{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "apparmor", "ca-certificates", "cloud-init", "libapparmor1", "libexpat1", "python3-configobj", "ubuntu-advantage-tools", "ubuntu-pro-client", "ubuntu-pro-client-l10n" ] } }, "diff": { "deb": [ { "name": "apparmor", "from_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.3build2", "version": "3.0.4-2ubuntu2.3build2" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.4", "version": "3.0.4-2ubuntu2.4" }, "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "launchpad_bugs_fixed": [ 1597017 ], "changes": [ { "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Excessive permissions with mount rules (LP: #1597017)", " - d/p/CVE-2016-1585/Merge-Fix-mount-rules-encoding.patch: fix mount", " rules encoding in parser/mount.cc, parser/mount.h, parser/parser.h", " and fix multiple test cases in parser/tst/simple_tests/mount/*.", " - d/p/CVE-2016-1585/Support-rule-qualifiers-in-regression-tests.patch:", " update rule qualifiers in regression tests in", " tests/regression/apparmor/mkprofile.pl and", " tests/regression/apparmor/capabilities.sh.", " - d/p/CVE-2016-1585/Merge-expand-mount-tests.patch: expand mount", " regression tests in tests/regression/apparmor/mount.c,", " tests/regression/apparmor/mount.sh and", " tests/regression/apparmor/mkprofile.pl.", " - d/p/CVE-2016-1585/Check-for-newer-mount-options-in-regression-test.patch:", " add check for newer mount options in regression tests in", " tests/regression/apparmor/Makefile, tests/regression/apparmor/mount.c", " and tests/regression/apparmor/mount.sh.", " - d/p/CVE-2016-1585/Merge-Issue-312-added-missing-kernel-mount-options.patch:", " add missing kernel mount options flag in parser/apparmor.d.pod,", " parser/mount.cc, parser/mount.h, tests/regression/apparmor/mount.sh", " and parser/tst/simple_tests/mount/*.", " - d/p/CVE-2016-1585/Merge-extend-test-profiles-for-mount.patch: update", " test profiles in parser/tst/simple_tests/mount/*.", " - d/p/CVE-2016-1585/Merge-parser-fix-parsing-of-source-as-mount-point-fo.patch:", " update gen_policy_change_mount_type() in parser/mount.cc and also", " updated tests on parser/tst/simple_tests/mount/* and", " tests/regression/apparmor/mount.sh.", " - d/p/CVE-2016-1585/parser-Deprecation-warning-should-not-have-been-back.patch:", " remove deprecation warning message in parser/mount.cc.", " - d/p/CVE-2016-1585/parser-fix-rule-flag-generation-change_mount-type-ru.patch:", " add device checks in gen_flag_rules() in parser/mount.cc and tests", " in parser/tst/simple_tests/mount/*, parser/tst/equality.sh,", " tests/regression/apparmor/mount.sh and", " utils/test/test-parser-simple-tests.py.", " - CVE-2016-1585", "" ], "package": "apparmor", "version": "3.0.4-2ubuntu2.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 1597017 ], "author": "Rodrigo Figueiredo Zaiden ", "date": "Tue, 06 Mar 2024 15:35:00 -0300" } ], "notes": null }, { "name": "ca-certificates", "from_version": { "source_package_name": "ca-certificates", "source_package_version": "20230311ubuntu0.22.04.1", "version": "20230311ubuntu0.22.04.1" }, "to_version": { "source_package_name": "ca-certificates", "source_package_version": "20240203~22.04.1", "version": "20240203~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2081875 ], "changes": [ { "cves": [], "log": [ "", " * Update ca-certificates database to 20240203 (LP: #2081875)", " - Update Mozilla certificate authority bundle to version 2.64", " The following certificate authorities were added (+):", " + Atos TrustedRoot Root CA ECC TLS 2021", " + Atos TrustedRoot Root CA RSA TLS 2021", " + BJCA Global Root CA1", " + BJCA Global Root CA2", " + CommScope Public Trust ECC Root-01", " + CommScope Public Trust ECC Root-02", " + CommScope Public Trust RSA Root-01", " + CommScope Public Trust RSA Root-02", " + Sectigo Public Server Authentication Root E46", " + Sectigo Public Server Authentication Root R46", " + SSL.com TLS ECC Root CA 2022", " + SSL.com TLS RSA Root CA 2022", " + TrustAsia Global Root CA G3", " + TrustAsia Global Root CA G4", " The following certificate authorities were removed (-):", " - Autoridad de Certificacion Firmaprofesional CIF A62634068", " - E-Tugra Certification Authority", " - E-Tugra Global Root CA ECC v3", " - E-Tugra Global Root CA RSA v3", " - Hongkong Post Root CA 1", " - TrustCor ECA-1", " - TrustCor RootCert CA-1", " - TrustCor RootCert CA-2", "" ], "package": "ca-certificates", "version": "20240203~22.04.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2081875 ], "author": "Marc Deslauriers ", "date": "Tue, 24 Sep 2024 13:46:09 -0400" } ], "notes": null }, { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "24.2-0ubuntu1~22.04.1", "version": "24.2-0ubuntu1~22.04.1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "24.3.1-0ubuntu0~22.04.1", "version": "24.3.1-0ubuntu0~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2079224 ], "changes": [ { "cves": [], "log": [ "", " * d/p/no-single-process.patch: Remove single process optimization", " * d/p/no-nocloud-network.patch: Remove nocloud network feature", " * refresh patches:", " - d/p/cli-retain-file-argument-as-main-cmd-arg.patch", " - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch", " * Upstream snapshot based on 24.3.1. (LP: #2079224).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/24.3.1/ChangeLog", "" ], "package": "cloud-init", "version": "24.3.1-0ubuntu0~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2079224 ], "author": "Chad Smith ", "date": "Fri, 06 Sep 2024 10:00:51 -0600" } ], "notes": null }, { "name": "libapparmor1", "from_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.3build2", "version": "3.0.4-2ubuntu2.3build2" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "3.0.4-2ubuntu2.4", "version": "3.0.4-2ubuntu2.4" }, "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "launchpad_bugs_fixed": [ 1597017 ], "changes": [ { "cves": [ { "cve": "CVE-2016-1585", "url": "https://ubuntu.com/security/CVE-2016-1585", "cve_description": "In all versions of AppArmor mount rules are accidentally widened when compiled.", "cve_priority": "medium", "cve_public_date": "2019-04-22 16:29:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Excessive permissions with mount rules (LP: #1597017)", " - d/p/CVE-2016-1585/Merge-Fix-mount-rules-encoding.patch: fix mount", " rules encoding in parser/mount.cc, parser/mount.h, parser/parser.h", " and fix multiple test cases in parser/tst/simple_tests/mount/*.", " - d/p/CVE-2016-1585/Support-rule-qualifiers-in-regression-tests.patch:", " update rule qualifiers in regression tests in", " tests/regression/apparmor/mkprofile.pl and", " tests/regression/apparmor/capabilities.sh.", " - d/p/CVE-2016-1585/Merge-expand-mount-tests.patch: expand mount", " regression tests in tests/regression/apparmor/mount.c,", " tests/regression/apparmor/mount.sh and", " tests/regression/apparmor/mkprofile.pl.", " - d/p/CVE-2016-1585/Check-for-newer-mount-options-in-regression-test.patch:", " add check for newer mount options in regression tests in", " tests/regression/apparmor/Makefile, tests/regression/apparmor/mount.c", " and tests/regression/apparmor/mount.sh.", " - d/p/CVE-2016-1585/Merge-Issue-312-added-missing-kernel-mount-options.patch:", " add missing kernel mount options flag in parser/apparmor.d.pod,", " parser/mount.cc, parser/mount.h, tests/regression/apparmor/mount.sh", " and parser/tst/simple_tests/mount/*.", " - d/p/CVE-2016-1585/Merge-extend-test-profiles-for-mount.patch: update", " test profiles in parser/tst/simple_tests/mount/*.", " - d/p/CVE-2016-1585/Merge-parser-fix-parsing-of-source-as-mount-point-fo.patch:", " update gen_policy_change_mount_type() in parser/mount.cc and also", " updated tests on parser/tst/simple_tests/mount/* and", " tests/regression/apparmor/mount.sh.", " - d/p/CVE-2016-1585/parser-Deprecation-warning-should-not-have-been-back.patch:", " remove deprecation warning message in parser/mount.cc.", " - d/p/CVE-2016-1585/parser-fix-rule-flag-generation-change_mount-type-ru.patch:", " add device checks in gen_flag_rules() in parser/mount.cc and tests", " in parser/tst/simple_tests/mount/*, parser/tst/equality.sh,", " tests/regression/apparmor/mount.sh and", " utils/test/test-parser-simple-tests.py.", " - CVE-2016-1585", "" ], "package": "apparmor", "version": "3.0.4-2ubuntu2.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 1597017 ], "author": "Rodrigo Figueiredo Zaiden ", "date": "Tue, 06 Mar 2024 15:35:00 -0300" } ], "notes": null }, { "name": "libexpat1", "from_version": { "source_package_name": "expat", "source_package_version": "2.4.7-1ubuntu0.3", "version": "2.4.7-1ubuntu0.3" }, "to_version": { "source_package_name": "expat", "source_package_version": "2.4.7-1ubuntu0.4", "version": "2.4.7-1ubuntu0.4" }, "cves": [ { "cve": "CVE-2024-45490", "url": "https://ubuntu.com/security/CVE-2024-45490", "cve_description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" }, { "cve": "CVE-2024-45491", "url": "https://ubuntu.com/security/CVE-2024-45491", "cve_description": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" }, { "cve": "CVE-2024-45492", "url": "https://ubuntu.com/security/CVE-2024-45492", "cve_description": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-45490", "url": "https://ubuntu.com/security/CVE-2024-45490", "cve_description": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" }, { "cve": "CVE-2024-45491", "url": "https://ubuntu.com/security/CVE-2024-45491", "cve_description": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" }, { "cve": "CVE-2024-45492", "url": "https://ubuntu.com/security/CVE-2024-45492", "cve_description": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).", "cve_priority": "medium", "cve_public_date": "2024-08-30 03:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: invalid input length", " - CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of", " expat/lib/xmlparse.c to identify and error out if a negative length is", " provided.", " - CVE-2024-45490", " * SECURITY UPDATE: integer overflow", " - CVE-2024-45491.patch: adds a check to the dtdCopy function of", " expat/lib/xmlparse.c to detect and prevent an integer overflow.", " - CVE-2024-45491", " * SECURITY UPDATE: integer overflow", " - CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of", " expat/lib/xmlparse.c to detect and prevent an integer overflow.", " - CVE-2024-45492", "" ], "package": "expat", "version": "2.4.7-1ubuntu0.4", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Ian Constantin ", "date": "Tue, 10 Sep 2024 13:17:45 +0300" } ], "notes": null }, { "name": "python3-configobj", "from_version": { "source_package_name": "configobj", "source_package_version": "5.0.6-5", "version": "5.0.6-5" }, "to_version": { "source_package_name": "configobj", "source_package_version": "5.0.6-5ubuntu0.1", "version": "5.0.6-5ubuntu0.1" }, "cves": [ { "cve": "CVE-2023-26112", "url": "https://ubuntu.com/security/CVE-2023-26112", "cve_description": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", "cve_priority": "low", "cve_public_date": "2023-04-03 05:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2023-26112", "url": "https://ubuntu.com/security/CVE-2023-26112", "cve_description": "All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\\((.*)\\). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.", "cve_priority": "low", "cve_public_date": "2023-04-03 05:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: ReDoS", " - debian/patches/CVE-2023-26112.patch: updates regex that can cause", " catastrophic backtracking when a match fails in validate.py and adds a", " test in tests/test_validate_errors.py.", " - CVE-2023-26112", "" ], "package": "configobj", "version": "5.0.6-5ubuntu0.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Ian Constantin ", "date": "Fri, 20 Sep 2024 14:44:09 +0300" } ], "notes": null }, { "name": "ubuntu-advantage-tools", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "33.2~22.04", "version": "33.2~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "34~22.04", "version": "34~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2075543, 2075543, 2074211, 2055239, 2078737 ], "changes": [ { "cves": [], "log": [ "", " * Backport 34 to jammy (LP: #2075543)", "" ], "package": "ubuntu-advantage-tools", "version": "34~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2075543 ], "author": "Grant Orndorff ", "date": "Fri, 06 Sep 2024 19:58:22 -0400" }, { "cves": [], "log": [ "", " * d/rules: check that version.py is consistent with changelog (GH: #3154)", " * New upstream release 34: (LP: #2075543)", " - apt-hook: redirect errors away from users (LP: #2074211, LP: #2055239)", " - detach: ensure apt bearer tokens are always cleaned up", " - fips-preview: add warnings and prompts similar to fips and fips-updates", " - fips and realtime-kernel: add warning when the new kernel may have", " different hardware support than the current kernel based on the flavor", " (GH: #3115)", " - fix: use more reliable api query param when looking up CVE fixes", " - help:", " + change help output for base pro command", " + remove service descriptions from output (GH: #3126)", " + show help content when run without a subcommand", " - timer: recover from corrupted job status file (LP: #2078737)", " - update manpage", "" ], "package": "ubuntu-advantage-tools", "version": "34", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2075543, 2074211, 2055239, 2078737 ], "author": "Grant Orndorff ", "date": "Mon, 29 Jul 2024 15:48:22 -0500" } ], "notes": null }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "33.2~22.04", "version": "33.2~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "34~22.04", "version": "34~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2075543, 2075543, 2074211, 2055239, 2078737 ], "changes": [ { "cves": [], "log": [ "", " * Backport 34 to jammy (LP: #2075543)", "" ], "package": "ubuntu-advantage-tools", "version": "34~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2075543 ], "author": "Grant Orndorff ", "date": "Fri, 06 Sep 2024 19:58:22 -0400" }, { "cves": [], "log": [ "", " * d/rules: check that version.py is consistent with changelog (GH: #3154)", " * New upstream release 34: (LP: #2075543)", " - apt-hook: redirect errors away from users (LP: #2074211, LP: #2055239)", " - detach: ensure apt bearer tokens are always cleaned up", " - fips-preview: add warnings and prompts similar to fips and fips-updates", " - fips and realtime-kernel: add warning when the new kernel may have", " different hardware support than the current kernel based on the flavor", " (GH: #3115)", " - fix: use more reliable api query param when looking up CVE fixes", " - help:", " + change help output for base pro command", " + remove service descriptions from output (GH: #3126)", " + show help content when run without a subcommand", " - timer: recover from corrupted job status file (LP: #2078737)", " - update manpage", "" ], "package": "ubuntu-advantage-tools", "version": "34", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2075543, 2074211, 2055239, 2078737 ], "author": "Grant Orndorff ", "date": "Mon, 29 Jul 2024 15:48:22 -0500" } ], "notes": null }, { "name": "ubuntu-pro-client-l10n", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "33.2~22.04", "version": "33.2~22.04" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "34~22.04", "version": "34~22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2075543, 2075543, 2074211, 2055239, 2078737 ], "changes": [ { "cves": [], "log": [ "", " * Backport 34 to jammy (LP: #2075543)", "" ], "package": "ubuntu-advantage-tools", "version": "34~22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2075543 ], "author": "Grant Orndorff ", "date": "Fri, 06 Sep 2024 19:58:22 -0400" }, { "cves": [], "log": [ "", " * d/rules: check that version.py is consistent with changelog (GH: #3154)", " * New upstream release 34: (LP: #2075543)", " - apt-hook: redirect errors away from users (LP: #2074211, LP: #2055239)", " - detach: ensure apt bearer tokens are always cleaned up", " - fips-preview: add warnings and prompts similar to fips and fips-updates", " - fips and realtime-kernel: add warning when the new kernel may have", " different hardware support than the current kernel based on the flavor", " (GH: #3115)", " - fix: use more reliable api query param when looking up CVE fixes", " - help:", " + change help output for base pro command", " + remove service descriptions from output (GH: #3126)", " + show help content when run without a subcommand", " - timer: recover from corrupted job status file (LP: #2078737)", " - update manpage", "" ], "package": "ubuntu-advantage-tools", "version": "34", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2075543, 2074211, 2055239, 2078737 ], "author": "Grant Orndorff ", "date": "Mon, 29 Jul 2024 15:48:22 -0500" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20240916.1 to 20240926", "from_series": "jammy", "to_series": "jammy", "from_serial": "20240916.1", "to_serial": "20240926", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }