CasperSecurity
17/03/2026, commit https://github.com/canonical/core-base/tree/37b6ca6eae54cbf2ce64fe2c836b59ee1438f27f
[ Changes in the core24 snap ]
No detected changes for the core24 snap
[ Changes in primed packages ]
cloud-init (built from cloud-init) updated from 25.2-0ubuntu1~24.04.1 to 25.3-0ubuntu1~24.04.1:
cloud-init (25.3-0ubuntu1~24.04.1) noble; urgency=medium
* d/p/retain-setuptools.patch: avoid upstream switch to meson build backend.
* refresh patches:
- d/p/no-nocloud-network.patch
- d/p/no-single-process.patch
- d/p/grub-dpkg-support.patch
* Upstream snapshot based on 25.3. (LP: #2131604).
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.3/ChangeLog
-- Chad Smith <chad.smith@canonical.com> Sat, 15 Nov 2025 11:02:56 -0700
libexpat1:amd64 (built from expat) updated from 2.6.1-2ubuntu0.3 to 2.6.1-2ubuntu0.4:
expat (2.6.1-2ubuntu0.4) noble-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2026-24515.patch: updates
XML_ExternalEntityParserCreate to copy unknown encoding handler user
data in expat/lib/xmlparse.c.
- CVE-2026-24515
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2026-25210*.patch: adds an integer overflow check for
tag buffer reallocation in the doContent function of
expat/lib/xmlparse.c.
- CVE-2026-25210
-- Ian Constantin <ian.constantin@canonical.com> Wed, 04 Feb 2026 17:24:08 +0200
libfreetype6:amd64 (built from freetype) updated from 2.13.2+dfsg-1build3 to 2.13.2+dfsg-1ubuntu0.1:
freetype (2.13.2+dfsg-1ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: Integer Overflow
- debian/patches/CVE-2026-23865.patch: Check for overflow in array
size computation
- CVE-2026-23865
-- Bruce Cable <bruce.cable@canonical.com> Tue, 10 Mar 2026 17:40:24 +1100
gcc-14-base:amd64, gcc-14-base:i386, libgcc-s1:amd64, libgcc-s1:i386, libstdc++6:amd64 (built from gcc-14) updated from 14.2.0-4ubuntu2~24.04 to 14.2.0-4ubuntu2~24.04.1:
gcc-14 (14.2.0-4ubuntu2~24.04.1) noble; urgency=medium
* d/p/pr118976.diff: Fix memory corruption when executing 256-bit
Scalable Vector Extensions code on 128-bit CPUs (LP: #2101084).
-- Vladimir Petko <vladimir.petko@canonical.com> Fri, 19 Dec 2025 10:36:50 +1300
gnutls-bin, libgnutls-dane0t64:amd64, libgnutls30t64:amd64 (built from gnutls28) updated from 3.8.3-1.1ubuntu3.4 to 3.8.3-1.1ubuntu3.5:
gnutls28 (3.8.3-1.1ubuntu3.5) noble-security; urgency=medium
* SECURITY UPDATE: DoS via malicious certificates
- debian/patches/CVE-2025-14831-*.patch: rework processing algorithms
to exhibit better performance characteristics in
lib/x509/name_constraints.c, tests/name-constraints-ip.c.
- CVE-2025-14831
* SECURITY UPDATE: stack overflow via long token label
- debian/patches/CVE-2025-9820.patch: avoid stack overwrite when
initializing a token in lib/pkcs11_write.c, tests/Makefile.am,
tests/pkcs11/long-label.c.
- CVE-2025-9820
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 10 Feb 2026 11:09:12 -0500
libpng16-16t64:amd64 (built from libpng1.6) updated from 1.6.43-5ubuntu0.4 to 1.6.43-5ubuntu0.5:
libpng1.6 (1.6.43-5ubuntu0.5) noble-security; urgency=medium
* SECURITY UPDATE: OOB read in png_set_quantize()
- debian/patches/CVE-2026-25646.patch: fix a heap buffer overflow in
pngrtran.c.
- CVE-2026-25646
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 11 Feb 2026 09:27:12 -0500
opensc, opensc-pkcs11:amd64 (built from opensc) updated from 0.25.0~rc1-1ubuntu0.1~esm1 to 0.25.0~rc1-1ubuntu0.2+esm1:
opensc (0.25.0~rc1-1ubuntu0.2+esm1) noble-security; urgency=medium
* SECURITY UPDATE: Missing variable initialization
- debian/patches/CVE-2024-45615-1.patch: Fix uninitialized values
- debian/patches/CVE-2024-45615-2.patch: Initialize variables for tag and
CLA
- debian/patches/CVE-2024-45615-3.patch: Initialize OID length
- debian/patches/CVE-2024-45615-4.patch: Initialize variables for tag and
CLA
- debian/patches/CVE-2024-45615-5.patch: Avoid using uninitialized memory
- debian/patches/CVE-2024-45617-1.patch: Check return value when selecting
AID
- debian/patches/CVE-2024-45617-2.patch: Return error when response length
is 0
- debian/patches/CVE-2024-45617-3.patch: Check number of read bytes
- debian/patches/CVE-2024-45618-1.patch: Check return value of serial num
conversion
- debian/patches/CVE-2024-45618-2.patch: Report transport key error
- CVE-2024-45615
- CVE-2024-45617
- CVE-2024-45618
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2024-45616-1.patch: Fix uninitialized values
- debian/patches/CVE-2024-45616-2.patch: Check length of APDU response
- debian/patches/CVE-2024-45616-3.patch: Correctly calculate certificate
length based on the resplen
- debian/patches/CVE-2024-45616-4.patch: Check length of serial number
- debian/patches/CVE-2024-45616-5.patch: Use actual length of reponse
buffer
- debian/patches/CVE-2024-45616-6.patch: Check length of response buffer
in select
- debian/patches/CVE-2024-45616-7.patch: Check APDU response length and
ASN1 lengths
- debian/patches/CVE-2024-45616-8.patch: Report invalid SW when reading
object
- debian/patches/CVE-2024-45616-9.patch: Avoid using uninitialized memory
- debian/patches/CVE-2024-45616-10.patch: Check length of serial number
- debian/patches/CVE-2024-45619-1.patch: Check number of read bytes for cert
- debian/patches/CVE-2024-45619-2.patch: Check certificate length before
accessing
- debian/patches/CVE-2024-45619-3.patch: Check length of buffer for object
- debian/patches/CVE-2024-45619-4.patch: Check length of generated key
- debian/patches/CVE-2024-45619-5.patch: Properly check length of file list
- debian/patches/CVE-2024-45619-6.patch: Check length of buffer before
conversion
- debian/patches/CVE-2024-45620-1.patch: Check length of file to be non-zero
- debian/patches/CVE-2024-45620-2.patch: Check length of data before
dereferencing
- debian/patches/CVE-2024-45620-3.patch: Check length of data when parsing
- debian/patches/CVE-2024-8443-1.patch: Avoid buffer overflow when writing
fingerprint
- debian/patches/CVE-2024-8443-2.patch: Do not accept non-matching key
-- Eduardo Barretto <eduardo.barretto@canonical.com> Wed, 25 Feb 2026 14:46:47 +0100
opensc (0.25.0~rc1-1ubuntu0.2) noble-security; urgency=medium
* No-change rebuild to security
-- Eduardo Barretto <eduardo.barretto@canonical.com> Mon, 16 Feb 2026 17:57:28 +0100
opensc (0.25.0~rc1-1ubuntu0.1) noble; urgency=medium
* Load FIPS provider by default when system is in FIPS mode
d/p/lp2127205-Load-FIPS-provider-by-default-when-system-is-in-FIPS.patch
(LP: #2127205)
-- Dariusz Gadomski <dgadomski@ubuntu.com> Mon, 26 Jan 2026 17:19:21 +0100
openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:9.6p1-3ubuntu13.14 to 1:9.6p1-3ubuntu13.15:
openssh (1:9.6p1-3ubuntu13.15) noble-security; urgency=medium
* SECURITY UPDATE: GSSAPI Key Exchange issue
- debian/patches/gssapi.patch: replace incorrect use of
sshpkt_disconnect() with ssh_packet_disconnect() and properly
initialize some vars.
- CVE-2026-3497
* SECURITY UPDATE: Untrusted control characters in usernames
- debian/patches/CVE-2025-61984.patch: refuse usernames that include
control characters in ssh.c.
- CVE-2025-61984
* SECURITY UPDATE: Code execution in ProxyCommand via NULL character
- debian/patches/CVE-2025-61985.patch: don't allow \0 characters in
url-encoded strings in misc.c.
- CVE-2025-61985
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 04 Mar 2026 12:55:04 -0500
python3-cryptography (built from python-cryptography) updated from 41.0.7-4ubuntu0.1 to 41.0.7-4ubuntu0.4:
python-cryptography (41.0.7-4ubuntu0.4) noble-security; urgency=medium
* SECURITY REGRESSION: ecc support regression (LP: #2144373)
- debian/patches/CVE-2026-26007.patch: updated to remove problematic
deprecation warning code which is causing a regression with ansible.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Sat, 14 Mar 2026 08:18:05 -0400
python-cryptography (41.0.7-4ubuntu0.3) noble-security; urgency=medium
* SECURITY UPDATE: Subgroup Attack Due to Missing Subgroup Validation for
SECT Curves
- debian/patches/CVE-2026-26007.patch: EC check key on cofactor > 1 in
src/cryptography/hazmat/primitives/asymmetric/ec.py,
src/cryptography/utils.py, tests/hazmat/primitives/test_ec.py,
src/_cffi_src/openssl/ec.py,
src/cryptography/hazmat/backends/openssl/ec.py.
- CVE-2026-26007
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Feb 2026 09:45:35 -0500
libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.11 to 3.12.3-1ubuntu0.12:
python3.12 (3.12.3-1ubuntu0.12) noble-security; urgency=medium
* SECURITY REGRESSION: Revert patch for CVE-2025-15366
- debian/patches/CVE-2025-15366.patch: Reverted. Patch breaks RFC
9051 IMAP conformance and introduces behavior regressions avoided
by upstream.
- CVE-2025-15366
* SECURITY REGRESSION: Revert patch for CVE-2025-15367
- debian/patches/CVE-2025-15367.patch: Reverted to prevent behavior
regressions, aligning with upstream backporting decisions.
- CVE-2025-15367
* SECURITY REGRESSION: Allow HTAB in wsgiref header values
- debian/patches/CVE-2026-0865-2.patch: Permit HTAB in header values
(excluding names) in Lib/wsgiref/headers.py, add test coverage.
- CVE-2026-0865
-- Vyom Yadav <vyom.yadav@canonical.com> Tue, 03 Mar 2026 17:45:18 +0530
sudo (built from sudo) updated from 1.9.15p5-3ubuntu5.24.04.1 to 1.9.15p5-3ubuntu5.24.04.2:
sudo (1.9.15p5-3ubuntu5.24.04.2) noble-security; urgency=medium
* SECURITY UPDATE: exec_mailer gid issue (LP: #2143042)
- debian/patches/lp2143042.patch: set group as well as uid when running
the mailer and make a setuid(), setgid() or setgroups() failure fatal
in include/sudo_eventlog.h, lib/eventlog/eventlog.c,
lib/eventlog/eventlog_conf.c, plugins/sudoers/logging.c,
plugins/sudoers/policy.c.
- No CVE number
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 02 Mar 2026 07:56:19 -0500
bsdutils, fdisk, libblkid1:amd64, libfdisk1:amd64, libmount1:amd64, libsmartcols1:amd64, libuuid1:amd64, mount, rfkill, util-linux (built from util-linux) updated from 1:2.39.3-9ubuntu6.4 to 1:2.39.3-9ubuntu6.5:
vim-common, vim-tiny (built from vim) updated from 2:9.1.0016-1ubuntu7.9 to 2:9.1.0016-1ubuntu7.10:
vim (2:9.1.0016-1ubuntu7.10) noble-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow
- debian/patches/CVE-2026-26269.patch: Limit writing to max KEYBUFLEN
bytes to prevent writing out of bounds.
- debian/patches/CVE-2026-28420.patch: Use VTERM_MAX_CHARS_PER_CELL * 4
for ga_grow() to ensure sufficient space. Add a boundary check to the
character loop to prevent index out-of-bounds access.
- debian/patches/CVE-2026-28422.patch: Update the size check to account
for the byte length of the fill character (using MB_CHAR2LEN).
- debian/patches/CVE-2026-25749.patch: Limit strncpy to the length
of the buffer (MAXPATHL)
- CVE-2026-26269
- CVE-2026-28420
- CVE-2026-28422
- CVE-2026-25749
* SECURITY UPDATE: Command Injection
- debian/patches/CVE-2026-28417.patch: Implement stricter RFC1123
hostname and IP validation. Use shellescape() for the provided
hostname and port.
- CVE-2026-28417
* SECURITY UPDATE: Out of Bounds Read
- debian/patches/CVE-2026-28418.patch: Check for end of buffer
and return early.
- CVE-2026-28418
* SECURITY UPDATE: Buffer Underflow
- debian/patches/CVE-2026-28419.patch: Add a check to ensure the
delimiter (p_7f) is not at the start of the buffer (lbuf) before
attempting to isolate the tag name.
- CVE-2026-28419
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2026-28421.patch: Add bounds checks on
pe_page_count and pe_bnum against mf_blocknr_max before descending
into the block tree, and validate pe_old_lnum >= 1 and
pe_line_count > 0 before calling readfile().
- CVE-2026-28421
-- Bruce Cable <bruce.cable@canonical.com> Tue, 10 Mar 2026 20:13:01 +1100
wpasupplicant (built from wpa) updated from 2:2.10-21ubuntu0.3 to 2:2.10-21ubuntu0.4:
wpa (2:2.10-21ubuntu0.4) noble; urgency=medium
* Add SaePasswordMismatch signal handling (LP: #2125203)
-- Mitchell Augustin <mitchell.augustin@canonical.com> Wed, 04 Feb 2026 17:33:00 -0600
11/02/2026, commit https://github.com/canonical/core-base/tree/37b6ca6eae54cbf2ce64fe2c836b59ee1438f27f
[ Changes in the core24 snap ]
Alfonso Sánchez-Beato (1):
hooks: add script to remove unneeded apparmor profiles
[ Changes in primed packages ]
base-files (built from base-files) updated from 13ubuntu10.3 to 13ubuntu10.4:
base-files (13ubuntu10.4) noble; urgency=medium
* /etc/issue{,.net}, /etc/{lsb,os}-release: bump version to 24.04.4
(LP: #2140756)
-- Florent 'Skia' Jacquet <skia@ubuntu.com> Fri, 06 Feb 2026 08:23:01 +0100
libglib2.0-0t64:amd64 (built from glib2.0) updated from 2.80.0-6ubuntu3.6 to 2.80.0-6ubuntu3.8:
glib2.0 (2.80.0-6ubuntu3.8) noble-security; urgency=medium
* SECURITY UPDATE: integer overflow in Base64 encoding
- debian/patches/CVE-2026-1484-1.patch: use gsize to prevent potential
overflow in glib/gbase64.c.
- debian/patches/CVE-2026-1484-2.patch: ensure that the out value is
within allocated size in glib/gbase64.c.
- CVE-2026-1484
* SECURITY UPDATE: buffer underflow via header length
- debian/patches/CVE-2026-1485.patch: do not overflow if header is
longer than MAXINT in gio/gcontenttype.c.
- CVE-2026-1485
* SECURITY UPDATE: integer overflow via Unicode case conversion
- debian/patches/CVE-2026-1489-1.patch: use size_t for output_marks
length in glib/guniprop.c.
- debian/patches/CVE-2026-1489-2.patch: do not convert size_t to gint
in glib/guniprop.c.
- debian/patches/CVE-2026-1489-3.patch: ensure we do not overflow size
in glib/guniprop.c.
- debian/patches/CVE-2026-1489-4.patch: add test debug information when
parsing input files in glib/tests/unicode.c.
- CVE-2026-1489
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 28 Jan 2026 12:53:07 -0500
glib2.0 (2.80.0-6ubuntu3.7) noble-security; urgency=medium
* SECURITY UPDATE: Integer overflow in g_buffered_input_stream_peek()
- debian/patches/CVE-2026-0988.patch: fix a potential integer overflow
in peek() in gio/gbufferedinputstream.c,
gio/tests/buffered-input-stream.c.
- CVE-2026-0988
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 20 Jan 2026 08:08:27 -0500
libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.39-0ubuntu8.6 to 2.39-0ubuntu8.7:
glibc (2.39-0ubuntu8.7) noble-security; urgency=medium
* SECURITY UPDATE: use-after-free in wordexp_t fields
- debian/patches/CVE-2025-15281.patch: posix: Reset wordexp_t fields
with WRDE_REUSE
- CVE-2025-15281
* SECURITY UPDATE: integer overflow in memalign
- debian/patches/CVE-2026-0861.patch: memalign: reinstate alignment
overflow check
- CVE-2026-0861
* SECURITY UPDATE: memory leak in NSS DNS
- debian/patches/CVE-2026-0915.patch: resolv: Fix NSS DNS backend for
getnetbyaddr
- CVE-2026-0915
-- Nishit Majithia <nishit.majithia@canonical.com> Fri, 30 Jan 2026 13:57:54 +0530
gpgv (built from gnupg2) updated from 2.4.4-2ubuntu17.3 to 2.4.4-2ubuntu17.4:
gnupg2 (2.4.4-2ubuntu17.4) noble-security; urgency=medium
* SECURITY UPDATE: Remote Code Execution
- debian/patches/CVE-2025-68973.patch: gpg: Fix possible memory
corruption in the armor parser.
- CVE-2025-68973
-- Allen Huang <allen.huang@canonical.com> Mon, 05 Jan 2026 22:01:39 +0000
libdrm-common, libdrm2:amd64 (built from libdrm) updated from 2.4.122-1~ubuntu0.24.04.2 to 2.4.125-1ubuntu0.1~24.04.1:
libdrm (2.4.125-1ubuntu0.1~24.04.1) noble; urgency=medium
* Backport to noble. (LP: #2126037)
- amdgpu-add-env-support-for-amdgpu-ids.patch dropped as it has
changed on the upstream merge request and hasn't landed yet
-- Timo Aaltonen <tjaalton@debian.org> Fri, 07 Nov 2025 14:50:51 +0200
libdrm (2.4.125-1ubuntu0.1) questing; urgency=medium
* patches: Identify APUs from hardware (LP: #2127944)
-- Timo Aaltonen <tjaalton@debian.org> Fri, 24 Oct 2025 17:43:46 +0300
libdrm (2.4.125-1) experimental; urgency=medium
[ Jianfeng Liu ]
* Enable build libdrm-intel1 for loong64. (Closes: #1107223)
[ Timo Aaltonen ]
* New upstream release.
* patches: Drop the upstreamed fix for xf86drm.
* symbols: Updated.
-- Timo Aaltonen <tjaalton@debian.org> Wed, 25 Jun 2025 10:46:34 +0300
libdrm (2.4.124-2) unstable; urgency=medium
[ Daniel van Vugt ]
* Add xf86drm-Handle-NULL-in-drmCopyVersion.patch (LP: #2104352)
[ Bo YU ]
* Enable building libdrm-intel1 for riscv64 (Closes: #1085314)
-- Timo Aaltonen <tjaalton@debian.org> Tue, 01 Apr 2025 11:08:19 +0300
libdrm (2.4.124-1) unstable; urgency=medium
* New upstream release.
* amdgpu-add-env-support-for-amdgpu-ids.patch: Add a patch to allow
using an env variable for amdgpu.ids path. (LP: #2100483)
-- Timo Aaltonen <tjaalton@debian.org> Thu, 27 Feb 2025 14:57:25 +0200
libdrm (2.4.123-1) unstable; urgency=medium
* New upstream release.
* Add upstream metadata, drop old git url from d/watch.
* Update signing-key.asc.
-- Timo Aaltonen <tjaalton@debian.org> Tue, 10 Sep 2024 11:03:50 +0300
libdrm (2.4.122-1) unstable; urgency=medium
* New upstream release. (Closes: #1059854)
* control: Migrate to pkgconf.
-- Timo Aaltonen <tjaalton@debian.org> Thu, 01 Aug 2024 13:52:56 +0300
libpng16-16t64:amd64 (built from libpng1.6) updated from 1.6.43-5ubuntu0.1 to 1.6.43-5ubuntu0.4:
libpng1.6 (1.6.43-5ubuntu0.4) noble-security; urgency=medium
* SECURITY UPDATE: DoS via buffer overflow caused by memory leaks
- debian/patches/CVE-2025-2816x.patch: clean up on user/internal errors
in contrib/libtests/pngimage.c, pngerror.c.
- CVE-2025-28162
- CVE-2025-28164
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 29 Jan 2026 11:18:41 -0500
libpng1.6 (1.6.43-5ubuntu0.3) noble-security; urgency=medium
* SECURITY UPDATE: OOB in png_image_read_composite
- debian/patches/CVE-2025-66293-1.patch: validate component size in
pngread.c.
- debian/patches/CVE-2025-66293-2.patch: improve fix in pngread.c.
- CVE-2025-66293
* SECURITY UPDATE: Heap buffer over-read in png_image_read_direct_scaled
- debian/patches/CVE-2026-22695.patch: fix memcpy size in pngread.c.
- CVE-2026-22695
* SECURITY UPDATE: Integer truncation causing heap buffer over-read
- debian/patches/CVE-2026-22801.patch: remove incorrect truncation
casts in CMakeLists.txt, contrib/libtests/pngstest.c, pngwrite.c,
tests/pngstest-large-stride.
- CVE-2026-22801
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 12 Jan 2026 13:14:03 -0500
libtasn1-6:amd64 (built from libtasn1-6) updated from 4.19.0-3ubuntu0.24.04.1 to 4.19.0-3ubuntu0.24.04.2:
libtasn1-6 (4.19.0-3ubuntu0.24.04.2) noble-security; urgency=medium
* SECURITY UPDATE: Stack-based buffer overflow
- debian/patches/CVE-2025-13151.patch: fix asn1_expand_octet_string
buffer size in lib/decoding.c.
- CVE-2025-13151
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 08 Jan 2026 12:24:41 -0500
libssl3t64:amd64, openssl (built from openssl) updated from 3.0.13-0ubuntu3.6 to 3.0.13-0ubuntu3.7:
openssl (3.0.13-0ubuntu3.7) noble-security; urgency=medium
* SECURITY UPDATE: Stack buffer overflow in CMS AuthEnvelopedData parsing
- debian/patches/CVE-2025-15467-1.patch: correct handling of
AEAD-encrypted CMS with inadmissibly long IV in crypto/evp/evp_lib.c.
- debian/patches/CVE-2025-15467-2.patch: some comments to clarify
functions usage in crypto/asn1/evp_asn1.c.
- debian/patches/CVE-2025-15467-3.patch: test for handling of
AEAD-encrypted CMS with inadmissibly long IV in test/cmsapitest.c,
test/recipes/80-test_cmsapi.t,
test/recipes/80-test_cmsapi_data/encDataWithTooLongIV.pem.
- CVE-2025-15467
* SECURITY UPDATE: Heap out-of-bounds write in BIO_f_linebuffer on short
writes
- debian/patches/CVE-2025-68160.patch: fix heap buffer overflow in
BIO_f_linebuffer in crypto/bio/bf_lbuf.c.
- CVE-2025-68160
* SECURITY UPDATE: Unauthenticated/unencrypted trailing bytes with
low-level OCB function calls
- debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path
unauthenticated/unencrypted trailing bytes in crypto/modes/ocb128.c.
- CVE-2025-69418
* SECURITY UPDATE: Out of bounds write in PKCS12_get_friendlyname() UTF-8
conversion
- debian/patches/CVE-2025-69419.patch: check return code of UTF8_putc
in crypto/asn1/a_strex.c, crypto/pkcs12/p12_utl.c.
- CVE-2025-69419
* SECURITY UPDATE: Missing ASN1_TYPE validation in
TS_RESP_verify_response() function
- debian/patches/CVE-2025-69420.patch: verify ASN1 object's types
before attempting to access them as a particular type in
crypto/ts/ts_rsp_verify.c.
- CVE-2025-69420
* SECURITY UPDATE: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex
- debian/patches/CVE-2025-69421.patch: add NULL check in
crypto/pkcs12/p12_decr.c.
- CVE-2025-69421
* SECURITY UPDATE: ASN1_TYPE missing validation and type confusion
- debian/patches/CVE-2026-2279x.patch: ensure ASN1 types are checked
before use in apps/s_client.c, crypto/pkcs12/p12_kiss.c,
crypto/pkcs7/pk7_doit.c.
- CVE-2026-22795
- CVE-2026-22796
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 26 Jan 2026 07:31:31 -0500
python3-urllib3 (built from python-urllib3) updated from 2.0.7-1ubuntu0.3 to 2.0.7-1ubuntu0.6:
python-urllib3 (2.0.7-1ubuntu0.6) noble-security; urgency=medium
* SECURITY REGRESSION: Zstandard missing attribute after CVE-2025-66471 fix.
(LP: #2136906)
- debian/patches/CVE-2025-66471-fix2.patch: Fall back if "needs_input" is
not a zstd object attribute in src/urllib3/response.py.
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Tue, 13 Jan 2026 09:34:51 -0330
python-urllib3 (2.0.7-1ubuntu0.5) noble-security; urgency=medium
* SECURITY REGRESSION: Zstd issues after CVE-2025-66471 fix. (LP: #2136906)
- debian/patches/CVE-2025-66471-fix1.patch: Revert zstd fix due to not
being compatible with zstandard.
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 12 Jan 2026 17:27:22 -0330
python-urllib3 (2.0.7-1ubuntu0.4) noble-security; urgency=medium
* SECURITY UPDATE: Decompression bomb in HTTP redirect responses.
- debian/patches/CVE-2026-21441.patch: Add decode_content to self.read()
in src/urllib3/response.py. Add tests in
test/with_dummyserver/test_connectionpool.py and dummyserver/app.py.
- CVE-2026-21441
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 08 Jan 2026 15:36:38 -0330
libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.9 to 3.12.3-1ubuntu0.11:
python3.12 (3.12.3-1ubuntu0.11) noble-security; urgency=medium
* SECURITY UPDATE: Header injection in email messages where addresses are not
sanitized.
- debian/patches/CVE-2025-11468.patch: Add escape parentheses and backslash
in Lib/email/_header_value_parser.py. Add test in
Lib/test/test_email/test__header_value_parser.py.
- CVE-2025-11468
* SECURITY UPDATE: Quadratic algorithm when building excessively nested XML
documents.
- debian/patches/CVE-2025-12084-*.patch: Remove _in_document and replace
with node.ownerDocument in Lib/xml/dom/minidom.py. Set self.ownerDocument
to None in Lib/xml/dom/minidom.py. Add test in Lib/test/test_minidom.py.
- CVE-2025-12084
* SECURITY UPDATE: OOM and denial of service when opening malicious plist
file.
- debian/patches/CVE-2025-13837.patch: Add _MIN_READ_BUF_SIZE and _read
with checks in Lib/plistlib.py. Add test in Lib/test/test_plistlib.py.
- CVE-2025-13837
* SECURITY UPDATE: Header injection in user controlled data URLs in urllib.
- debian/patches/CVE-2025-15282.patch: Add control character checks in
Lib/urllib/request.py. Add test in Lib/test/test_urllib.py.
* SECURITY UPDATE: Command injection through user controlled commands in
imaplib.
- debian/patches/CVE-2025-15366.patch: Add _control_chars and checks in
Lib/imaplib.py. Add test in Lib/test/test_imaplib.py.
* SECURITY UPDATE: Command injection through user controlled commands in
poplib.
- debian/patches/CVE-2025-15367.patch: Add control character regex check
in Lib/poplib.py. Add test in Lib/test/test_poplib.py.
- CVE-2025-15367
* SECURITY UPDATE: HTTP header injection in user controlled cookie values.
- debian/patches/CVE-2026-0672.patch: Add _control_characters_re and
checks in Lib/http/cookies.py. Add test in Lib/test/test_http_cookies.py.
- CVE-2026-0672
* SECURITY UPDATE: HTTP header injection in user controlled headers and
values with newlines.
- debian/patches/CVE-2026-0865.patch: Add _control_chars_re and check in
Lib/wsgiref/headers.py. Add test in Lib/test/support/__init__.py and
Lib/test/test_wsgiref.py.
- CVE-2026-0865
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 22 Jan 2026 17:27:42 -0330
python3.12 (3.12.3-1ubuntu0.10) noble-security; urgency=medium
* SECURITY UPDATE: HTTP Content-Length denial of service
- debian/patches/CVE-2025-13836.patch: Read large data in chunks with
geometric reads in Lib/http/client.py and add tests in
Lib/test/test_httplib.py
- CVE-2025-13836
-- Vyom Yadav <vyom.yadav@canonical.com> Thu, 08 Jan 2026 17:00:50 +0530
07/01/2026, commit https://github.com/canonical/core-base/tree/877c452311fe667019aaa475aae73b3e283b8f7b
[ Changes in the core24 snap ]
No detected changes for the core24 snap
[ Changes in primed packages ]
dhcpcd-base (built from dhcpcd) updated from 1:10.0.6-1ubuntu3.1 to 1:10.0.6-1ubuntu3.2:
dhcpcd (1:10.0.6-1ubuntu3.2) noble; urgency=medium
* Fix intermittent dumplease failures when parsing stdin (LP: #2131252)
- d/p/lp2131252-0-Force-dumplease-to-parse-stdin.patch
- d/p/lp2131252-1-Improve-and-document-prior.patch
-- Bryan Fraschetti <bryan.fraschetti@canonical.com> Thu, 13 Nov 2025 12:47:30 -0500
libglib2.0-0t64:amd64 (built from glib2.0) updated from 2.80.0-6ubuntu3.5 to 2.80.0-6ubuntu3.6:
glib2.0 (2.80.0-6ubuntu3.6) noble-security; urgency=medium
* SECURITY UPDATE: overflow via long invalid ISO 8601 timestamp
- debian/patches/CVE-2025-3360-1.patch: fix integer overflow when
parsing very long ISO8601 inputs in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-2.patch: fix potential integer overflow
in timezone offset handling in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-3.patch: track timezone length as an
unsigned size_t in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-4.patch: factor out some string pointer
arithmetic in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-5.patch: factor out an undersized
variable in glib/gdatetime.c.
- debian/patches/CVE-2025-3360-6.patch: add some missing GDateTime
ISO8601 parsing tests in glib/tests/gdatetime.c.
- CVE-2025-3360
* SECURITY UPDATE: GString overflow
- debian/patches/CVE-2025-6052.patch: fix overflow check when expanding
the string in glib/gstring.c.
- CVE-2025-6052
* SECURITY UPDATE: integer overflow in temp file creation
- debian/patches/CVE-2025-7039.patch: fix computation of temporary file
name in glib/gfileutils.c.
- CVE-2025-7039
* SECURITY UPDATE: heap overflow in g_escape_uri_string()
- debian/patches/CVE-2025-13601.patch: add overflow check in
glib/gconvert.c.
- CVE-2025-13601
* SECURITY UPDATE: buffer underflow through glib/gvariant
- debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow
parsing (byte)strings in glib/gvariant-parser.c.
- debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of
child elements in glib/gvariant-parser.c.
- debian/patches/CVE-2025-14087-3.patch: convert error handling code to
use size_t in glib/gvariant-parser.c.
- CVE-2025-14087
* SECURITY UPDATE: integer overflow in gfileattribute
- debian/patches/gfileattribute-overflow.patch: add overflow check in
gio/gfileattribute.c.
- No CVE number
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 10 Dec 2025 10:51:22 -0500
libpng16-16t64:amd64 (built from libpng1.6) updated from 1.6.43-5build1 to 1.6.43-5ubuntu0.1:
libpng1.6 (1.6.43-5ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: buffer overflow issue
- debian/patches/CVE-2025-64505.patch: Fix a buffer overflow in
png_do_quantize
- debian/patches/CVE-2025-64506.patch: Fix a heap buffer overflow in
png_write_image_8bit
- debian/patches/CVE-2025-64720.patch: Fix a buffer overflow in
png_init_read_transformations
- debian/patches/CVE-2025-65018.patch: Fix a heap buffer overflow in
png_image_finish_read
- CVE-2025-64505
- CVE-2025-64506
- CVE-2025-64720
- CVE-2025-65018
-- Nishit Majithia <nishit.majithia@canonical.com> Tue, 09 Dec 2025 17:36:48 +0530
python3-urllib3 (built from python-urllib3) updated from 2.0.7-1ubuntu0.2 to 2.0.7-1ubuntu0.3:
python-urllib3 (2.0.7-1ubuntu0.3) noble-security; urgency=medium
* SECURITY UPDATE: Denial of service due to unbounded decompression chain.
- debian/patches/CVE-2025-66418.patch: Add max_decode_links limit and
checks in src/urllib3/response.py. Add test in test/test_response.py.
- CVE-2025-66418
* SECURITY UPDATE: Denial of service due to decompression bomb.
- debian/patches/CVE-2025-66471.patch: Fix decompression bomb in
src/urllib3/response.py. Add tests in test/test_response.py.
- debian/patches/CVE-2025-66471-post1.patch: Remove brotli version warning
due to intrusive backport for brotli fixes and upstream version warning
not being appropriate for distro backporting.
- CVE-2025-66471
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 10 Dec 2025 15:56:11 -0330
libpam-systemd:amd64, libsystemd-shared:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-coredump, systemd-dev, systemd-resolved, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 255.4-1ubuntu8.11 to 255.4-1ubuntu8.12:
systemd (255.4-1ubuntu8.12) noble; urgency=medium
* basic: validate timezones in get_timezones() (LP: #2125405)
* ukify: fix insertion of padding in merged sections (LP: #2132666)
* core: downgrade a log message from warning to debug (LP: #2130554)
* test: skip testcase_multipath_basic_failover.
This test has been failing on Ubuntu infrastructure for a long time.
Leaving this alone at the moment allows other failures to potentially go
unnoticed, because the migration reference baseline has been reset to
fail. Skip the test to try and reset the baseline to pass.
* d/gbp.conf: stop using wrap_cl.py
-- Nick Rosbrook <enr0n@ubuntu.com> Tue, 25 Nov 2025 13:16:31 -0500
bsdutils, fdisk, libblkid1:amd64, libfdisk1:amd64, libmount1:amd64, libsmartcols1:amd64, libuuid1:amd64, mount, rfkill, util-linux (built from util-linux) updated from 1:2.39.3-9ubuntu6.3 to 1:2.39.3-9ubuntu6.4:
10/12/2025, commit https://github.com/canonical/core-base/tree/877c452311fe667019aaa475aae73b3e283b8f7b
[ Changes in the core24 snap ]
Alfonso Sánchez-Beato (1):
static: do not scan loop and mmc boot partitions
Philip Meulengracht (3):
tmpfiles.d: ignore snaps private tmp folder when cleaning /tmp
hooks: switch to ubuntu-advantage (#382)
static: add snapd.conf from the snapd debian, remove the other one (#384)
[ Changes in primed packages ]
apparmor, libapparmor1:amd64 (built from apparmor) updated from 4.0.1really4.0.1-0ubuntu0.24.04.4 to 4.0.1really4.0.1-0ubuntu0.24.04.5:
apparmor (4.0.1really4.0.1-0ubuntu0.24.04.5) noble; urgency=medium
* profiles: make /sys/devices PCI paths hex-aware (LP: #2115234)
-- Keifer Snedeker <keifer.snedeker@canonical.com> Fri, 15 Aug 2025 13:16:02 +0100
libglib2.0-0t64:amd64 (built from glib2.0) updated from 2.80.0-6ubuntu3.4 to 2.80.0-6ubuntu3.5:
glib2.0 (2.80.0-6ubuntu3.5) noble; urgency=medium
* debian: Update VCS references to ubuntu/noble branch
* debian/patches: Fix a crash on arg0 matching.
This is causing a crash in tracker if the battery charging state changes
while tracker is indexing files, as tracker-extract-3 will try to emit
property changes with a NULL arg0. (LP: #2119581)
-- Marco Trevisan (Treviño) <marco@ubuntu.com> Tue, 04 Nov 2025 16:05:02 +0100
libdrm-common, libdrm2:amd64 (built from libdrm) updated from 2.4.122-1~ubuntu0.24.04.1 to 2.4.122-1~ubuntu0.24.04.2:
libdrm (2.4.122-1~ubuntu0.24.04.2) noble; urgency=medium
* patches: Identify APUs from hardware (LP: #2127944)
-- Timo Aaltonen <tjaalton@debian.org> Fri, 24 Oct 2025 17:48:33 +0300
libnetplan1:amd64, netplan-generator, netplan.io, python3-netplan (built from netplan.io) updated from 1.1.2-2~ubuntu24.04.2 to 1.1.2-8ubuntu1~24.04.1:
netplan.io (1.1.2-8ubuntu1~24.04.1) noble; urgency=medium
* Backport netplan.io 1.1.2-8ubuntu1 (LP: #2127195)
- Allows non standard OVS setups (e.g. OVS from snap)
- Test improvements, especially for slower architectures such as riscv64
- d/t/cloud-init.sh: Adopt for actually generated files instead of dummies
- d/control: use dbus-daemon instead of dbus-x11 for build-time tests and
suggests systemd-resolved
* SRU compatibility
- d/gbp.conf: Update for Noble
- d/libnetplan1.symbols: keep it at the original version
- d/p/series: Keep d/p/sru-compat/* patches
- d/p/series: Drop wait-online-dns* which is incompatible with systemd v255
+ d/control: Keep systemd dependency at v248
-- Lukas Märdian <slyon@ubuntu.com> Tue, 25 Nov 2025 12:45:14 +0100
libpython3-stdlib:amd64, python3, python3-minimal (built from python3-defaults) updated from 3.12.3-0ubuntu2 to 3.12.3-0ubuntu2.1:
python3-defaults (3.12.3-0ubuntu2.1) noble-security; urgency=medium
* No-change rebuild into -security to fix dep issues (LP: #2127093)
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Nov 2025 07:15:44 -0500
libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.8 to 3.12.3-1ubuntu0.9:
python3.12 (3.12.3-1ubuntu0.9) noble-security; urgency=medium
* SECURITY UPDATE: Possible payload obfuscation
- debian/patches/CVE-2025-8291.patch: check consistency of
the zip64 end of central dir record in Lib/zipfile.py,
Lib/test/test_zipfile.py.
- CVE-2025-8291
* SECURITY UPDATE: Performance degradation
- debian/patches/CVE-2025-6075.patch: fix quadratic complexity
in os.path.expandvars() in Lib/ntpatch.py, Lib/posixpath.py,
Lib/test/test_genericpatch.py, Lib/test/test_npath.py.
- CVE-2025-6075
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Thu, 06 Nov 2025 10:44:16 -0300
26/10/2025, commit https://github.com/canonical/core-base/tree/230d59e9c36891b95fbb3a47a8b25563e0b9ae17
[ Changes in the core24 snap ]
Alfonso Sánchez-Beato (1):
hooks: update nvidia driver version
[ Changes in primed packages ]
distro-info-data (built from distro-info-data) updated from 0.60ubuntu0.3 to 0.60ubuntu0.5:
distro-info-data (0.60ubuntu0.5) noble; urgency=medium
* ubuntu.csv: remove eol-legacy field from resolute
This version of distro-info does not know about eol-legacy.
-- Nick Rosbrook <enr0n@ubuntu.com> Fri, 10 Oct 2025 12:02:16 -0400
distro-info-data (0.60ubuntu0.4) noble; urgency=medium
* Add Ubuntu 26.04 LTS "Resolute Raccoon" (LP: #2126961)
* Correct date for forky
* Correct estimation for trixie ELTS EoL to 10 years total support.
* Update the bookworm EoL
-- Florent 'Skia' Jacquet <florent.jacquet@canonical.com> Fri, 10 Oct 2025 11:31:14 +0100
09/10/2025, commit https://github.com/canonical/core-base/tree/3667c3306e20cafd7ee36075b3fb317f05fbec00
[ Changes in the core24 snap ]
No detected changes for the core24 snap
[ Changes in primed packages ]
libpam-systemd:amd64, libsystemd-shared:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-coredump, systemd-dev, systemd-resolved, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 255.4-1ubuntu8.10 to 255.4-1ubuntu8.11:
systemd (255.4-1ubuntu8.11) noble; urgency=medium
[ Nick Rosbrook ]
* initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)
* d/t/tests-in-lxd: drop patching workaround (LP: #2115263)
- d/t/control: add Depends: dnsmasq-base
(Revealed by test progressing past previous failure)
* initramfs-tools: filter out zdev rules in the initramfs hook (LP: #2044104)
Backport the logic from plucky onward, but adjust the version string for
noble.
* test: fall back to SYSLOG_IDENTIFIER= matching in TEST-75-RESOLVED
Partially backport the test fix from 49a954b08654dd06bab71224a2398a65c2555549,
only targeting TEST-75-RESOLVED.
[ Matthew Ruffell ]
* pcrlock: handle measurement logs where hash algs in header.
Fix pcrlock log to function correctly reading the TPM eventlog on hyper-v VMs
(LP: #2115391)
[ Chengen Du ]
* network/dhcp6: consider the DHCPv6 protocol as finished when conflict addresses exist
(LP: #2115418)
[ Mario Limonciello ]
* Drop support for using actual brightness (LP: #2110585)
-- Nick Rosbrook <enr0n@ubuntu.com> Fri, 11 Jul 2025 14:52:59 -0400
wpasupplicant (built from wpa) updated from 2:2.10-21ubuntu0.2 to 2:2.10-21ubuntu0.3:
wpa (2:2.10-21ubuntu0.3) noble; urgency=medium
* Bump DEFAULT_BSS_MAX_COUNT to 1000 (LP: #2117180)
-- Mitchell Augustin <mitchell.augustin@canonical.com> Mon, 21 Jul 2025 18:13:31 -0500
01/10/2025, commit https://github.com/canonical/core-base/tree/3667c3306e20cafd7ee36075b3fb317f05fbec00
[ Changes in the core24 snap ]
No detected changes for the core24 snap
[ Changes in primed packages ]
cloud-init (built from cloud-init) updated from 25.1.4-0ubuntu0~24.04.1 to 25.2-0ubuntu1~24.04.1:
cloud-init (25.2-0ubuntu1~24.04.1) noble; urgency=medium
* add d/p/strip-invalid-mtu.patch
- Provides backwards compatibility for an otherwise invalid
MTU in a netplan config. (GH-6239)
* d/cloud-init.templates:
- Move VMware before OVF. See GH-4030
- Enable CloudCIX by default
* refresh patches:
- d/p/no-single-process.patch
* Upstream snapshot based on 25.2. (LP: #2120495).
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.2/ChangeLog
-- James Falcon <james.falcon@canonical.com> Tue, 12 Aug 2025 16:19:32 -0500
coreutils (built from coreutils) updated from 9.4-3ubuntu6 to 9.4-3ubuntu6.1:
coreutils (9.4-3ubuntu6.1) noble; urgency=medium
* d/p/suppress-permission-denied-errors-on-nfs.patch:
- Avoid returning permission denied errors when running ls -l when reading
file attributes. (LP: #2115274)
-- Ghadi Elie Rahme <ghadi.rahme@canonical.com> Sun, 22 Jun 2025 16:21:39 +0000
dpkg (built from dpkg) updated from 1.22.6ubuntu6.1 to 1.22.6ubuntu6.5:
dpkg (1.22.6ubuntu6.5) noble-security; urgency=medium
[ Joy Latten ]
* SECURITY UPDATE:
- Fix cleanup for control member with restricted directories. LP: #2122053
- Fixes CVE-2025-6297
-- Serge Hallyn <serge.hallyn@ubuntu.com> Thu, 18 Sep 2025 12:43:59 -0500
dpkg (1.22.6ubuntu6.2) noble; urgency=medium
[ Zixing Liu ]
* Add RUSTFLAGS to define frame pointers for Rust toolchain (LP: #2082636).
* Replaces mainline version number 1.22.6ubuntu12 with 1.22.6ubuntu6.2 in
the documentation to avoid confusion with backported version.
[ Benjamin Drung ]
* buildflags: document RUSTFLAGS
* buildflags: Always set RUSTFLAGS
-- Zixing Liu <zixing.liu@canonical.com> Thu, 26 Sep 2024 13:14:01 -0600
libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.39-0ubuntu8.5 to 2.39-0ubuntu8.6:
glibc (2.39-0ubuntu8.6) noble-security; urgency=medium
* SECURITY UPDATE: double-free in regcomp function
- debian/patches/any/CVE-2025-8058.patch: fix double-free after
allocation failure in regcomp in posix/Makefile, posix/regcomp.c,
posix/tst-regcomp-bracket-free.c.
- CVE-2025-8058
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 17 Sep 2025 10:55:42 -0400
openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:9.6p1-3ubuntu13.13 to 1:9.6p1-3ubuntu13.14:
openssh (1:9.6p1-3ubuntu13.14) noble; urgency=medium
* d/p/systemd-socket-activation.patch: allow AF_VSOCK sockets (LP: #2111226)
-- Nick Rosbrook <enr0n@ubuntu.com> Tue, 26 Aug 2025 09:49:17 -0400
libssl3t64:amd64, openssl (built from openssl) updated from 3.0.13-0ubuntu3.5 to 3.0.13-0ubuntu3.6:
openssl (3.0.13-0ubuntu3.6) noble-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap
- debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped
key size in crypto/cms/cms_pwri.c.
- CVE-2025-9230
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 18 Sep 2025 07:12:48 -0400
libpam-modules-bin, libpam-modules:amd64, libpam-runtime, libpam0g:amd64 (built from pam) updated from 1.5.3-5ubuntu5.4 to 1.5.3-5ubuntu5.5:
pam (1.5.3-5ubuntu5.5) noble-security; urgency=medium
* SECURITY UPDATE: pam_access hostname confusion
- debian/patches/CVE-2024-10963.patch: add "nodns" option to disallow
resolving of tokens as hostname in
modules/pam_access/access.conf.5.xml,
modules/pam_access/pam_access.8.xml,
modules/pam_access/pam_access.c.
- CVE-2024-10963
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 15 Sep 2025 08:37:15 -0400
libsqlite3-0:amd64 (built from sqlite3) updated from 3.45.1-1ubuntu2.4 to 3.45.1-1ubuntu2.5:
sqlite3 (3.45.1-1ubuntu2.5) noble-security; urgency=medium
* SECURITY UPDATE: integer overflow in FTS5 extension
- debian/patches/CVE-2025-7709.patch: optimize allocation of large
tombstone arrays in fts5 in ext/fts5/fts5_index.c.
- CVE-2025-7709
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Sep 2025 14:06:42 -0400
vim-common, vim-tiny (built from vim) updated from 2:9.1.0016-1ubuntu7.8 to 2:9.1.0016-1ubuntu7.9:
vim (2:9.1.0016-1ubuntu7.9) noble-security; urgency=medium
* SECURITY UPDATE: Path traversal when opening specially crafted tar/zip
archives.
- debian/patches/CVE-2025-53905.patch: remove leading slashes from name,
replace tar_secure with g:tar_secure in runtime/autoload/tar.vim.
- debian/patches/CVE-2025-53906.patch: Add need_rename, replace w! with w,
call warning for path traversal attack, and escape leading "../" in
runtime/autoload/zip.vim.
- CVE-2025-53905
- CVE-2025-53906
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Fri, 05 Sep 2025 17:14:46 -0230
29/08/2025, commit https://github.com/canonical/core-base/tree/3667c3306e20cafd7ee36075b3fb317f05fbec00
[ Changes in the core24 snap ]
Alfonso Sánchez-Beato (4):
.github/workflows/release-manual.yaml: remove scheduled builds
get-version.sh: filter by _$branch suffix when looking at tags
hooks/001-extra-packages.chroot: add back libtirpc3t64
snapcraft.yaml: move to 24.04.3 base
Valentin David (2):
spread.yaml: Sync google-nested-arm with snapd
static: copy udev disk rules from core-initrd
[ Changes in primed packages ]
base-files (built from base-files) updated from 13ubuntu10.2 to 13ubuntu10.3:
base-files (13ubuntu10.3) noble; urgency=medium
* /etc/issue{,.net}, /etc/{lsb,os}-release: bump version to 24.04.3
(LP: #2119314)
-- Ural Tunaboyu <ural.tunaboyu@canonical.com> Fri, 01 Aug 2025 07:21:11 -0700
cloud-init (built from cloud-init) updated from 25.1.2-0ubuntu0~24.04.1 to 25.1.4-0ubuntu0~24.04.1:
cloud-init (25.1.4-0ubuntu0~24.04.1) noble-security; urgency=medium
* Upstream snapshot based on 25.1.4.
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.4/ChangeLog
- Bugs fixed in this snapshot:
+ fix: disable cloud-init when non-x86 environments have no DMI-data
and no strict datasources detected (LP: #2069607) (CVE-2024-6174)
-- Chad Smith <chad.smith@canonical.com> Tue, 24 Jun 2025 15:14:03 -0600
cloud-init (25.1.3-0ubuntu0~24.04.1) noble-security; urgency=medium
* d/cloud-init-base.postinst: move existing hotplug-cmd fifo to root-only
share dir (CVE-2024-11584)
* Upstream security bugfix release based on 25.1.3.
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.3/ChangeLog
- Bugs fixed in this snapshot:
- security: make hotplug socket only writable by root (LP: #2114229)
(CVE-2024-11584)
- security: make ds-identify behavior strict datasource discovery on
non-x86 platforms without DMI data (LP: #2069607) (CVE-2024-6174)
-- Chad Smith <chad.smith@canonical.com> Thu, 12 Jun 2025 20:24:45 -0600
iproute2 (built from iproute2) updated from 6.1.0-1ubuntu6 to 6.1.0-1ubuntu6.2:
iproute2 (6.1.0-1ubuntu6.2) noble; urgency=medium
* Do not use stdout to print info about default fan map usage (LP: #2115790)
- d/p/1003-ubuntu-poc-fan-dynamic-map.patch
-- Stefan Bader <stefan.bader@canonical.com> Thu, 10 Jul 2025 16:46:54 +0200
iproute2 (6.1.0-1ubuntu6.1) noble; urgency=medium
* Expose IFLA_VXLAN_FAN_MAP version via sysctl/proc (LP: #2106115)
- d/p/1003-ubuntu-poc-fan-dynamic-map.patch
-- Stefan Bader <stefan.bader@canonical.com> Thu, 26 Jun 2025 16:35:31 +0200
libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.7 to 3.12.3-1ubuntu0.8:
python3.12 (3.12.3-1ubuntu0.8) noble-security; urgency=medium
* SECURITY UPDATE: Regular expression denial of service.
- debian/patches/CVE-2025-6069.patch: Improve regex parsing in
Lib/html/parser.py.
- CVE-2025-6069
* SECURITY UPDATE: Infinite loop when parsing tar archives.
- debian/patches/CVE-2025-8194.patch: Raise exception when count < 0 in
Lib/tarfile.py.
- CVE-2025-8194
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 14 Aug 2025 15:17:21 -0230
29/07/2025, commit https://github.com/canonical/core-base/tree/e164b892c0535598c3712caa2ecdea0667dfdfc7
[ Changes in the core24 snap ]
Alfonso Sánchez-Beato (11):
snapcraft.yaml: set version from date tag if present
.github/workflows/release.yaml: add release job
.github/workflows/release.yaml: run rebuild base job each day
.github/workflows/tests.yaml: fix runners filtering
.github/workflows/release.yaml: fix typo
static/secureboot-db.service: check mode by looking at modeenv
static: check mode by looking at modeenv in several services
tests: prepare for installation from initramfs
.github/workflows: we do not need spread-arm anymore
.github/workflows: add manual release job, remove old release one
.github/workflows/release-manual: fix typo
Philip Meulengracht (1):
tools: aggregate old changelogs
[ Changes in primed packages ]
libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.39-0ubuntu8.4 to 2.39-0ubuntu8.5:
glibc (2.39-0ubuntu8.5) noble-security; urgency=medium
* SECURITY UPDATE: insecure power10 strcmp implementation
- debian/patches/any/CVE-2025-5702.patch: remove power10 optimized
strcmp.
- CVE-2025-5702
* Moved other security patches to debian/patches/any.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Jul 2025 12:47:47 -0400
gpgv (built from gnupg2) updated from 2.4.4-2ubuntu17.2 to 2.4.4-2ubuntu17.3:
gnupg2 (2.4.4-2ubuntu17.3) noble-security; urgency=medium
* debian/patches/fix-key-validity-regression-due-to-CVE-2025-
30258.patch:
- Fix a key validity regression following patches for CVE-2025-30258,
causing trusted "certify-only" primary keys to be ignored when checking
signature on user IDs and computing key validity. This regression makes
imported keys signed by a trusted "certify-only" key have an unknown
validity (LP: #2114775).
-- dcpi <dcpi@u22vm> Thu, 26 Jun 2025 13:17:22 +0000
gnutls-bin, libgnutls-dane0t64:amd64, libgnutls30t64:amd64 (built from gnutls28) updated from 3.8.3-1.1ubuntu3.3 to 3.8.3-1.1ubuntu3.4:
gnutls28 (3.8.3-1.1ubuntu3.4) noble-security; urgency=medium
* SECURITY UPDATE: double-free via otherName in the SAN
- debian/patches/CVE-2025-32988.patch: avoid double free when exporting
othernames in SAN in lib/x509/extensions.c.
- CVE-2025-32988
* SECURITY UPDATE: OOB read via malformed length field in SCT extension
- debian/patches/CVE-2025-32989.patch: fix read buffer overrun in SCT
timestamps in lib/x509/x509_ext.c.
- CVE-2025-32989
* SECURITY UPDATE: heap write overflow in certtool via invalid template
- debian/patches/CVE-2025-32990.patch: avoid 1-byte write buffer
overrun when parsing template in src/certtool-cfg.c,
tests/cert-tests/Makefile.am, tests/cert-tests/template-test.sh,
tests/cert-tests/templates/template-too-many-othernames.tmpl.
- CVE-2025-32990
* SECURITY UPDATE: NULL deref via missing PSK in TLS 1.3 handshake
- debian/patches/CVE-2025-6395.patch: clear HSK_PSK_SELECTED when
resetting binders in lib/handshake.c, lib/state.c, tests/Makefile.am,
tests/tls13/hello_retry_request_psk.c.
- CVE-2025-6395
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 11 Jul 2025 08:58:05 -0400
gzip (built from gzip) updated from 1.12-1ubuntu3 to 1.12-1ubuntu3.1:
gzip (1.12-1ubuntu3.1) noble; urgency=medium
* d/p/0001-maint-fix-s390-buffer-flushes.patch: align the behavior of
dfltcc_inflate to do the same as gzip_inflate when it hits a premature EOF
(LP: #2083700)
-- Andreas Hasenack <andreas@canonical.com> Mon, 27 Jan 2025 13:56:44 -0300
iputils-ping (built from iputils) updated from 3:20240117-1build1 to 3:20240117-1ubuntu0.1:
iputils (3:20240117-1ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: DoS via crafted ICMP Echo Reply packet
- debian/patches/CVE-2025-47268: fix signed 64-bit integer overflow in
RTT calculation in iputils_common.h, ping/ping_common.c.
- debian/patches/CVE-2025-48964.patch: fix moving average rtt
calculation in iputils_common.h, ping/ping.h, ping/ping_common.c.
- CVE-2025-47268
- CVE-2025-48964
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 24 Jul 2025 07:51:16 -0400
libpciaccess0:amd64 (built from libpciaccess) updated from 0.17-3build1 to 0.17-3ubuntu0.24.04.2:
libpciaccess (0.17-3ubuntu0.24.04.2) noble; urgency=medium
* Revert to 0.17-3build1 since the previous update appears to cause
inability to log in to the desktop on some systems (LP: #2115574)
-- Jeremy Bícha <jbicha@ubuntu.com> Mon, 30 Jun 2025 11:55:17 -0400
libpciaccess (0.17-3ubuntu0.24.04.1) noble; urgency=medium
* AMD platform A + N config selected wrong primary GPU in Xorg (LP: #2111684)
d/p/0001-linux_sysfs-Identify-boot_vga-by-acpi-companion-hid.patch
-- Kai-Chuan Hsieh <kaichuan.hsieh@canonical.com> Tue, 03 Jun 2025 17:23:44 +0800
libnetplan1:amd64, netplan-generator, netplan.io, python3-netplan (built from netplan.io) updated from 1.1.2-2~ubuntu24.04.1 to 1.1.2-2~ubuntu24.04.2:
netplan.io (1.1.2-2~ubuntu24.04.2) noble; urgency=medium
* Add integration tests for `netplan try`
- d/p/lp2083029/0007-tests-integration-netplan-try.patch
* Fix networkd file permissions during `netplan try` restore (LP: #2083029)
- d/p/lp2083029/0008-cli-ConfigManager-must-copy-file-ownership.patch
* Prevent netplan-generate from running during `netplan try` (LP: #2083029)
- d/p/lp2083029/0009-generate-Don-t-run-during-netplan-try.patch
-- Wesley Hershberger <wesley.hershberger@canonical.com> Thu, 17 Apr 2025 10:46:08 -0500
openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:9.6p1-3ubuntu13.12 to 1:9.6p1-3ubuntu13.13:
openssh (1:9.6p1-3ubuntu13.13) noble; urgency=medium
* Explicitly listen on IPv4 by default, with socket-activated sshd
(LP: #2080216)
- d/systemd/ssh.socket: explicitly listen on ipv4 by default
- d/t/sshd-socket-generator: update for new defaults and AddressFamily
- sshd-socket-generator: handle new ssh.socket default settings
-- Nick Rosbrook <enr0n@ubuntu.com> Mon, 09 Jun 2025 13:22:39 -0400
python3-urllib3 (built from python-urllib3) updated from 2.0.7-1ubuntu0.1 to 2.0.7-1ubuntu0.2:
python-urllib3 (2.0.7-1ubuntu0.2) noble-security; urgency=medium
* SECURITY UPDATE: Information disclosure through improperly disabled
redirects.
- debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
to Retry.from_int(retries, redirect=False) as well as set
raise_on_redirect in ./src/urllib3/poolmanager.py.
- CVE-2025-50181
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 23 Jun 2025 16:34:35 -0230
libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.6 to 3.12.3-1ubuntu0.7:
python3.12 (3.12.3-1ubuntu0.7) noble-security; urgency=medium
* SECURITY UPDATE: Arbitrary filesystem and metadata write through improper
tar filtering.
- debian/patches/CVE-202x-12718-4138-4x3x-4517.patch: Add ALLOW_MISSING in
./Lib/genericpath.py, ./Lib/ntpath.py, ./Lib/posixpath.py. Change filter
to handle errors in ./Lib/ntpath.py, ./Lib/posixpath.py. Add checks and
unfiltered to ./Lib/tarfile.py. Modify tests.
- CVE-2024-12718
- CVE-2025-4138
- CVE-2025-4330
- CVE-2025-4435
- CVE-2025-4517
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 18 Jun 2025 15:29:45 -0230
libsqlite3-0:amd64 (built from sqlite3) updated from 3.45.1-1ubuntu2.3 to 3.45.1-1ubuntu2.4:
sqlite3 (3.45.1-1ubuntu2.4) noble-security; urgency=medium
* SECURITY UPDATE: Memory corruption via number of aggregate terms
- debian/patches/CVE-2025-6965.patch: raise an error right away if the
number of aggregate terms in a query exceeds the maximum number of
columns in src/expr.c, src/sqliteInt.h.
- CVE-2025-6965
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 18 Jul 2025 10:56:16 -0400
sudo (built from sudo) updated from 1.9.15p5-3ubuntu5 to 1.9.15p5-3ubuntu5.24.04.1:
sudo (1.9.15p5-3ubuntu5.24.04.1) noble-security; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation via host option
- debian/patches/CVE-2025-32462.patch: only allow specifying a host
when listing privileges.
- CVE-2025-32462
* SECURITY UPDATE: Local Privilege Escalation via chroot option
- debian/patches/CVE-2025-32463.patch: remove user-selected root
directory chroot option.
- CVE-2025-32463
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jun 2025 08:42:53 -0400
libpam-systemd:amd64, libsystemd-shared:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-coredump, systemd-dev, systemd-resolved, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 255.4-1ubuntu8.8 to 255.4-1ubuntu8.10:
systemd (255.4-1ubuntu8.10) noble; urgency=medium
* Fix regression in networkctl caused by previous upload:
A regression was introduced due to an incorrect manager reference being passed to
manager_get_route_table_to_string() within route_append_json(), resulting in an
error when executing the `networkctl --json=pretty` command.
> networkctl --json=pretty
Failed to get description: Message recipient disconnected from message bus without replying
-- Chengen Du <chengen.du@canonical.com> Wed, 02 Jul 2025 10:04:32 -0400
systemd (255.4-1ubuntu8.9) noble; urgency=medium
* Preserve IPv6 configurations when `KeepConfiguration=dhcp-on-stop` is set
(LP: #2098183)
- d/p/lp2098183/0001-network-use-json_variant_append_arrayb.patch
- d/p/lp2098183/0002-json-add-new-dispatch-flag-JSON_ALLOW_EXTENSIONS.patch
- d/p/lp2098183/0003-json-add-macro-for-automatically-defining-a-dispatch.patch
- d/p/lp2098183/0004-json-introduce-json_dispatch_byte_array_iovec-and-js.patch
- d/p/lp2098183/0005-json-introduce-json_dispatch_int8-and-json_dispatch_.patch
- d/p/lp2098183/0006-json-extend-JsonDispatch-flags-with-nullable-and-ref.patch
- d/p/lp2098183/0007-json-util-generalize-json_dispatch_ifindex.patch
- d/p/lp2098183/0008-daemon-util-expose-notify_push_fd.patch
- d/p/lp2098183/0009-network-json-add-missing-entries-for-route-propertie.patch
- d/p/lp2098183/0010-network-introduce-network_config_source_from_string.patch
- d/p/lp2098183/0011-network-expose-log_route_debug-and-log_address_debug.patch
- d/p/lp2098183/0012-network-introduce-manager_serialize-deserialize.patch
- d/p/lp2098183/0013-network-keep-all-dynamically-acquired-configurations.patch
-- Chengen Du <chengen.du@canonical.com> Mon, 09 Jun 2025 13:44:06 -0400
bsdutils, fdisk, libblkid1:amd64, libfdisk1:amd64, libmount1:amd64, libsmartcols1:amd64, libuuid1:amd64, mount, rfkill, util-linux (built from util-linux) updated from 1:2.39.3-9ubuntu6.2 to 1:2.39.3-9ubuntu6.3:
18/06/2025, commit https://git.launchpad.net/snap-core24/tree/f9ca904d1e47c062780620e0060063d8a54646dd
[ Changes in the core24 snap ]
Alfonso Sánchez-Beato (1):
.github,tests: do not rebuild base for each test
[ Changes in primed packages ]
libapt-pkg6.0t64:amd64 (built from apt) updated from 2.7.14build2 to 2.8.3:
apt (2.8.3) noble; urgency=medium
* Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126)
- Revert "Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment"
- Revert "Only warn about <rsa2048 when upgrading from 2.7.x to 2.8.x"
- Revert rsa1024 to warnings again
This leaves the mechanisms in place and no longer warns about NIST curves.
* Fix keeping back removals of obsolete packages; and return an error if
ResolveByKeep() is unsuccessful (LP: #2078720)
* Fix buffer overflow, stack overflow, exponential complexity in
apt-ftparchive Contents generation (LP: #2083697)
- ftparchive: Mystrdup: Add safety check and bump buffer size
- ftparchive: contents: Avoid exponential complexity and overflows
- test framework: Improve valgrind support
- test: Check that apt-ftparchive handles deep paths
- Workaround valgrind "invalid read" in ExtractTar::Go by moving large
buffer from stack to heap. The large buffer triggered some bugs in
valgrind stack clash protection handling.
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 22 Oct 2024 15:02:22 +0200
apt (2.8.2) noble; urgency=medium
* Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment
(follow-up for LP: #2073126)
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 13 Aug 2024 16:47:13 +0200
apt (2.8.1) noble; urgency=medium
* Only revoke weak RSA keys for now, add 'next' and 'future' levels
(backported from 2.9.7)
Note that the changes to warn about keys not matching the future level
in the --audit level are not fully included, as the --audit feature
has not yet been backported. (LP: #2073126)
* Introduce further mitigation on upgrades from 2.7.x to allow these
systems to continue using rsa1024 repositories with warnings
until the 24.04.2 point release (LP: #2073126)
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 30 Jul 2024 17:12:00 +0900
apt (2.8.0) noble; urgency=medium
[ Julian Andres Klode ]
* Revert "Temporarily downgrade key assertions to "soon worthless""
We temporarily downgraded the errors to warnings to give the
launchpad PPAs time to be fixed, but warnings are not safe:
Untrusted keys could be hiding on your system, but just not
used at the moment. Hence revert this so we get the errors we
want. (LP: #2060721)
* Branch off the stable 2.8.y branch for noble:
- CI: Test in ubuntu:noble images for 2.8.y
- debian/gbp.conf: Point at the 2.8.y branch
[ David Kalnischkies ]
* Test suite fixes:
- Avoid subshell hiding failure report from testfilestats
- Ignore umask of leftover diff_Index in failed pdiff test
* Documentation translation fixes:
- Fix and unfuzzy previous VCG/Graphviz URI change
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 16 Apr 2024 16:59:14 +0200
cloud-init (built from cloud-init) updated from 24.4.1-0ubuntu0~24.04.3 to 25.1.2-0ubuntu0~24.04.1:
cloud-init (25.1.2-0ubuntu0~24.04.1) noble; urgency=medium
* Upstream snapshot based on 25.1.2. (LP: #2104165).
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.2/ChangeLog
-- James Falcon <james.falcon@canonical.com> Mon, 19 May 2025 15:00:58 -0500
cloud-init (25.1.1-0ubuntu1~24.04.1) noble; urgency=medium
* Drop cpicks which are now upstream:
- cpick-d75840be-fix-retry-AWS-hotplug-for-async-IMDS-5995
- cpick-84806336-chore-Add-feature-flag-for-manual-network-waiting
- d/p/cpick-c60771d8-test-pytestify-test_url_helper.py
- d/p/cpick-8810a2dc-test-Remove-CiTestCase-from-test_url_helper.py
- d/p/cpick-582f16c1-test-add-OauthUrlHelper-tests
- d/p/cpick-9311e066-fix-Update-OauthUrlHelper-to-use-readurl-exception_cb
* refresh patches
- d/p/deprecation-version-boundary.patch
- d/p/grub-dpkg-support.patch
- d/p/no-nocloud-network.patch
- d/p/no-single-process.patch
* sort hunks within all patches (--sort on quilt refresh)
* Upstream snapshot based on 25.1.1.
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.1/ChangeLog
-- Chad Smith <chad.smith@canonical.com> Tue, 25 Mar 2025 11:02:28 -0600
libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.20.1-6ubuntu2.5 to 1.20.1-6ubuntu2.6:
krb5 (1.20.1-6ubuntu2.6) noble-security; urgency=medium
* SECURITY UPDATE: Use of weak cryptographic hash.
- debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options.
Disallow usage of des3 and rc4 unless allowed in the config. Replace
warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add
allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage
of deprecated enctypes in ./src/kdc/kdc_util.c.
- debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with
ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.
- CVE-2025-3576
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 15 May 2025 10:09:20 +0200
openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:9.6p1-3ubuntu13.11 to 1:9.6p1-3ubuntu13.12:
openssh (1:9.6p1-3ubuntu13.12) noble; urgency=medium
* d/p/sshd-socket-generator.patch: add note to sshd_config
Explain that a systemctl daemon-reload is needed for changes
to Port et al to take effect.
(LP: #2069041)
-- Nick Rosbrook <enr0n@ubuntu.com> Tue, 29 Apr 2025 10:57:04 -0400
libpam-modules-bin, libpam-modules:amd64, libpam-runtime, libpam0g:amd64 (built from pam) updated from 1.5.3-5ubuntu5.1 to 1.5.3-5ubuntu5.4:
pam (1.5.3-5ubuntu5.4) noble-security; urgency=medium
* SECURITY UPDATE: privilege escalation via pam_namespace
- debian/patches/pam_namespace_170.patch: sync pam_namespace module to
version 1.7.0.
- debian/patches/pam_namespace_post170-*.patch: add post-1.7.0 changes
from upstream git tree.
- debian/patches/pam_namespace_revert_abi.patch: revert ABI change to
prevent unintended issues in running daemons.
- debian/patches/CVE-2025-6020-1.patch: fix potential privilege
escalation.
- debian/patches/CVE-2025-6020-2.patch: add flags to indicate path
safety.
- debian/patches/CVE-2025-6020-3.patch: secure_opendir: do not look at
the group ownership.
- debian/patches/pam_namespace_o_directory.patch: removed, included in
patch cluster above.
- CVE-2025-6020
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 12 Jun 2025 10:45:28 -0400
pam (1.5.3-5ubuntu5.2) noble; urgency=medium
* d/p/031_pam_include: fix loading from /usr/lib/pam.d (LP: #2087827)
-- Simon Chopin <schopin@ubuntu.com> Mon, 26 May 2025 16:34:46 +0200
libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.5 to 3.12.3-1ubuntu0.6:
python3.12 (3.12.3-1ubuntu0.6) noble-security; urgency=medium
* SECURITY UPDATE: incorrect address list folding
- debian/patches/CVE-2025-1795-2.patch: fix AttributeError in the email
module in Lib/email/_header_value_parser.py,
Lib/test/test_email/test__header_value_parser.py.
- CVE-2025-1795
* SECURITY UPDATE: DoS via bytes.decode with unicode_escape
- debian/patches/CVE-2025-4516.patch: fix use-after-free in the
unicode-escape decoder with an error handler in
Include/cpython/bytesobject.h, Include/cpython/unicodeobject.h,
Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py,
Objects/bytesobject.c, Objects/unicodeobject.c,
Parser/string_parser.c.
- CVE-2025-4516
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 26 May 2025 14:50:19 -0400
python3-requests (built from requests) updated from 2.31.0+dfsg-1ubuntu1 to 2.31.0+dfsg-1ubuntu1.1:
requests (2.31.0+dfsg-1ubuntu1.1) noble-security; urgency=medium
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
lookup instead of netloc
- CVE-2024-47081
* Skip Test
- skip-failing-zip-test.patch: Skip failing zip test
-- Bruce Cable <bruce.cable@canonical.com> Thu, 12 Jun 2025 11:19:32 +1000
python3-pkg-resources (built from setuptools) updated from 68.1.2-2ubuntu1.1 to 68.1.2-2ubuntu1.2:
setuptools (68.1.2-2ubuntu1.2) noble-security; urgency=medium
* SECURITY UPDATE: path traversal vulnerability
- debian/patches/CVE-2025-47273-pre1.patch: Extract
_resolve_download_filename with test.
- debian/patches/CVE-2025-47273.patch: Add a check to ensure the name
resolves relative to the tmpdir.
- CVE-2025-47273
-- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 28 May 2025 19:00:32 +0200
libpam-systemd:amd64, libsystemd-shared:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-coredump, systemd-dev, systemd-resolved, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 255.4-1ubuntu8.6 to 255.4-1ubuntu8.8:
systemd (255.4-1ubuntu8.8) noble-security; urgency=medium
* SECURITY UPDATE: race condition in systemd-coredump
- debian/patches/CVE_2025_4598_1.patch: coredump: get rid of
_META_MANDATORY_MAX.
- debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core
pattern.
- debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding
non-dumpable processes.
- debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus
assertion.
- CVE-2025-4598
* this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed
-- Octavio Galland <octavio.galland@canonical.com> Wed, 04 Jun 2025 09:24:15 -0300
tzdata (built from tzdata) updated from 2025b-0ubuntu0.24.04 to 2025b-0ubuntu0.24.04.1:
tzdata (2025b-0ubuntu0.24.04.1) noble; urgency=medium
* Update the ICU timezone data to 2025b (LP: #2107950)
* Add autopkgtest test case for ICU timezone data 2025b
-- Benjamin Drung <bdrung@ubuntu.com> Tue, 22 Apr 2025 12:11:08 +0200