Enable ubuntu-image to determine the size of the disk image to",
" create",
" - Expose 'snap debug' commands 'validate-seed' and 'seeding'",
" - Add debug API option to use dedicated snap socket /run/snapd-",
" snap.socket",
" - Hide experimental features that are no longer required",
" (accepted/rejected)",
" - Mount ubuntu-save partition with no{exec,dev,suid} at install, run",
" and factory-reset",
" - Improve memory controller support with cgroup v2",
" - Support ssh socket activation configurations (used by ubuntu",
" 22.10+)",
" - Fix generation of AppArmor profile with incorrect revision during",
" multi snap refresh",
" - LP: #2084730 Fix refresh app awareness related deadlock edge case",
" - Fix not caching delta updated snap download",
" - Fix passing non root uid, guid to initial tmpfs mount",
" - Fix ignoring snaps in try mode when amending",
" - LP: #2083961 Fix reloading of service activation units to avoid systemd errors",
" - Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS",
" updates PPA",
" - Make killing of snap apps best effort to avoid possibility of",
" malicious failure loop",
" - Alleviate impact of auto-refresh failure loop with progressive",
" delay",
" - LP: #2085535 Dropped timedatex in selinux-policy to avoid runtime issue",
" - Fix missing syscalls in seccomp profile",
" - Modify AppArmor template to allow using SNAP_REEXEC on arch",
" systems",
" - Modify AppArmor template to allow using vim.tiny (available in",
" base snaps)",
" - Modify AppArmor template to add read-access to debian_version",
" - Modify AppArmor template to allow owner to read",
" @{PROC}/@{pid}/sessionid",
" - {common,personal,system}-files interface: prohibit trailing @ in",
" filepaths",
" - {desktop,shutdown,system-observe,upower-observe} interface:",
" improve for Ubuntu Core Desktop",
" - custom-device interface: allow @ in custom-device filepaths",
" - desktop interface: improve launch entry and systray integration",
" with session",
" - desktop-legacy interface: allow DBus access to",
" com.canonical.dbusmenu",
" - fwupd interface: allow access to nvmem for thunderbolt plugin",
" - mpris interface: add plasmashell as label",
" - mount-control interface: add support for nfs mounts",
" - LP: #2086203 network-{control,manager} interface: add missing dbus link rules",
" - network-manager-observe interface: add getDevices methods",
" - opengl interface: add Kernel Fusion Driver access to opengl",
" - screen-inhibit-control interface: improve screen inhibit control",
" for use on core",
" - udisks2 interface: allow ping of the UDisks2 service",
" - u2f-devices interface: add Nitrokey Passkey",
""
],
"package": "snapd",
"version": "2.67+24.04",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2084730,
2083961,
2085535,
2086203
],
"author": "Ernest Lotter <ernest.lotter@canonical.com>",
"date": "Mon, 02 Dec 2024 23:14:24 +0200"
},
{
"cves": [],
"log": [
"",
" * New upstream release, LP: #2083490",
" - AppArmor prompting (experimental): Fix kernel prompting support",
" check",
" - Allow kernel snaps to have content slots",
" - Fix ignoring snaps in try mode when amending",
""
],
"package": "snapd",
"version": "2.66.1",
"urgency": "medium",
"distributions": "xenial",
"launchpad_bugs_fixed": [
2083490
],
"author": "Ernest Lotter <ernest.lotter@canonical.com>",
"date": "Fri, 11 Oct 2024 10:05:46 +0200"
}
],
"notes": null,
"is_version_downgrade": false
},
{
"name": "sosreport",
"from_version": {
"source_package_name": "sosreport",
"source_package_version": "4.7.2-0ubuntu1~24.04.2",
"version": "4.7.2-0ubuntu1~24.04.2"
},
"to_version": {
"source_package_name": "sosreport",
"source_package_version": "4.8.2-0ubuntu0~24.04.1",
"version": "4.8.2-0ubuntu0~24.04.1"
},
"cves": [],
"launchpad_bugs_fixed": [
2091858
],
"changes": [
{
"cves": [],
"log": [
"",
" * New 4.8.2 upstream release. (LP: #2091858)",
"",
" * For more details, full release note is available here:",
" - https://github.com/sosreport/sos/releases/tag/4.8.2",
"",
" * d/t/simple.sh:",
" - Fix the IP address check, and escape the periods for grepping the IP",
" address on the files to check if the IP address is being masked or not.",
" - Replace \"sosreport\" with \"sos report\". The old command is now deprecated,",
" and should be \"sos report\" in all places.",
" - Fix S01autopkgtest and autopkgtest-run mis-represented as a hostname.",
"",
" * Former patches, now fixed:",
" - d/p/0003-sunbeam_hypervisor-Fix-obfuscation-for-ceilometer-an.patch",
" - d/p/0004-heat-Obfuscate-Add-auth_encryption_key-in-config.patch",
" - d/p/0005-placement-Obfuscate-passwords-that-have-been-missed.patch",
" - d/p/0006-mysql-Add-obfuscation-for-password-in-conf-files.patch",
"",
" * Remaining patches:",
" - d/p/0001-debian-change-tmp-dir-location.patch",
""
],
"package": "sosreport",
"version": "4.8.2-0ubuntu0~24.04.1",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2091858
],
"author": "Arif Ali <arif-ali@canonical.com>",
"date": "Mon, 16 Dec 2024 11:14:47 +0000"
}
],
"notes": null,
"is_version_downgrade": false
}
],
"snap": []
},
"added": {
"deb": [
{
"name": "linux-headers-6.8.0-55",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2097981,
2089411
],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * noble/linux: 6.8.0-55.57 -proposed tracker (LP: #2097981)",
"",
" * python perf module missing in realtime kernel (LP: #2089411)",
" - [Packaging] linux-tools: Add missing python perf symlink",
" - [Packaging] linux-tools: Fix python perf library packaging",
" - [Packaging] linux-tools: Fall back to old python perf path",
"",
" * CVE-2024-53104",
" - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in",
" uvc_parse_format",
""
],
"package": "linux",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2097981,
2089411
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 20:54:42 +0100"
}
],
"notes": "linux-headers-6.8.0-55 version '6.8.0-55.57' (source package linux version '6.8.0-55.57') was added. linux-headers-6.8.0-55 version '6.8.0-55.57' has the same source package name, linux, as removed package linux-headers-6.8.0-54. As such we can use the source package version of the removed package, '6.8.0-54.56', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.",
"is_version_downgrade": false
},
{
"name": "linux-headers-6.8.0-55-generic",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2097981,
2089411
],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * noble/linux: 6.8.0-55.57 -proposed tracker (LP: #2097981)",
"",
" * python perf module missing in realtime kernel (LP: #2089411)",
" - [Packaging] linux-tools: Add missing python perf symlink",
" - [Packaging] linux-tools: Fix python perf library packaging",
" - [Packaging] linux-tools: Fall back to old python perf path",
"",
" * CVE-2024-53104",
" - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in",
" uvc_parse_format",
""
],
"package": "linux",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2097981,
2089411
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 20:54:42 +0100"
}
],
"notes": "linux-headers-6.8.0-55-generic version '6.8.0-55.57' (source package linux version '6.8.0-55.57') was added. linux-headers-6.8.0-55-generic version '6.8.0-55.57' has the same source package name, linux, as removed package linux-headers-6.8.0-54. As such we can use the source package version of the removed package, '6.8.0-54.56', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.",
"is_version_downgrade": false
},
{
"name": "linux-image-6.8.0-55-generic",
"from_version": {
"source_package_name": "linux-signed",
"source_package_version": "6.8.0-54.56",
"version": null
},
"to_version": {
"source_package_name": "linux-signed",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [],
"launchpad_bugs_fixed": [
1786013
],
"changes": [
{
"cves": [],
"log": [
"",
" * Main version: 6.8.0-55.57",
"",
" * Packaging resync (LP: #1786013)",
" - [Packaging] debian/tracking-bug -- resync from main package",
""
],
"package": "linux-signed",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
1786013
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 19:44:58 +0100"
}
],
"notes": "linux-image-6.8.0-55-generic version '6.8.0-55.57' (source package linux-signed version '6.8.0-55.57') was added. linux-image-6.8.0-55-generic version '6.8.0-55.57' has the same source package name, linux-signed, as removed package linux-image-6.8.0-54-generic. As such we can use the source package version of the removed package, '6.8.0-54.56', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.",
"is_version_downgrade": false
},
{
"name": "linux-modules-6.8.0-55-generic",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2097981,
2089411
],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * noble/linux: 6.8.0-55.57 -proposed tracker (LP: #2097981)",
"",
" * python perf module missing in realtime kernel (LP: #2089411)",
" - [Packaging] linux-tools: Add missing python perf symlink",
" - [Packaging] linux-tools: Fix python perf library packaging",
" - [Packaging] linux-tools: Fall back to old python perf path",
"",
" * CVE-2024-53104",
" - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in",
" uvc_parse_format",
""
],
"package": "linux",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2097981,
2089411
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 20:54:42 +0100"
}
],
"notes": "linux-modules-6.8.0-55-generic version '6.8.0-55.57' (source package linux version '6.8.0-55.57') was added. linux-modules-6.8.0-55-generic version '6.8.0-55.57' has the same source package name, linux, as removed package linux-headers-6.8.0-54. As such we can use the source package version of the removed package, '6.8.0-54.56', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.",
"is_version_downgrade": false
},
{
"name": "linux-tools-6.8.0-55",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2097981,
2089411
],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * noble/linux: 6.8.0-55.57 -proposed tracker (LP: #2097981)",
"",
" * python perf module missing in realtime kernel (LP: #2089411)",
" - [Packaging] linux-tools: Add missing python perf symlink",
" - [Packaging] linux-tools: Fix python perf library packaging",
" - [Packaging] linux-tools: Fall back to old python perf path",
"",
" * CVE-2024-53104",
" - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in",
" uvc_parse_format",
""
],
"package": "linux",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2097981,
2089411
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 20:54:42 +0100"
}
],
"notes": "linux-tools-6.8.0-55 version '6.8.0-55.57' (source package linux version '6.8.0-55.57') was added. linux-tools-6.8.0-55 version '6.8.0-55.57' has the same source package name, linux, as removed package linux-headers-6.8.0-54. As such we can use the source package version of the removed package, '6.8.0-54.56', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.",
"is_version_downgrade": false
},
{
"name": "linux-tools-6.8.0-55-generic",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-55.57",
"version": "6.8.0-55.57"
},
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2097981,
2089411
],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-53104",
"url": "https://ubuntu.com/security/CVE-2024-53104",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * noble/linux: 6.8.0-55.57 -proposed tracker (LP: #2097981)",
"",
" * python perf module missing in realtime kernel (LP: #2089411)",
" - [Packaging] linux-tools: Add missing python perf symlink",
" - [Packaging] linux-tools: Fix python perf library packaging",
" - [Packaging] linux-tools: Fall back to old python perf path",
"",
" * CVE-2024-53104",
" - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in",
" uvc_parse_format",
""
],
"package": "linux",
"version": "6.8.0-55.57",
"urgency": "medium",
"distributions": "noble",
"launchpad_bugs_fixed": [
2097981,
2089411
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Wed, 12 Feb 2025 20:54:42 +0100"
}
],
"notes": "linux-tools-6.8.0-55-generic version '6.8.0-55.57' (source package linux version '6.8.0-55.57') was added. linux-tools-6.8.0-55-generic version '6.8.0-55.57' has the same source package name, linux, as removed package linux-headers-6.8.0-54. As such we can use the source package version of the removed package, '6.8.0-54.56', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.",
"is_version_downgrade": false
}
],
"snap": []
},
"removed": {
"deb": [
{
"name": "linux-headers-6.8.0-54",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null,
"is_version_downgrade": false
},
{
"name": "linux-headers-6.8.0-54-generic",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null,
"is_version_downgrade": false
},
{
"name": "linux-image-6.8.0-54-generic",
"from_version": {
"source_package_name": "linux-signed",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null,
"is_version_downgrade": false
},
{
"name": "linux-modules-6.8.0-54-generic",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null,
"is_version_downgrade": false
},
{
"name": "linux-tools-6.8.0-54",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null,
"is_version_downgrade": false
},
{
"name": "linux-tools-6.8.0-54-generic",
"from_version": {
"source_package_name": "linux",
"source_package_version": "6.8.0-54.56",
"version": "6.8.0-54.56"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null,
"is_version_downgrade": false
}
],
"snap": []
},
"notes": "Changelog diff for Ubuntu 24.04 noble image from release image serial 20250228 to 20250313",
"from_series": "noble",
"to_series": "noble",
"from_serial": "20250228",
"to_serial": "20250313",
"from_manifest_filename": "release_manifest.previous",
"to_manifest_filename": "manifest.current"
}