{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-5.15.0-1073-kvm", "linux-image-5.15.0-1073-kvm", "linux-kvm-headers-5.15.0-1073", "linux-modules-5.15.0-1073-kvm" ], "removed": [ "linux-headers-5.15.0-1072-kvm", "linux-image-5.15.0-1072-kvm", "linux-kvm-headers-5.15.0-1072", "linux-modules-5.15.0-1072-kvm" ], "diff": [ "libpam-modules", "libpam-modules-bin", "libpam-runtime", "libpam0g", "libpython3.10-minimal", "libpython3.10-stdlib", "linux-headers-kvm", "linux-image-kvm", "linux-kvm", "python3.10", "python3.10-minimal", "xfsprogs", "xxd" ] } }, "diff": { "deb": [ { "name": "libpam-modules", "from_version": { "source_package_name": "pam", "source_package_version": "1.4.0-11ubuntu2.4", "version": "1.4.0-11ubuntu2.4" }, "to_version": { "source_package_name": "pam", "source_package_version": "1.4.0-11ubuntu2.5", "version": "1.4.0-11ubuntu2.5" }, "cves": [], "launchpad_bugs_fixed": [ 1957024 ], "changes": [ { "cves": [], "log": [ "", " * Honor private home directory permissions (LP: #1957024)", "" ], "package": "pam", "version": "1.4.0-11ubuntu2.5", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1957024 ], "author": "Ponnuvel Palaniyappan ", "date": "Sun, 17 Nov 2024 10:17:22 +0000" } ], "notes": null }, { "name": "libpam-modules-bin", "from_version": { "source_package_name": "pam", "source_package_version": "1.4.0-11ubuntu2.4", "version": "1.4.0-11ubuntu2.4" }, "to_version": { "source_package_name": "pam", "source_package_version": "1.4.0-11ubuntu2.5", "version": "1.4.0-11ubuntu2.5" }, "cves": [], "launchpad_bugs_fixed": [ 1957024 ], "changes": [ { "cves": [], "log": [ "", " * Honor private home directory permissions (LP: #1957024)", "" ], "package": "pam", "version": "1.4.0-11ubuntu2.5", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1957024 ], "author": "Ponnuvel Palaniyappan ", "date": "Sun, 17 Nov 2024 10:17:22 +0000" } ], "notes": null }, { "name": "libpam-runtime", "from_version": { "source_package_name": "pam", "source_package_version": "1.4.0-11ubuntu2.4", "version": "1.4.0-11ubuntu2.4" }, "to_version": { "source_package_name": "pam", "source_package_version": "1.4.0-11ubuntu2.5", "version": "1.4.0-11ubuntu2.5" }, "cves": [], "launchpad_bugs_fixed": [ 1957024 ], "changes": [ { "cves": [], "log": [ "", " * Honor private home directory permissions (LP: #1957024)", "" ], "package": "pam", "version": "1.4.0-11ubuntu2.5", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1957024 ], "author": "Ponnuvel Palaniyappan ", "date": "Sun, 17 Nov 2024 10:17:22 +0000" } ], "notes": null }, { "name": "libpam0g", "from_version": { "source_package_name": "pam", "source_package_version": "1.4.0-11ubuntu2.4", "version": "1.4.0-11ubuntu2.4" }, "to_version": { "source_package_name": "pam", "source_package_version": "1.4.0-11ubuntu2.5", "version": "1.4.0-11ubuntu2.5" }, "cves": [], "launchpad_bugs_fixed": [ 1957024 ], "changes": [ { "cves": [], "log": [ "", " * Honor private home directory permissions (LP: #1957024)", "" ], "package": "pam", "version": "1.4.0-11ubuntu2.5", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1957024 ], "author": "Ponnuvel Palaniyappan ", "date": "Sun, 17 Nov 2024 10:17:22 +0000" } ], "notes": null }, { "name": "libpython3.10-minimal", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.7", "version": "3.10.12-1~22.04.7" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.8", "version": "3.10.12-1~22.04.8" }, "cves": [ { "cve": "CVE-2024-11168", "url": "https://ubuntu.com/security/CVE-2024-11168", "cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.", "cve_priority": "medium", "cve_public_date": "2024-11-12 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11168", "url": "https://ubuntu.com/security/CVE-2024-11168", "cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.", "cve_priority": "medium", "cve_public_date": "2024-11-12 22:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect validation of bracketed hosts", " - debian/patches/CVE-2024-11168.patch: add checks to ensure that", " bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in", " Lib/urllib/parse.py, Lib/test/test_urlparse.py.", " - CVE-2024-11168", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.8", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 17 Jan 2025 09:35:34 -0500" } ], "notes": null }, { "name": "libpython3.10-stdlib", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.7", "version": "3.10.12-1~22.04.7" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.8", "version": "3.10.12-1~22.04.8" }, "cves": [ { "cve": "CVE-2024-11168", "url": "https://ubuntu.com/security/CVE-2024-11168", "cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.", "cve_priority": "medium", "cve_public_date": "2024-11-12 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11168", "url": "https://ubuntu.com/security/CVE-2024-11168", "cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.", "cve_priority": "medium", "cve_public_date": "2024-11-12 22:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect validation of bracketed hosts", " - debian/patches/CVE-2024-11168.patch: add checks to ensure that", " bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in", " Lib/urllib/parse.py, Lib/test/test_urlparse.py.", " - CVE-2024-11168", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.8", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 17 Jan 2025 09:35:34 -0500" } ], "notes": null }, { "name": "linux-headers-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1072.68", "version": "5.15.0.1072.68" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1073.69", "version": "5.15.0.1073.69" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1073", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1073.69", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:31:49 +0900" } ], "notes": null }, { "name": "linux-image-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1072.68", "version": "5.15.0.1072.68" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1073.69", "version": "5.15.0.1073.69" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1073", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1073.69", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:31:49 +0900" } ], "notes": null }, { "name": "linux-kvm", "from_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1072.68", "version": "5.15.0.1072.68" }, "to_version": { "source_package_name": "linux-meta-kvm", "source_package_version": "5.15.0.1073.69", "version": "5.15.0.1073.69" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-1073", "" ], "package": "linux-meta-kvm", "version": "5.15.0.1073.69", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:31:49 +0900" } ], "notes": null }, { "name": "python3.10", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.7", "version": "3.10.12-1~22.04.7" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.8", "version": "3.10.12-1~22.04.8" }, "cves": [ { "cve": "CVE-2024-11168", "url": "https://ubuntu.com/security/CVE-2024-11168", "cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.", "cve_priority": "medium", "cve_public_date": "2024-11-12 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11168", "url": "https://ubuntu.com/security/CVE-2024-11168", "cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.", "cve_priority": "medium", "cve_public_date": "2024-11-12 22:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect validation of bracketed hosts", " - debian/patches/CVE-2024-11168.patch: add checks to ensure that", " bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in", " Lib/urllib/parse.py, Lib/test/test_urlparse.py.", " - CVE-2024-11168", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.8", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 17 Jan 2025 09:35:34 -0500" } ], "notes": null }, { "name": "python3.10-minimal", "from_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.7", "version": "3.10.12-1~22.04.7" }, "to_version": { "source_package_name": "python3.10", "source_package_version": "3.10.12-1~22.04.8", "version": "3.10.12-1~22.04.8" }, "cves": [ { "cve": "CVE-2024-11168", "url": "https://ubuntu.com/security/CVE-2024-11168", "cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.", "cve_priority": "medium", "cve_public_date": "2024-11-12 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11168", "url": "https://ubuntu.com/security/CVE-2024-11168", "cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.", "cve_priority": "medium", "cve_public_date": "2024-11-12 22:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: incorrect validation of bracketed hosts", " - debian/patches/CVE-2024-11168.patch: add checks to ensure that", " bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in", " Lib/urllib/parse.py, Lib/test/test_urlparse.py.", " - CVE-2024-11168", "" ], "package": "python3.10", "version": "3.10.12-1~22.04.8", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 17 Jan 2025 09:35:34 -0500" } ], "notes": null }, { "name": "xfsprogs", "from_version": { "source_package_name": "xfsprogs", "source_package_version": "5.13.0-1ubuntu2", "version": "5.13.0-1ubuntu2" }, "to_version": { "source_package_name": "xfsprogs", "source_package_version": "5.13.0-1ubuntu2.1", "version": "5.13.0-1ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2081163 ], "changes": [ { "cves": [], "log": [ "", " * Backport from upstream:", " - fix fsck.xfs run by different shells when fsck.mode=force is set", " (LP: #2081163).", "" ], "package": "xfsprogs", "version": "5.13.0-1ubuntu2.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2081163 ], "author": "Gerald Yang ", "date": "Thu, 17 Oct 2024 06:49:09 +0000" } ], "notes": null }, { "name": "xxd", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.21", "version": "2:8.2.3995-1ubuntu2.21" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.22", "version": "2:8.2.3995-1ubuntu2.22" }, "cves": [ { "cve": "CVE-2025-22134", "url": "https://ubuntu.com/security/CVE-2025-22134", "cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003", "cve_priority": "medium", "cve_public_date": "2025-01-13 21:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-22134", "url": "https://ubuntu.com/security/CVE-2025-22134", "cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003", "cve_priority": "medium", "cve_public_date": "2025-01-13 21:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Heap-buffer-overflow when switching buffers.", " - debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to", " src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.", " - CVE-2025-22134", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.22", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Fri, 17 Jan 2025 12:55:02 -0330" } ], "notes": null } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-5.15.0-1073-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1073.78", "version": "5.15.0-1073.78" }, "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2093559, 2093573 ], "changes": [ { "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1073.78 -proposed tracker (LP: #2093559)", "", " [ Ubuntu: 5.15.0-131.141 ]", "", " * jammy/linux: 5.15.0-131.141 -proposed tracker (LP: #2093573)", " * CVE-2024-53164", " - net: sched: fix ordering of qlen adjustment", " * CVE-2024-53141", " - netfilter: ipset: add missing range check in bitmap_ip_uadt", " * CVE-2024-53103", " - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer", "" ], "package": "linux-kvm", "version": "5.15.0-1073.78", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2093559, 2093573 ], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:21:22 +0900" } ], "notes": "linux-headers-5.15.0-1073-kvm version '5.15.0-1073.78' (source package linux-kvm version '5.15.0-1073.78') was added. linux-headers-5.15.0-1073-kvm version '5.15.0-1073.78' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1072-kvm. As such we can use the source package version of the removed package, '5.15.0-1072.77', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-image-5.15.0-1073-kvm", "from_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1072.77", "version": null }, "to_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1073.78", "version": "5.15.0-1073.78" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 5.15.0-1073.78", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed-kvm", "version": "5.15.0-1073.78", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 1786013 ], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:32:11 +0900" } ], "notes": "linux-image-5.15.0-1073-kvm version '5.15.0-1073.78' (source package linux-signed-kvm version '5.15.0-1073.78') was added. linux-image-5.15.0-1073-kvm version '5.15.0-1073.78' has the same source package name, linux-signed-kvm, as removed package linux-image-5.15.0-1072-kvm. As such we can use the source package version of the removed package, '5.15.0-1072.77', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-kvm-headers-5.15.0-1073", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1073.78", "version": "5.15.0-1073.78" }, "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2093559, 2093573 ], "changes": [ { "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1073.78 -proposed tracker (LP: #2093559)", "", " [ Ubuntu: 5.15.0-131.141 ]", "", " * jammy/linux: 5.15.0-131.141 -proposed tracker (LP: #2093573)", " * CVE-2024-53164", " - net: sched: fix ordering of qlen adjustment", " * CVE-2024-53141", " - netfilter: ipset: add missing range check in bitmap_ip_uadt", " * CVE-2024-53103", " - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer", "" ], "package": "linux-kvm", "version": "5.15.0-1073.78", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2093559, 2093573 ], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:21:22 +0900" } ], "notes": "linux-kvm-headers-5.15.0-1073 version '5.15.0-1073.78' (source package linux-kvm version '5.15.0-1073.78') was added. linux-kvm-headers-5.15.0-1073 version '5.15.0-1073.78' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1072-kvm. As such we can use the source package version of the removed package, '5.15.0-1072.77', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-modules-5.15.0-1073-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": null }, "to_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1073.78", "version": "5.15.0-1073.78" }, "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2093559, 2093573 ], "changes": [ { "cves": [ { "cve": "CVE-2024-53164", "url": "https://ubuntu.com/security/CVE-2024-53164", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.", "cve_priority": "medium", "cve_public_date": "2024-12-27 14:15:00 UTC" }, { "cve": "CVE-2024-53141", "url": "https://ubuntu.com/security/CVE-2024-53141", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.", "cve_priority": "medium", "cve_public_date": "2024-12-06 10:15:00 UTC" }, { "cve": "CVE-2024-53103", "url": "https://ubuntu.com/security/CVE-2024-53103", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-12-02 08:15:00 UTC" } ], "log": [ "", " * jammy/linux-kvm: 5.15.0-1073.78 -proposed tracker (LP: #2093559)", "", " [ Ubuntu: 5.15.0-131.141 ]", "", " * jammy/linux: 5.15.0-131.141 -proposed tracker (LP: #2093573)", " * CVE-2024-53164", " - net: sched: fix ordering of qlen adjustment", " * CVE-2024-53141", " - netfilter: ipset: add missing range check in bitmap_ip_uadt", " * CVE-2024-53103", " - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer", "" ], "package": "linux-kvm", "version": "5.15.0-1073.78", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2093559, 2093573 ], "author": "Koichiro Den ", "date": "Thu, 16 Jan 2025 12:21:22 +0900" } ], "notes": "linux-modules-5.15.0-1073-kvm version '5.15.0-1073.78' (source package linux-kvm version '5.15.0-1073.78') was added. linux-modules-5.15.0-1073-kvm version '5.15.0-1073.78' has the same source package name, linux-kvm, as removed package linux-headers-5.15.0-1072-kvm. As such we can use the source package version of the removed package, '5.15.0-1072.77', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-5.15.0-1072-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": "5.15.0-1072.77" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-image-5.15.0-1072-kvm", "from_version": { "source_package_name": "linux-signed-kvm", "source_package_version": "5.15.0-1072.77", "version": "5.15.0-1072.77" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-kvm-headers-5.15.0-1072", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": "5.15.0-1072.77" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-modules-5.15.0-1072-kvm", "from_version": { "source_package_name": "linux-kvm", "source_package_version": "5.15.0-1072.77", "version": "5.15.0-1072.77" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20250106 to 20250128", "from_series": "jammy", "to_series": "jammy", "from_serial": "20250106", "to_serial": "20250128", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }