{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "apport", "cloud-init", "libnss-systemd", "libpam-systemd", "libsystemd0", "libudev1", "python3-apport", "python3-problem-report", "python3-update-manager", "systemd", "systemd-sysv", "systemd-timesyncd", "udev", "update-manager-core" ] } }, "diff": { "deb": [ { "name": "apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu82.7", "version": "2.20.11-0ubuntu82.7" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu82.8", "version": "2.20.11-0ubuntu82.8" }, "cves": [], "launchpad_bugs_fixed": [ 2112272 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: apport not generating core dumps inside containers", " (LP: #2112272)", " - data/apport: Check the exe mtime within the proc root mount.", "" ], "package": "apport", "version": "2.20.11-0ubuntu82.8", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2112272 ], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 15:56:45 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "24.4.1-0ubuntu0~22.04.2", "version": "24.4.1-0ubuntu0~22.04.2" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "25.1.2-0ubuntu0~22.04.2", "version": "25.1.2-0ubuntu0~22.04.2" }, "cves": [], "launchpad_bugs_fixed": [ 2113797, 2104165 ], "changes": [ { "cves": [], "log": [ "", " * New bugfix release. (LP: #2113797)", " - Revert relocation of systemd units and service files from /usr/lib", " back to /lib so debhelper correctly enables cloud-init services in", " postinst", "" ], "package": "cloud-init", "version": "25.1.2-0ubuntu0~22.04.2", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2113797 ], "author": "Chad Smith ", "date": "Mon, 09 Jun 2025 17:00:37 -0600" }, { "cves": [], "log": [ "", " * Upstream snapshot based on 25.1.2. (LP: #2104165).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/25.1.2/ChangeLog", "" ], "package": "cloud-init", "version": "25.1.2-0ubuntu0~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2104165 ], "author": "James Falcon ", "date": "Fri, 02 May 2025 12:47:51 -0500" }, { "cves": [], "log": [ "", " * Drop cpicks which are now upstream:", " - d/p/cpick-d75840be-fix-retry-AWS-hotplug-for-async-IMDS-5995", " - d/p/cpick-84806336-chore-Add-feature-flag-for-manual-network-waiting", " - d/p/cpick-c60771d8-test-pytestify-test_url_helper.py", " - d/p/cpick-8810a2dc-test-Remove-CiTestCase-from-test_url_helper.py", " - d/p/cpick-582f16c1-test-add-OauthUrlHelper-tests", " - d/p/cpick-9311e066-fix-Update-OauthUrlHelper-to-use-readurl-exception_cb", " * refresh patches", " - d/p/deprecation-version-boundary.patch", " - d/p/no-single-process.patch", " - d/p/retain-ec2-default-net-update-events.patch", " - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch", " * sort hunks within all patches (--sort on quilt refresh)", " * d/cloud-init.templates:", " - Move VMware before OVF. See GH-4030", " - Enable CloudCIX by default", " * Upstream snapshot based on 25.1.1.", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/25.1.1/ChangeLog", "" ], "package": "cloud-init", "version": "25.1.1-0ubuntu1~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Chad Smith ", "date": "Tue, 25 Mar 2025 10:33:28 -0600" } ], "notes": null, "is_version_downgrade": false }, { "name": "libnss-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.15", "version": "249.11-0ubuntu3.15" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "249.11-0ubuntu3.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 11:17:43 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpam-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.15", "version": "249.11-0ubuntu3.15" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "249.11-0ubuntu3.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 11:17:43 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd0", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.15", "version": "249.11-0ubuntu3.15" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "249.11-0ubuntu3.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 11:17:43 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libudev1", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.15", "version": "249.11-0ubuntu3.15" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "249.11-0ubuntu3.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 11:17:43 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu82.7", "version": "2.20.11-0ubuntu82.7" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu82.8", "version": "2.20.11-0ubuntu82.8" }, "cves": [], "launchpad_bugs_fixed": [ 2112272 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: apport not generating core dumps inside containers", " (LP: #2112272)", " - data/apport: Check the exe mtime within the proc root mount.", "" ], "package": "apport", "version": "2.20.11-0ubuntu82.8", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2112272 ], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 15:56:45 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-problem-report", "from_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu82.7", "version": "2.20.11-0ubuntu82.7" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu82.8", "version": "2.20.11-0ubuntu82.8" }, "cves": [], "launchpad_bugs_fixed": [ 2112272 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: apport not generating core dumps inside containers", " (LP: #2112272)", " - data/apport: Check the exe mtime within the proc root mount.", "" ], "package": "apport", "version": "2.20.11-0ubuntu82.8", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2112272 ], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 15:56:45 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-update-manager", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.21", "version": "1:22.04.21" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.22", "version": "1:22.04.22" }, "cves": [], "launchpad_bugs_fixed": [ 2064211, 2068805 ], "changes": [ { "cves": [], "log": [ "", " * Print warning message on failing to run updates end-point (LP: #2064211).", " * When all packages are unselected, install button goes away; Fix it not", " coming back after once a package is selected again (LP: #2068805).", " * Switch to Debian source 3.0 (native)", "" ], "package": "update-manager", "version": "1:22.04.22", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2064211, 2068805 ], "author": "Nathan Pratta Teodosio ", "date": "Thu, 11 Jul 2024 11:48:43 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.15", "version": "249.11-0ubuntu3.15" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "249.11-0ubuntu3.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 11:17:43 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-sysv", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.15", "version": "249.11-0ubuntu3.15" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "249.11-0ubuntu3.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 11:17:43 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-timesyncd", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.15", "version": "249.11-0ubuntu3.15" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "249.11-0ubuntu3.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 11:17:43 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "udev", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.15", "version": "249.11-0ubuntu3.15" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus", " assertion.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "249.11-0ubuntu3.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 11:17:43 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "update-manager-core", "from_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.21", "version": "1:22.04.21" }, "to_version": { "source_package_name": "update-manager", "source_package_version": "1:22.04.22", "version": "1:22.04.22" }, "cves": [], "launchpad_bugs_fixed": [ 2064211, 2068805 ], "changes": [ { "cves": [], "log": [ "", " * Print warning message on failing to run updates end-point (LP: #2064211).", " * When all packages are unselected, install button goes away; Fix it not", " coming back after once a package is selected again (LP: #2068805).", " * Switch to Debian source 3.0 (native)", "" ], "package": "update-manager", "version": "1:22.04.22", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2064211, 2068805 ], "author": "Nathan Pratta Teodosio ", "date": "Thu, 11 Jul 2024 11:48:43 +0200" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20250602 to 20250615", "from_series": "jammy", "to_series": "jammy", "from_serial": "20250602", "to_serial": "20250615", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }