{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "grub-common", "grub-efi-amd64-bin", "grub-efi-amd64-signed", "grub-pc", "grub-pc-bin", "grub2-common", "libnetplan0", "netplan-generator", "netplan.io", "openssh-client", "openssh-server", "openssh-sftp-server", "python3-netplan", "tzdata", "ubuntu-advantage-tools", "ubuntu-pro-client" ] } }, "diff": { "deb": [ { "name": "grub-common", "from_version": { "source_package_name": "grub2", "source_package_version": "2.12~rc1-10ubuntu4", "version": "2.12~rc1-10ubuntu4" }, "to_version": { "source_package_name": "grub2", "source_package_version": "2.12~rc1-10ubuntu4.2", "version": "2.12~rc1-10ubuntu4.2" }, "cves": [ { "cve": "CVE-2024-2312", "url": "https://ubuntu.com/security/CVE-2024-2312", "cve_description": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.", "cve_priority": "medium", "cve_public_date": "2024-04-05 20:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2057679, 2054127, 2054127, 2039172, 2043101 ], "changes": [ { "cves": [ { "cve": "CVE-2024-2312", "url": "https://ubuntu.com/security/CVE-2024-2312", "cve_description": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.", "cve_priority": "medium", "cve_public_date": "2024-04-05 20:15:00 UTC" } ], "log": [ "", " * Revert \"efi: Eliminate globals from the `peimage.c` chainloader\"", " (LP: #2057679) (LP: #2054127)", " * Increase SBAT level to \"grub.ubuntu,2\" and \"grub.peimage,2\"", " * SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]", " - CVE-2024-2312", "" ], "package": "grub2", "version": "2.12~rc1-10ubuntu4.2", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2057679, 2054127, 2054127 ], "author": "Mate Kukri ", "date": "Thu, 21 Mar 2024 09:16:17 +0000" }, { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Cherry-pick upstream XFS directory extent parsing fixes (Closes: #1051543)", " (LP: #2039172)", " * UBUNTU: Drop luks2 (LP: #2043101)", "" ], "package": "grub2", "version": "2.12~rc1-10ubuntu4.1", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2039172, 2043101 ], "author": "Mate Kukri ", "date": "Thu, 09 Nov 2023 15:04:44 +0200" } ], "notes": null }, { "name": "grub-efi-amd64-bin", "from_version": { "source_package_name": "grub2-unsigned", "source_package_version": "2.12~rc1-10ubuntu4", "version": "2.12~rc1-10ubuntu4" }, "to_version": { "source_package_name": "grub2-unsigned", "source_package_version": "2.12~rc1-10ubuntu4.2", "version": "2.12~rc1-10ubuntu4.2" }, "cves": [ { "cve": "CVE-2024-2312", "url": "https://ubuntu.com/security/CVE-2024-2312", "cve_description": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.", "cve_priority": "medium", "cve_public_date": "2024-04-05 20:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2057679, 2054127, 2054127, 2039172, 2043101 ], "changes": [ { "cves": [ { "cve": "CVE-2024-2312", "url": "https://ubuntu.com/security/CVE-2024-2312", "cve_description": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.", "cve_priority": "medium", "cve_public_date": "2024-04-05 20:15:00 UTC" } ], "log": [ "", " * Revert \"efi: Eliminate globals from the `peimage.c` chainloader\"", " (LP: #2057679) (LP: #2054127)", " * Increase SBAT level to \"grub.ubuntu,2\" and \"grub.peimage,2\"", " * SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]", " - CVE-2024-2312", "" ], "package": "grub2-unsigned", "version": "2.12~rc1-10ubuntu4.2", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2057679, 2054127, 2054127 ], "author": "Mate Kukri ", "date": "Thu, 21 Mar 2024 09:16:17 +0000" }, { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Cherry-pick upstream XFS directory extent parsing fixes (Closes: #1051543)", " (LP: #2039172)", " * UBUNTU: Drop luks2 (LP: #2043101)", "" ], "package": "grub2", "version": "2.12~rc1-10ubuntu4.1", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2039172, 2043101 ], "author": "Mate Kukri ", "date": "Thu, 09 Nov 2023 15:04:44 +0200" } ], "notes": null }, { "name": "grub-efi-amd64-signed", "from_version": { "source_package_name": "grub2-signed", "source_package_version": "1.197", "version": "1.197+2.12~rc1-10ubuntu4" }, "to_version": { "source_package_name": "grub2-signed", "source_package_version": "1.197.2", "version": "1.197.2+2.12~rc1-10ubuntu4.2" }, "cves": [], "launchpad_bugs_fixed": [ 2057679, 2054127 ], "changes": [ { "cves": [], "log": [ "", " * Rebuild against grub2 2.12~rc1-10ubuntu4.2 (LP: #2057679) (LP: #2054127)", "" ], "package": "grub2-signed", "version": "1.197.2", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2057679, 2054127 ], "author": "Mate Kukri ", "date": "Thu, 04 Apr 2024 11:44:21 +0100" }, { "cves": [], "log": [ "", " * Rebuild against grub2 2.12~rc1-10ubuntu4.1", "" ], "package": "grub2-signed", "version": "1.197.1", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [], "author": "Mate Kukri ", "date": "Fri, 10 Nov 2023 11:07:22 +0200" } ], "notes": null }, { "name": "grub-pc", "from_version": { "source_package_name": "grub2", "source_package_version": "2.12~rc1-10ubuntu4", "version": "2.12~rc1-10ubuntu4" }, "to_version": { "source_package_name": "grub2", "source_package_version": "2.12~rc1-10ubuntu4.2", "version": "2.12~rc1-10ubuntu4.2" }, "cves": [ { "cve": "CVE-2024-2312", "url": "https://ubuntu.com/security/CVE-2024-2312", "cve_description": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.", "cve_priority": "medium", "cve_public_date": "2024-04-05 20:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2057679, 2054127, 2054127, 2039172, 2043101 ], "changes": [ { "cves": [ { "cve": "CVE-2024-2312", "url": "https://ubuntu.com/security/CVE-2024-2312", "cve_description": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.", "cve_priority": "medium", "cve_public_date": "2024-04-05 20:15:00 UTC" } ], "log": [ "", " * Revert \"efi: Eliminate globals from the `peimage.c` chainloader\"", " (LP: #2057679) (LP: #2054127)", " * Increase SBAT level to \"grub.ubuntu,2\" and \"grub.peimage,2\"", " * SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]", " - CVE-2024-2312", "" ], "package": "grub2", "version": "2.12~rc1-10ubuntu4.2", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2057679, 2054127, 2054127 ], "author": "Mate Kukri ", "date": "Thu, 21 Mar 2024 09:16:17 +0000" }, { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Cherry-pick upstream XFS directory extent parsing fixes (Closes: #1051543)", " (LP: #2039172)", " * UBUNTU: Drop luks2 (LP: #2043101)", "" ], "package": "grub2", "version": "2.12~rc1-10ubuntu4.1", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2039172, 2043101 ], "author": "Mate Kukri ", "date": "Thu, 09 Nov 2023 15:04:44 +0200" } ], "notes": null }, { "name": "grub-pc-bin", "from_version": { "source_package_name": "grub2", "source_package_version": "2.12~rc1-10ubuntu4", "version": "2.12~rc1-10ubuntu4" }, "to_version": { "source_package_name": "grub2", "source_package_version": "2.12~rc1-10ubuntu4.2", "version": "2.12~rc1-10ubuntu4.2" }, "cves": [ { "cve": "CVE-2024-2312", "url": "https://ubuntu.com/security/CVE-2024-2312", "cve_description": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.", "cve_priority": "medium", "cve_public_date": "2024-04-05 20:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2057679, 2054127, 2054127, 2039172, 2043101 ], "changes": [ { "cves": [ { "cve": "CVE-2024-2312", "url": "https://ubuntu.com/security/CVE-2024-2312", "cve_description": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.", "cve_priority": "medium", "cve_public_date": "2024-04-05 20:15:00 UTC" } ], "log": [ "", " * Revert \"efi: Eliminate globals from the `peimage.c` chainloader\"", " (LP: #2057679) (LP: #2054127)", " * Increase SBAT level to \"grub.ubuntu,2\" and \"grub.peimage,2\"", " * SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]", " - CVE-2024-2312", "" ], "package": "grub2", "version": "2.12~rc1-10ubuntu4.2", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2057679, 2054127, 2054127 ], "author": "Mate Kukri ", "date": "Thu, 21 Mar 2024 09:16:17 +0000" }, { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Cherry-pick upstream XFS directory extent parsing fixes (Closes: #1051543)", " (LP: #2039172)", " * UBUNTU: Drop luks2 (LP: #2043101)", "" ], "package": "grub2", "version": "2.12~rc1-10ubuntu4.1", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2039172, 2043101 ], "author": "Mate Kukri ", "date": "Thu, 09 Nov 2023 15:04:44 +0200" } ], "notes": null }, { "name": "grub2-common", "from_version": { "source_package_name": "grub2", "source_package_version": "2.12~rc1-10ubuntu4", "version": "2.12~rc1-10ubuntu4" }, "to_version": { "source_package_name": "grub2", "source_package_version": "2.12~rc1-10ubuntu4.2", "version": "2.12~rc1-10ubuntu4.2" }, "cves": [ { "cve": "CVE-2024-2312", "url": "https://ubuntu.com/security/CVE-2024-2312", "cve_description": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.", "cve_priority": "medium", "cve_public_date": "2024-04-05 20:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2057679, 2054127, 2054127, 2039172, 2043101 ], "changes": [ { "cves": [ { "cve": "CVE-2024-2312", "url": "https://ubuntu.com/security/CVE-2024-2312", "cve_description": "GRUB2 does not call the module fini functions on exit, leading to Debian/Ubuntu's peimage GRUB2 module leaving UEFI system table hooks after exit. This lead to a use-after-free condition, and could possibly lead to secure boot bypass.", "cve_priority": "medium", "cve_public_date": "2024-04-05 20:15:00 UTC" } ], "log": [ "", " * Revert \"efi: Eliminate globals from the `peimage.c` chainloader\"", " (LP: #2057679) (LP: #2054127)", " * Increase SBAT level to \"grub.ubuntu,2\" and \"grub.peimage,2\"", " * SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]", " - CVE-2024-2312", "" ], "package": "grub2", "version": "2.12~rc1-10ubuntu4.2", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2057679, 2054127, 2054127 ], "author": "Mate Kukri ", "date": "Thu, 21 Mar 2024 09:16:17 +0000" }, { "cves": [], "log": [ "", " [ Julian Andres Klode ]", " * Cherry-pick upstream XFS directory extent parsing fixes (Closes: #1051543)", " (LP: #2039172)", " * UBUNTU: Drop luks2 (LP: #2043101)", "" ], "package": "grub2", "version": "2.12~rc1-10ubuntu4.1", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2039172, 2043101 ], "author": "Mate Kukri ", "date": "Thu, 09 Nov 2023 15:04:44 +0200" } ], "notes": null }, { "name": "libnetplan0", "from_version": { "source_package_name": "netplan.io", "source_package_version": "0.107-5ubuntu0.2", "version": "0.107-5ubuntu0.2" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.107-5ubuntu0.4", "version": "0.107-5ubuntu0.4" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2071333, 2065738, 1987842, 2066258 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: failure on systems without dbus", " - debian/netplan-generator.postinst: Don't call the generator if no", " networkd configuration file exists. (LP: #2071333) ", "" ], "package": "netplan.io", "version": "0.107-5ubuntu0.4", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [ 2071333 ], "author": "Sudhakar Verma ", "date": "Fri, 28 Jun 2024 22:17:07 +0530" }, { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: weak permissions on secret files, command injection", " - d/p/lp2065738/0012-libnetplan-use-more-restrictive-file-permissions.patch:", " Use more restrictive file permissions to prevent unprivileged users to", " read sensitive data from back end files (LP: #2065738, #1987842)", " - CVE-2022-4968", " - d/p/lp2065738/0013-cli-generate-call-daemon-reload-after-generate.patch:", " Call systemd daemon-reload as part of the netplan generate cli command", " - d/p/lp2066258/0014-libnetplan-escape-control-characters.patch:", " Escape control characters in the parser and double quotes in backend", " files.", " - d/p/lp2066258/0015-backends-escape-file-paths.patch:", " Escape special characters in file paths.", " - d/p/lp2066258/0016-backends-escape-semicolons-in-service-units.patch:", " Escape isolated semicolons in systemd service units. (LP: #2066258)", " * debian/netplan-generator.postinst: Add a postinst maintainer script to call", " the generator. It's needed so the file permissions fixes will be applied", " automatically, thanks to danilogondolfo ", "" ], "package": "netplan.io", "version": "0.107-5ubuntu0.3", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [ 2065738, 1987842, 2066258 ], "author": "Sudhakar Verma ", "date": "Mon, 24 Jun 2024 23:58:40 +0530" } ], "notes": null }, { "name": "netplan-generator", "from_version": { "source_package_name": "netplan.io", "source_package_version": "0.107-5ubuntu0.2", "version": "0.107-5ubuntu0.2" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.107-5ubuntu0.4", "version": "0.107-5ubuntu0.4" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2071333, 2065738, 1987842, 2066258 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: failure on systems without dbus", " - debian/netplan-generator.postinst: Don't call the generator if no", " networkd configuration file exists. (LP: #2071333) ", "" ], "package": "netplan.io", "version": "0.107-5ubuntu0.4", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [ 2071333 ], "author": "Sudhakar Verma ", "date": "Fri, 28 Jun 2024 22:17:07 +0530" }, { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: weak permissions on secret files, command injection", " - d/p/lp2065738/0012-libnetplan-use-more-restrictive-file-permissions.patch:", " Use more restrictive file permissions to prevent unprivileged users to", " read sensitive data from back end files (LP: #2065738, #1987842)", " - CVE-2022-4968", " - d/p/lp2065738/0013-cli-generate-call-daemon-reload-after-generate.patch:", " Call systemd daemon-reload as part of the netplan generate cli command", " - d/p/lp2066258/0014-libnetplan-escape-control-characters.patch:", " Escape control characters in the parser and double quotes in backend", " files.", " - d/p/lp2066258/0015-backends-escape-file-paths.patch:", " Escape special characters in file paths.", " - d/p/lp2066258/0016-backends-escape-semicolons-in-service-units.patch:", " Escape isolated semicolons in systemd service units. (LP: #2066258)", " * debian/netplan-generator.postinst: Add a postinst maintainer script to call", " the generator. It's needed so the file permissions fixes will be applied", " automatically, thanks to danilogondolfo ", "" ], "package": "netplan.io", "version": "0.107-5ubuntu0.3", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [ 2065738, 1987842, 2066258 ], "author": "Sudhakar Verma ", "date": "Mon, 24 Jun 2024 23:58:40 +0530" } ], "notes": null }, { "name": "netplan.io", "from_version": { "source_package_name": "netplan.io", "source_package_version": "0.107-5ubuntu0.2", "version": "0.107-5ubuntu0.2" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.107-5ubuntu0.4", "version": "0.107-5ubuntu0.4" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2071333, 2065738, 1987842, 2066258 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: failure on systems without dbus", " - debian/netplan-generator.postinst: Don't call the generator if no", " networkd configuration file exists. (LP: #2071333) ", "" ], "package": "netplan.io", "version": "0.107-5ubuntu0.4", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [ 2071333 ], "author": "Sudhakar Verma ", "date": "Fri, 28 Jun 2024 22:17:07 +0530" }, { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: weak permissions on secret files, command injection", " - d/p/lp2065738/0012-libnetplan-use-more-restrictive-file-permissions.patch:", " Use more restrictive file permissions to prevent unprivileged users to", " read sensitive data from back end files (LP: #2065738, #1987842)", " - CVE-2022-4968", " - d/p/lp2065738/0013-cli-generate-call-daemon-reload-after-generate.patch:", " Call systemd daemon-reload as part of the netplan generate cli command", " - d/p/lp2066258/0014-libnetplan-escape-control-characters.patch:", " Escape control characters in the parser and double quotes in backend", " files.", " - d/p/lp2066258/0015-backends-escape-file-paths.patch:", " Escape special characters in file paths.", " - d/p/lp2066258/0016-backends-escape-semicolons-in-service-units.patch:", " Escape isolated semicolons in systemd service units. (LP: #2066258)", " * debian/netplan-generator.postinst: Add a postinst maintainer script to call", " the generator. It's needed so the file permissions fixes will be applied", " automatically, thanks to danilogondolfo ", "" ], "package": "netplan.io", "version": "0.107-5ubuntu0.3", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [ 2065738, 1987842, 2066258 ], "author": "Sudhakar Verma ", "date": "Mon, 24 Jun 2024 23:58:40 +0530" } ], "notes": null }, { "name": "openssh-client", "from_version": { "source_package_name": "openssh", "source_package_version": "1:9.3p1-1ubuntu3.3", "version": "1:9.3p1-1ubuntu3.3" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:9.3p1-1ubuntu3.6", "version": "1:9.3p1-1ubuntu3.6" }, "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "cve_priority": "high", "cve_public_date": "2024-07-01 13:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2070497 ], "changes": [ { "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "cve_priority": "high", "cve_public_date": "2024-07-01 13:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: remote code execution via signal handler race", " condition (LP: #2070497)", " - debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.", " - CVE-2024-6387", "" ], "package": "openssh", "version": "1:9.3p1-1ubuntu3.6", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [ 2070497 ], "author": "Marc Deslauriers ", "date": "Wed, 26 Jun 2024 09:11:02 -0400" } ], "notes": null }, { "name": "openssh-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:9.3p1-1ubuntu3.3", "version": "1:9.3p1-1ubuntu3.3" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:9.3p1-1ubuntu3.6", "version": "1:9.3p1-1ubuntu3.6" }, "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "cve_priority": "high", "cve_public_date": "2024-07-01 13:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2070497 ], "changes": [ { "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "cve_priority": "high", "cve_public_date": "2024-07-01 13:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: remote code execution via signal handler race", " condition (LP: #2070497)", " - debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.", " - CVE-2024-6387", "" ], "package": "openssh", "version": "1:9.3p1-1ubuntu3.6", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [ 2070497 ], "author": "Marc Deslauriers ", "date": "Wed, 26 Jun 2024 09:11:02 -0400" } ], "notes": null }, { "name": "openssh-sftp-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:9.3p1-1ubuntu3.3", "version": "1:9.3p1-1ubuntu3.3" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:9.3p1-1ubuntu3.6", "version": "1:9.3p1-1ubuntu3.6" }, "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "cve_priority": "high", "cve_public_date": "2024-07-01 13:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2070497 ], "changes": [ { "cves": [ { "cve": "CVE-2024-6387", "url": "https://ubuntu.com/security/CVE-2024-6387", "cve_description": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.", "cve_priority": "high", "cve_public_date": "2024-07-01 13:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: remote code execution via signal handler race", " condition (LP: #2070497)", " - debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.", " - CVE-2024-6387", "" ], "package": "openssh", "version": "1:9.3p1-1ubuntu3.6", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [ 2070497 ], "author": "Marc Deslauriers ", "date": "Wed, 26 Jun 2024 09:11:02 -0400" } ], "notes": null }, { "name": "python3-netplan", "from_version": { "source_package_name": "netplan.io", "source_package_version": "0.107-5ubuntu0.2", "version": "0.107-5ubuntu0.2" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "0.107-5ubuntu0.4", "version": "0.107-5ubuntu0.4" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2071333, 2065738, 1987842, 2066258 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: failure on systems without dbus", " - debian/netplan-generator.postinst: Don't call the generator if no", " networkd configuration file exists. (LP: #2071333) ", "" ], "package": "netplan.io", "version": "0.107-5ubuntu0.4", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [ 2071333 ], "author": "Sudhakar Verma ", "date": "Fri, 28 Jun 2024 22:17:07 +0530" }, { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: weak permissions on secret files, command injection", " - d/p/lp2065738/0012-libnetplan-use-more-restrictive-file-permissions.patch:", " Use more restrictive file permissions to prevent unprivileged users to", " read sensitive data from back end files (LP: #2065738, #1987842)", " - CVE-2022-4968", " - d/p/lp2065738/0013-cli-generate-call-daemon-reload-after-generate.patch:", " Call systemd daemon-reload as part of the netplan generate cli command", " - d/p/lp2066258/0014-libnetplan-escape-control-characters.patch:", " Escape control characters in the parser and double quotes in backend", " files.", " - d/p/lp2066258/0015-backends-escape-file-paths.patch:", " Escape special characters in file paths.", " - d/p/lp2066258/0016-backends-escape-semicolons-in-service-units.patch:", " Escape isolated semicolons in systemd service units. (LP: #2066258)", " * debian/netplan-generator.postinst: Add a postinst maintainer script to call", " the generator. It's needed so the file permissions fixes will be applied", " automatically, thanks to danilogondolfo ", "" ], "package": "netplan.io", "version": "0.107-5ubuntu0.3", "urgency": "medium", "distributions": "mantic-security", "launchpad_bugs_fixed": [ 2065738, 1987842, 2066258 ], "author": "Sudhakar Verma ", "date": "Mon, 24 Jun 2024 23:58:40 +0530" } ], "notes": null }, { "name": "tzdata", "from_version": { "source_package_name": "tzdata", "source_package_version": "2024a-0ubuntu0.23.10", "version": "2024a-0ubuntu0.23.10" }, "to_version": { "source_package_name": "tzdata", "source_package_version": "2024a-0ubuntu0.23.10.1", "version": "2024a-0ubuntu0.23.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2055718 ], "changes": [ { "cves": [], "log": [ "", " * Do not replace CET, CST6CDT, EET, EST*, HST, MET, MST*, PST8PDT, WET.", " The replacements differed in using daylight saving. (LP: #2055718)", " * Fix updating US/Indiana-Starke to America/Indiana/Knox", " * Correct timezone symlinks when using BACKWARD=backward PACKRATDATA=backzone", " to fix (at least) the timezone symlinks Africa/Asmera,", " Antarctica/South_Pole, Iceland, Pacific/Ponape, and Pacific/Truk.", " * test_timezone_conversions: Check symlink targets", " * d/rules: Support creating symlinks pointing to symlinks", "" ], "package": "tzdata", "version": "2024a-0ubuntu0.23.10.1", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2055718 ], "author": "Benjamin Drung ", "date": "Fri, 03 May 2024 17:21:06 +0200" } ], "notes": null }, { "name": "ubuntu-advantage-tools", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3~23.10", "version": "32.3~23.10" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3.1~23.10", "version": "32.3.1~23.10" }, "cves": [], "launchpad_bugs_fixed": [ 2067810 ], "changes": [ { "cves": [], "log": [ "", " * Adjust the esm_cache apparmor profile to allow reading of dpkg data", " directory (LP: #2067810):", " - d/apparmor/ubuntu_pro_esm_cache.jinja2: allow /var/lib/dpkg/** for dpkg", " and other profiles", " - features/steps/machines.py: trigger the bug in the behave test suite,", " which tests the fix", " * version.py: update version to 32.3.1", "" ], "package": "ubuntu-advantage-tools", "version": "32.3.1~23.10", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2067810 ], "author": "Andreas Hasenack ", "date": "Fri, 07 Jun 2024 14:52:55 -0300" } ], "notes": null }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3~23.10", "version": "32.3~23.10" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3.1~23.10", "version": "32.3.1~23.10" }, "cves": [], "launchpad_bugs_fixed": [ 2067810 ], "changes": [ { "cves": [], "log": [ "", " * Adjust the esm_cache apparmor profile to allow reading of dpkg data", " directory (LP: #2067810):", " - d/apparmor/ubuntu_pro_esm_cache.jinja2: allow /var/lib/dpkg/** for dpkg", " and other profiles", " - features/steps/machines.py: trigger the bug in the behave test suite,", " which tests the fix", " * version.py: update version to 32.3.1", "" ], "package": "ubuntu-advantage-tools", "version": "32.3.1~23.10", "urgency": "medium", "distributions": "mantic", "launchpad_bugs_fixed": [ 2067810 ], "author": "Andreas Hasenack ", "date": "Fri, 07 Jun 2024 14:52:55 -0300" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 23.10 mantic image from release image serial 20240626 to 20240705", "from_series": "mantic", "to_series": "mantic", "from_serial": "20240626", "to_serial": "20240705", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }