{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "libc-bin", "libc6", "ubuntu-pro-client" ] } }, "diff": { "deb": [ { "name": "libc-bin", "from_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.1", "version": "2.39-0ubuntu8.1" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.2", "version": "2.39-0ubuntu8.2" }, "cves": [ { "cve": "CVE-2024-33599", "url": "https://ubuntu.com/security/CVE-2024-33599", "cve_description": "nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33600", "url": "https://ubuntu.com/security/CVE-2024-33600", "cve_description": "nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33601", "url": "https://ubuntu.com/security/CVE-2024-33601", "cve_description": "nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33602", "url": "https://ubuntu.com/security/CVE-2024-33602", "cve_description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-33599", "url": "https://ubuntu.com/security/CVE-2024-33599", "cve_description": "nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33600", "url": "https://ubuntu.com/security/CVE-2024-33600", "cve_description": "nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33601", "url": "https://ubuntu.com/security/CVE-2024-33601", "cve_description": "nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33602", "url": "https://ubuntu.com/security/CVE-2024-33602", "cve_description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Stack-based buffer overflow", " - debian/patches/CVE-2024-33599.patch: CVE-2024-33599: nscd: Stack-", " based buffer overflow in netgroup cache.", " - CVE-2024-33599", " * SECURITY UPDATE: Null pointer", " - debian/patches/CVE-2024-33600_1.patch: CVE-2024-33600: nscd: Avoid", " null pointer crashes after notfound response.", " - debian/patches/CVE-2024-33600_2.patch: CVE-2024-33600: nscd: Do", " not send missing not-found response in addgetnetgrentX.", " - CVE-2024-33600", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2024-33601_33602.patch: CVE-2024-33601, CVE-", " 2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX.", " - CVE-2024-33601", " - CVE-2024-33602", "" ], "package": "glibc", "version": "2.39-0ubuntu8.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Paulo Flabiano Smorigo ", "date": "Tue, 30 Apr 2024 15:02:13 -0300" } ], "notes": null }, { "name": "libc6", "from_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.1", "version": "2.39-0ubuntu8.1" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.39-0ubuntu8.2", "version": "2.39-0ubuntu8.2" }, "cves": [ { "cve": "CVE-2024-33599", "url": "https://ubuntu.com/security/CVE-2024-33599", "cve_description": "nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33600", "url": "https://ubuntu.com/security/CVE-2024-33600", "cve_description": "nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33601", "url": "https://ubuntu.com/security/CVE-2024-33601", "cve_description": "nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33602", "url": "https://ubuntu.com/security/CVE-2024-33602", "cve_description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-33599", "url": "https://ubuntu.com/security/CVE-2024-33599", "cve_description": "nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33600", "url": "https://ubuntu.com/security/CVE-2024-33600", "cve_description": "nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33601", "url": "https://ubuntu.com/security/CVE-2024-33601", "cve_description": "nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" }, { "cve": "CVE-2024-33602", "url": "https://ubuntu.com/security/CVE-2024-33602", "cve_description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.", "cve_priority": "medium", "cve_public_date": "2024-05-06 20:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Stack-based buffer overflow", " - debian/patches/CVE-2024-33599.patch: CVE-2024-33599: nscd: Stack-", " based buffer overflow in netgroup cache.", " - CVE-2024-33599", " * SECURITY UPDATE: Null pointer", " - debian/patches/CVE-2024-33600_1.patch: CVE-2024-33600: nscd: Avoid", " null pointer crashes after notfound response.", " - debian/patches/CVE-2024-33600_2.patch: CVE-2024-33600: nscd: Do", " not send missing not-found response in addgetnetgrentX.", " - CVE-2024-33600", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2024-33601_33602.patch: CVE-2024-33601, CVE-", " 2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX.", " - CVE-2024-33601", " - CVE-2024-33602", "" ], "package": "glibc", "version": "2.39-0ubuntu8.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Paulo Flabiano Smorigo ", "date": "Tue, 30 Apr 2024 15:02:13 -0300" } ], "notes": null }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "31.2.3", "version": "31.2.3" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "32.3~24.04", "version": "32.3~24.04" }, "cves": [], "launchpad_bugs_fixed": [ 2060732, 2067319, 2066929, 2065573, 2065616, 2060732, 2033313, 2031192 ], "changes": [ { "cves": [], "log": [ "", " * Backport 32.3 to noble (LP: #2060732)", "" ], "package": "ubuntu-advantage-tools", "version": "32.3~24.04", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2060732 ], "author": "Renan Rodrigo ", "date": "Tue, 28 May 2024 15:15:48 -0300" }, { "cves": [], "log": [ "", " * d/apparmor: adjust the profiles to account for usr-merge consequences", " (LP: #2067319)", "" ], "package": "ubuntu-advantage-tools", "version": "32.3", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2067319 ], "author": "Renan Rodrigo ", "date": "Tue, 28 May 2024 14:43:12 -0300" }, { "cves": [], "log": [ "", " * d/apparmor: adjust rules for violations found during testing (LP: #2066929)", "" ], "package": "ubuntu-advantage-tools", "version": "32.2", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2066929 ], "author": "Grant Orndorff ", "date": "Thu, 23 May 2024 10:47:11 -0500" }, { "cves": [], "log": [ "", " * d/apparmor: allow access for /etc/os-release on all supported", " profiles (LP: #2065573)", " * apport: get path for timer job status from the correct place (LP: #2065616)", "" ], "package": "ubuntu-advantage-tools", "version": "32.1", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2065573, 2065616 ], "author": "Lucas Moura ", "date": "Tue, 14 May 2024 11:22:35 +0200" }, { "cves": [], "log": [ "", " * d/postinst: ensure migrations happen in correct package postinst (GH: #2982)", " * d/apparmor: introduce new ubuntu_pro_esm_cache apparmor policy", " * New upstream release 32 (LP: #2060732)", " - api:", " + u.pro.attach.token.full_token_attach.v1: add support for attach", " with token", " + u.pro.services.disable.v1: add support for disable operation", " + u.pro.services.enable.v1: add support for enable operation", " + u.pro.detach.v1: add support for detach operation", " + u.pro.status.is_attached.v1: add extra fields to API response", " + u.pro.services.dependencies.v1: add support for service dependencies", " + u.pro.security.fix.*.plan.v1: update ESM cache during plan API", " if needed", " - apt_news: add architectures and packages selectors filters for apt news", " - cli:", " + improved cli/log message for unexpected errors (GH: #2600)", " + properly handle setting empty config values (GH: #2925)", " - cloud-init: support ubuntu_pro user-data", " - collect-logs: update default output file to pro_logs.tar.gz (LP: #2033313)", " - config: create public and private config (GH: #2809)", " - entitlements:", " + update logic that checks if a service is enabled (LP: #2031192)", " - fips: warn/confirm with user if enabling fips downgrades the kernel", " - fix: warn users if ESM cache cannot be updated (GH: #2841)", " - logging:", " + use journald logging for all systemd services", " + add redundancy to secret redaction", " - messaging:", " + add consistent messaging for end of contract state", " + make explicit that unattached enable/disable is a noop (GH: #2487)", " + make explicit that disabling a disabled service is a noop", " + make explicit that enabling an enabled service is a noop", " - notices: filter unreadable notices when listing notices (GH: #2898)", "" ], "package": "ubuntu-advantage-tools", "version": "32", "urgency": "medium", "distributions": "oracular", "launchpad_bugs_fixed": [ 2060732, 2033313, 2031192 ], "author": "Lucas Moura ", "date": "Tue, 09 Apr 2024 17:33:36 -0300" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from daily image serial 20240528 to 20240529", "from_series": "noble", "to_series": "noble", "from_serial": "20240528", "to_serial": "20240529", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }