{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "ethtool", "linux-image-6.8.0-51-generic", "linux-modules-6.8.0-51-generic" ], "removed": [ "linux-image-6.8.0-50-generic", "linux-modules-6.8.0-50-generic", "python3-netifaces" ], "diff": [ "cloud-init", "curl", "libcurl4t64", "libnetplan1", "linux-image-virtual", "netplan-generator", "netplan.io", "python3-netplan", "ssh-import-id" ] } }, "diff": { "deb": [ { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "24.3.1-0ubuntu0~24.04.2", "version": "24.3.1-0ubuntu0~24.04.2" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "24.4-0ubuntu1~24.04.2", "version": "24.4-0ubuntu1~24.04.2" }, "cves": [], "launchpad_bugs_fixed": [ 2089577 ], "changes": [ { "cves": [], "log": [ "", " * Fix d/p/no-single-process.patch", " - It didn't contain removal of cloud-init-network.service nor", " the removal of the network.service reference", "" ], "package": "cloud-init", "version": "24.4-0ubuntu1~24.04.2", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [], "author": "James Falcon ", "date": "Mon, 02 Dec 2024 13:09:22 -0600" }, { "cves": [], "log": [ "", " * add d/p/grub-dpkg-support.patch", " - Revert the removal of grub-dpkg from default modules", " * refresh patches:", " - d/p/deprecation-version-boundary.patch", " - d/p/no-nocloud-network.patch", " - d/p/no-single-process.patch", " * Upstream snapshot based on 24.4. (LP: #2089577).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/24.4/ChangeLog", "" ], "package": "cloud-init", "version": "24.4-0ubuntu1~24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2089577 ], "author": "James Falcon ", "date": "Tue, 26 Nov 2024 07:46:41 -0600" } ], "notes": null }, { "name": "curl", "from_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.5", "version": "8.5.0-2ubuntu10.5" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.6", "version": "8.5.0-2ubuntu10.6" }, "cves": [ { "cve": "CVE-2024-11053", "url": "https://ubuntu.com/security/CVE-2024-11053", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "cve_priority": "low", "cve_public_date": "2024-12-11 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11053", "url": "https://ubuntu.com/security/CVE-2024-11053", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "cve_priority": "low", "cve_public_date": "2024-12-11 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: netrc and redirect credential leak", " - debian/patches/CVE-2024-11053-pre1.patch: use same credentials on", " redirect in lib/transfer.c, lib/url.c, lib/urldata.h,", " tests/data/Makefile.inc, tests/data/test998, tests/data/test999.", " - debian/patches/CVE-2024-11053.patch: address several netrc parser", " flaws in lib/netrc.c, lib/url.c, tests/data/Makefile.inc,", " tests/data/test478, tests/data/test479, tests/data/test480,", " tests/unit/unit1304.c.", " - CVE-2024-11053", "" ], "package": "curl", "version": "8.5.0-2ubuntu10.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Dec 2024 11:44:19 -0500" } ], "notes": null }, { "name": "libcurl4t64", "from_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.5", "version": "8.5.0-2ubuntu10.5" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.6", "version": "8.5.0-2ubuntu10.6" }, "cves": [ { "cve": "CVE-2024-11053", "url": "https://ubuntu.com/security/CVE-2024-11053", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "cve_priority": "low", "cve_public_date": "2024-12-11 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-11053", "url": "https://ubuntu.com/security/CVE-2024-11053", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "cve_priority": "low", "cve_public_date": "2024-12-11 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: netrc and redirect credential leak", " - debian/patches/CVE-2024-11053-pre1.patch: use same credentials on", " redirect in lib/transfer.c, lib/url.c, lib/urldata.h,", " tests/data/Makefile.inc, tests/data/test998, tests/data/test999.", " - debian/patches/CVE-2024-11053.patch: address several netrc parser", " flaws in lib/netrc.c, lib/url.c, tests/data/Makefile.inc,", " tests/data/test478, tests/data/test479, tests/data/test480,", " tests/unit/unit1304.c.", " - CVE-2024-11053", "" ], "package": "curl", "version": "8.5.0-2ubuntu10.6", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Dec 2024 11:44:19 -0500" } ], "notes": null }, { "name": "libnetplan1", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.0.1-1ubuntu2~24.04.1", "version": "1.0.1-1ubuntu2~24.04.1" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.1-1~ubuntu24.04.1", "version": "1.1.1-1~ubuntu24.04.1" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2077011 ], "changes": [ { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * Backport netplan.io 1.1.1-1 to 24.04 (LP: #2077011)", " - NM: add support for stable-ssid MAC option !524 (LP:2084234)", " - wpa_supplicant: add ExecReload to the service unit !523", " - Create snippet files for single-sourcing repetitive instructions !505", " - doc: Add initial 'Cryptography' section !517", " - Several code cleanup & fixes for TiCS !507", " - tests: ethernets: Add ipv6-address-generation integration tests !509", " - cli: drop python-netifaces !503 (LP:2065870, LP:2017585)", " - parse-nm: account for veth and dummy when checking for virtual types !513", " - Avoid dependency on dbus-python !511", " - tests: Improve vrf/wireguard modprobe check inside containers !510", " - tests:ethernets: avoid flaky test_ip6_eui64 results !514", " - ovs: quote external-ids and other-config values !512 (LP:2070318)", " - Handle implicit conversions !496", " - Use more permissive umask for .service units !516 (LP:2072486)", " - Revert \"apply: make sure that networkd is restarted when needed\" !518", " (LP:2078009)", " - Handling encoding issues on netplan status !521 (LP:2079975)", " - include: fix apidoc warnings about undocumented parameters", " Upstream v1.1:", " - CI: adopt autopkgtest for 1.0-1 on 22.04", " - tools/keyfile_to_yaml: display the generated YAML", " - tests: import the config fuzzing tests", " - ATTN: parse/bonds: handle same primary in multiple bonds", " - sriov: accept setting the eswitch mode without VFs (LP:2020409)", " - Custom systemd-networkd-wait-online override to wait on interfaces.", " (Closes: #1008995) (LP:2060311)", " - Ignore bad NetDefs and files via parser flags", " - networkd:apply: Drop handling of legacy wpa@ instance units", " - migrate: support aliases", " - networkd: add ipv6 ra overrides (LP:1973222)", " - netplan status --diff fixes and improvements", " - apply: make sure that networkd is restarted when needed", " - Don't escape certain non-ascii characters", " - networkd: make s-n-wait-online wait for at least one routable interface", " - networkd: Implement ipv6-address-generation: stable-privacy", " - Implementing advmss ip route option", " - meson: Add 'testing' option", " - Add a scheduled workflow to run TICS", " - ci: migrate to Ubuntu 24.04", " - Prepare Netplan v1.1", " Documentation:", " - Fix wrong syntax in example", " - Tutorial improvements", " - added guide for contributing to the netplan documentation", " - Add initial SECURITY.md policy", " - Create single-nic-vm-host.md", " - Create single-nic-vm-host-with-vlans.md", " - Create multi-nic-vm-host-with-bonds-and-vlans.md", " - bullet point removal", " - Add netplan try to netplan tutorial", " - Update the docs checks runner to ubuntu-latest", " - Add spelling exceptions", " Bug fixes:", " - Fix logging setup when python-rich is not present", " - parse-nm: add a workaround for the DoT DNS option (LP:2055148)", " - parse: don't remove datalist items during iteration", " - parse: fix redefinition of gateway(4|6)", " - python: elements of all must be strings", " - CI: Fix DebCI check, using newer 'meson' from unstable", " - tests: fix diff test with iproute2 6.8", " - cli/generate: skip daemon_reload with --mapping", " - CI: fork spread to get snapcore/spread#179 fixes", " - ctests: fix a memory leak in a unit test", " - nm/nd: fix a couple of crashes", " - test:integration: Try to improve test flakyness (Closes: #1069871)", " - Security fixes (CVE-2022-4968)", " - emitter: allow unicode characters in the emitter (LP:2071652)", " - CLI:apply: call udevadm trigger, using --action=move", " (Closes: #1071220) (LP:2066344, LP:2071363)", " - CI: fix CodeQL permissions", " - ci: run meson tests with unbuffer", " - ci/tics: install \"expect\" as a dependency", " - generate: avoid calling 'udevadm control --reload' (LP:1999178)", " - netplan ignores NetworkManager ipv4.route-metric (LP:2076172)", " - Change default umask when creating directories (LP:2076319)", " * d/libnetplan1.symbols: Update symbols file for v1.1", " * d/t/control: Add breaks-testbed for more robust CI", " * d/t/control: Add python3-packaging test dependency for 'routing.py'", " * d/rules: Handle improved 'nocheck' option (Closes: #1071599)", " * d/{rules,control}: Utilize dh-python", " * d/control:", " + Change Maintainer to Networking team", " + Mark udev as a (test-)dependency", " + Drop python3-{dbus,netifaces} dependencies, not needed anymore", " + Add ethtool dependency, needed as of 1.1.1", " + Mark libcmocka-dev as a test-dependency", " + Clarify package description (Closes: #1076445)", "" ], "package": "netplan.io", "version": "1.1.1-1~ubuntu24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077011 ], "author": "Lukas Märdian ", "date": "Tue, 22 Oct 2024 15:54:21 +0200" } ], "notes": null }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-50.51", "version": "6.8.0-50.51" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-51.52", "version": "6.8.0-51.52" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-51.52", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", "" ], "package": "linux-meta", "version": "6.8.0-51.52", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Sat, 30 Nov 2024 20:09:19 +0100" } ], "notes": null }, { "name": "netplan-generator", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.0.1-1ubuntu2~24.04.1", "version": "1.0.1-1ubuntu2~24.04.1" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.1-1~ubuntu24.04.1", "version": "1.1.1-1~ubuntu24.04.1" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2077011 ], "changes": [ { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * Backport netplan.io 1.1.1-1 to 24.04 (LP: #2077011)", " - NM: add support for stable-ssid MAC option !524 (LP:2084234)", " - wpa_supplicant: add ExecReload to the service unit !523", " - Create snippet files for single-sourcing repetitive instructions !505", " - doc: Add initial 'Cryptography' section !517", " - Several code cleanup & fixes for TiCS !507", " - tests: ethernets: Add ipv6-address-generation integration tests !509", " - cli: drop python-netifaces !503 (LP:2065870, LP:2017585)", " - parse-nm: account for veth and dummy when checking for virtual types !513", " - Avoid dependency on dbus-python !511", " - tests: Improve vrf/wireguard modprobe check inside containers !510", " - tests:ethernets: avoid flaky test_ip6_eui64 results !514", " - ovs: quote external-ids and other-config values !512 (LP:2070318)", " - Handle implicit conversions !496", " - Use more permissive umask for .service units !516 (LP:2072486)", " - Revert \"apply: make sure that networkd is restarted when needed\" !518", " (LP:2078009)", " - Handling encoding issues on netplan status !521 (LP:2079975)", " - include: fix apidoc warnings about undocumented parameters", " Upstream v1.1:", " - CI: adopt autopkgtest for 1.0-1 on 22.04", " - tools/keyfile_to_yaml: display the generated YAML", " - tests: import the config fuzzing tests", " - ATTN: parse/bonds: handle same primary in multiple bonds", " - sriov: accept setting the eswitch mode without VFs (LP:2020409)", " - Custom systemd-networkd-wait-online override to wait on interfaces.", " (Closes: #1008995) (LP:2060311)", " - Ignore bad NetDefs and files via parser flags", " - networkd:apply: Drop handling of legacy wpa@ instance units", " - migrate: support aliases", " - networkd: add ipv6 ra overrides (LP:1973222)", " - netplan status --diff fixes and improvements", " - apply: make sure that networkd is restarted when needed", " - Don't escape certain non-ascii characters", " - networkd: make s-n-wait-online wait for at least one routable interface", " - networkd: Implement ipv6-address-generation: stable-privacy", " - Implementing advmss ip route option", " - meson: Add 'testing' option", " - Add a scheduled workflow to run TICS", " - ci: migrate to Ubuntu 24.04", " - Prepare Netplan v1.1", " Documentation:", " - Fix wrong syntax in example", " - Tutorial improvements", " - added guide for contributing to the netplan documentation", " - Add initial SECURITY.md policy", " - Create single-nic-vm-host.md", " - Create single-nic-vm-host-with-vlans.md", " - Create multi-nic-vm-host-with-bonds-and-vlans.md", " - bullet point removal", " - Add netplan try to netplan tutorial", " - Update the docs checks runner to ubuntu-latest", " - Add spelling exceptions", " Bug fixes:", " - Fix logging setup when python-rich is not present", " - parse-nm: add a workaround for the DoT DNS option (LP:2055148)", " - parse: don't remove datalist items during iteration", " - parse: fix redefinition of gateway(4|6)", " - python: elements of all must be strings", " - CI: Fix DebCI check, using newer 'meson' from unstable", " - tests: fix diff test with iproute2 6.8", " - cli/generate: skip daemon_reload with --mapping", " - CI: fork spread to get snapcore/spread#179 fixes", " - ctests: fix a memory leak in a unit test", " - nm/nd: fix a couple of crashes", " - test:integration: Try to improve test flakyness (Closes: #1069871)", " - Security fixes (CVE-2022-4968)", " - emitter: allow unicode characters in the emitter (LP:2071652)", " - CLI:apply: call udevadm trigger, using --action=move", " (Closes: #1071220) (LP:2066344, LP:2071363)", " - CI: fix CodeQL permissions", " - ci: run meson tests with unbuffer", " - ci/tics: install \"expect\" as a dependency", " - generate: avoid calling 'udevadm control --reload' (LP:1999178)", " - netplan ignores NetworkManager ipv4.route-metric (LP:2076172)", " - Change default umask when creating directories (LP:2076319)", " * d/libnetplan1.symbols: Update symbols file for v1.1", " * d/t/control: Add breaks-testbed for more robust CI", " * d/t/control: Add python3-packaging test dependency for 'routing.py'", " * d/rules: Handle improved 'nocheck' option (Closes: #1071599)", " * d/{rules,control}: Utilize dh-python", " * d/control:", " + Change Maintainer to Networking team", " + Mark udev as a (test-)dependency", " + Drop python3-{dbus,netifaces} dependencies, not needed anymore", " + Add ethtool dependency, needed as of 1.1.1", " + Mark libcmocka-dev as a test-dependency", " + Clarify package description (Closes: #1076445)", "" ], "package": "netplan.io", "version": "1.1.1-1~ubuntu24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077011 ], "author": "Lukas Märdian ", "date": "Tue, 22 Oct 2024 15:54:21 +0200" } ], "notes": null }, { "name": "netplan.io", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.0.1-1ubuntu2~24.04.1", "version": "1.0.1-1ubuntu2~24.04.1" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.1-1~ubuntu24.04.1", "version": "1.1.1-1~ubuntu24.04.1" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2077011 ], "changes": [ { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * Backport netplan.io 1.1.1-1 to 24.04 (LP: #2077011)", " - NM: add support for stable-ssid MAC option !524 (LP:2084234)", " - wpa_supplicant: add ExecReload to the service unit !523", " - Create snippet files for single-sourcing repetitive instructions !505", " - doc: Add initial 'Cryptography' section !517", " - Several code cleanup & fixes for TiCS !507", " - tests: ethernets: Add ipv6-address-generation integration tests !509", " - cli: drop python-netifaces !503 (LP:2065870, LP:2017585)", " - parse-nm: account for veth and dummy when checking for virtual types !513", " - Avoid dependency on dbus-python !511", " - tests: Improve vrf/wireguard modprobe check inside containers !510", " - tests:ethernets: avoid flaky test_ip6_eui64 results !514", " - ovs: quote external-ids and other-config values !512 (LP:2070318)", " - Handle implicit conversions !496", " - Use more permissive umask for .service units !516 (LP:2072486)", " - Revert \"apply: make sure that networkd is restarted when needed\" !518", " (LP:2078009)", " - Handling encoding issues on netplan status !521 (LP:2079975)", " - include: fix apidoc warnings about undocumented parameters", " Upstream v1.1:", " - CI: adopt autopkgtest for 1.0-1 on 22.04", " - tools/keyfile_to_yaml: display the generated YAML", " - tests: import the config fuzzing tests", " - ATTN: parse/bonds: handle same primary in multiple bonds", " - sriov: accept setting the eswitch mode without VFs (LP:2020409)", " - Custom systemd-networkd-wait-online override to wait on interfaces.", " (Closes: #1008995) (LP:2060311)", " - Ignore bad NetDefs and files via parser flags", " - networkd:apply: Drop handling of legacy wpa@ instance units", " - migrate: support aliases", " - networkd: add ipv6 ra overrides (LP:1973222)", " - netplan status --diff fixes and improvements", " - apply: make sure that networkd is restarted when needed", " - Don't escape certain non-ascii characters", " - networkd: make s-n-wait-online wait for at least one routable interface", " - networkd: Implement ipv6-address-generation: stable-privacy", " - Implementing advmss ip route option", " - meson: Add 'testing' option", " - Add a scheduled workflow to run TICS", " - ci: migrate to Ubuntu 24.04", " - Prepare Netplan v1.1", " Documentation:", " - Fix wrong syntax in example", " - Tutorial improvements", " - added guide for contributing to the netplan documentation", " - Add initial SECURITY.md policy", " - Create single-nic-vm-host.md", " - Create single-nic-vm-host-with-vlans.md", " - Create multi-nic-vm-host-with-bonds-and-vlans.md", " - bullet point removal", " - Add netplan try to netplan tutorial", " - Update the docs checks runner to ubuntu-latest", " - Add spelling exceptions", " Bug fixes:", " - Fix logging setup when python-rich is not present", " - parse-nm: add a workaround for the DoT DNS option (LP:2055148)", " - parse: don't remove datalist items during iteration", " - parse: fix redefinition of gateway(4|6)", " - python: elements of all must be strings", " - CI: Fix DebCI check, using newer 'meson' from unstable", " - tests: fix diff test with iproute2 6.8", " - cli/generate: skip daemon_reload with --mapping", " - CI: fork spread to get snapcore/spread#179 fixes", " - ctests: fix a memory leak in a unit test", " - nm/nd: fix a couple of crashes", " - test:integration: Try to improve test flakyness (Closes: #1069871)", " - Security fixes (CVE-2022-4968)", " - emitter: allow unicode characters in the emitter (LP:2071652)", " - CLI:apply: call udevadm trigger, using --action=move", " (Closes: #1071220) (LP:2066344, LP:2071363)", " - CI: fix CodeQL permissions", " - ci: run meson tests with unbuffer", " - ci/tics: install \"expect\" as a dependency", " - generate: avoid calling 'udevadm control --reload' (LP:1999178)", " - netplan ignores NetworkManager ipv4.route-metric (LP:2076172)", " - Change default umask when creating directories (LP:2076319)", " * d/libnetplan1.symbols: Update symbols file for v1.1", " * d/t/control: Add breaks-testbed for more robust CI", " * d/t/control: Add python3-packaging test dependency for 'routing.py'", " * d/rules: Handle improved 'nocheck' option (Closes: #1071599)", " * d/{rules,control}: Utilize dh-python", " * d/control:", " + Change Maintainer to Networking team", " + Mark udev as a (test-)dependency", " + Drop python3-{dbus,netifaces} dependencies, not needed anymore", " + Add ethtool dependency, needed as of 1.1.1", " + Mark libcmocka-dev as a test-dependency", " + Clarify package description (Closes: #1076445)", "" ], "package": "netplan.io", "version": "1.1.1-1~ubuntu24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077011 ], "author": "Lukas Märdian ", "date": "Tue, 22 Oct 2024 15:54:21 +0200" } ], "notes": null }, { "name": "python3-netplan", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.0.1-1ubuntu2~24.04.1", "version": "1.0.1-1ubuntu2~24.04.1" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.1-1~ubuntu24.04.1", "version": "1.1.1-1~ubuntu24.04.1" }, "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2077011 ], "changes": [ { "cves": [ { "cve": "CVE-2022-4968", "url": "https://ubuntu.com/security/CVE-2022-4968", "cve_description": "netplan leaks the private key of wireguard to local users. A security fix will be released soon.", "cve_priority": "medium", "cve_public_date": "2024-06-07 01:15:00 UTC" } ], "log": [ "", " * Backport netplan.io 1.1.1-1 to 24.04 (LP: #2077011)", " - NM: add support for stable-ssid MAC option !524 (LP:2084234)", " - wpa_supplicant: add ExecReload to the service unit !523", " - Create snippet files for single-sourcing repetitive instructions !505", " - doc: Add initial 'Cryptography' section !517", " - Several code cleanup & fixes for TiCS !507", " - tests: ethernets: Add ipv6-address-generation integration tests !509", " - cli: drop python-netifaces !503 (LP:2065870, LP:2017585)", " - parse-nm: account for veth and dummy when checking for virtual types !513", " - Avoid dependency on dbus-python !511", " - tests: Improve vrf/wireguard modprobe check inside containers !510", " - tests:ethernets: avoid flaky test_ip6_eui64 results !514", " - ovs: quote external-ids and other-config values !512 (LP:2070318)", " - Handle implicit conversions !496", " - Use more permissive umask for .service units !516 (LP:2072486)", " - Revert \"apply: make sure that networkd is restarted when needed\" !518", " (LP:2078009)", " - Handling encoding issues on netplan status !521 (LP:2079975)", " - include: fix apidoc warnings about undocumented parameters", " Upstream v1.1:", " - CI: adopt autopkgtest for 1.0-1 on 22.04", " - tools/keyfile_to_yaml: display the generated YAML", " - tests: import the config fuzzing tests", " - ATTN: parse/bonds: handle same primary in multiple bonds", " - sriov: accept setting the eswitch mode without VFs (LP:2020409)", " - Custom systemd-networkd-wait-online override to wait on interfaces.", " (Closes: #1008995) (LP:2060311)", " - Ignore bad NetDefs and files via parser flags", " - networkd:apply: Drop handling of legacy wpa@ instance units", " - migrate: support aliases", " - networkd: add ipv6 ra overrides (LP:1973222)", " - netplan status --diff fixes and improvements", " - apply: make sure that networkd is restarted when needed", " - Don't escape certain non-ascii characters", " - networkd: make s-n-wait-online wait for at least one routable interface", " - networkd: Implement ipv6-address-generation: stable-privacy", " - Implementing advmss ip route option", " - meson: Add 'testing' option", " - Add a scheduled workflow to run TICS", " - ci: migrate to Ubuntu 24.04", " - Prepare Netplan v1.1", " Documentation:", " - Fix wrong syntax in example", " - Tutorial improvements", " - added guide for contributing to the netplan documentation", " - Add initial SECURITY.md policy", " - Create single-nic-vm-host.md", " - Create single-nic-vm-host-with-vlans.md", " - Create multi-nic-vm-host-with-bonds-and-vlans.md", " - bullet point removal", " - Add netplan try to netplan tutorial", " - Update the docs checks runner to ubuntu-latest", " - Add spelling exceptions", " Bug fixes:", " - Fix logging setup when python-rich is not present", " - parse-nm: add a workaround for the DoT DNS option (LP:2055148)", " - parse: don't remove datalist items during iteration", " - parse: fix redefinition of gateway(4|6)", " - python: elements of all must be strings", " - CI: Fix DebCI check, using newer 'meson' from unstable", " - tests: fix diff test with iproute2 6.8", " - cli/generate: skip daemon_reload with --mapping", " - CI: fork spread to get snapcore/spread#179 fixes", " - ctests: fix a memory leak in a unit test", " - nm/nd: fix a couple of crashes", " - test:integration: Try to improve test flakyness (Closes: #1069871)", " - Security fixes (CVE-2022-4968)", " - emitter: allow unicode characters in the emitter (LP:2071652)", " - CLI:apply: call udevadm trigger, using --action=move", " (Closes: #1071220) (LP:2066344, LP:2071363)", " - CI: fix CodeQL permissions", " - ci: run meson tests with unbuffer", " - ci/tics: install \"expect\" as a dependency", " - generate: avoid calling 'udevadm control --reload' (LP:1999178)", " - netplan ignores NetworkManager ipv4.route-metric (LP:2076172)", " - Change default umask when creating directories (LP:2076319)", " * d/libnetplan1.symbols: Update symbols file for v1.1", " * d/t/control: Add breaks-testbed for more robust CI", " * d/t/control: Add python3-packaging test dependency for 'routing.py'", " * d/rules: Handle improved 'nocheck' option (Closes: #1071599)", " * d/{rules,control}: Utilize dh-python", " * d/control:", " + Change Maintainer to Networking team", " + Mark udev as a (test-)dependency", " + Drop python3-{dbus,netifaces} dependencies, not needed anymore", " + Add ethtool dependency, needed as of 1.1.1", " + Mark libcmocka-dev as a test-dependency", " + Clarify package description (Closes: #1076445)", "" ], "package": "netplan.io", "version": "1.1.1-1~ubuntu24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2077011 ], "author": "Lukas Märdian ", "date": "Tue, 22 Oct 2024 15:54:21 +0200" } ], "notes": null }, { "name": "ssh-import-id", "from_version": { "source_package_name": "ssh-import-id", "source_package_version": "5.11-0ubuntu2", "version": "5.11-0ubuntu2" }, "to_version": { "source_package_name": "ssh-import-id", "source_package_version": "5.11-0ubuntu2.24.04.1", "version": "5.11-0ubuntu2.24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2085898 ], "changes": [ { "cves": [], "log": [ "", " * Ensure ssh-import-id (the binary package) depends on python3-launchpadlib.", " This fixes a crash where ssh-import-id would raise a ModuleNotFoundError", " exception if python3-launchpadlib is not installed. (LP: #2085898).", "" ], "package": "ssh-import-id", "version": "5.11-0ubuntu2.24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2085898 ], "author": "Olivier Gayot ", "date": "Wed, 30 Oct 2024 10:19:01 +0100" } ], "notes": null } ], "snap": [] }, "added": { "deb": [ { "name": "ethtool", "from_version": { "source_package_name": null, "source_package_version": null, "version": null }, "to_version": { "source_package_name": "ethtool", "source_package_version": "1:6.7-1build1", "version": "1:6.7-1build1" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * No change rebuild for 64-bit time_t and frame pointers.", "" ], "package": "ethtool", "version": "1:6.7-1build1", "urgency": "high", "distributions": "noble", "launchpad_bugs_fixed": [], "author": "Julian Andres Klode ", "date": "Mon, 08 Apr 2024 17:57:18 +0200" }, { "cves": [], "log": [ "", " * New upstream release: 6.7", " * Update copyright years for debian/* packaging files", "" ], "package": "ethtool", "version": "1:6.7-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Salvatore Bonaccorso ", "date": "Wed, 31 Jan 2024 08:37:15 +0100" }, { "cves": [], "log": [ "", " * Upload to unstable", " * New upstream release: 6.6", " * debian/ethtool.if-{pre-up,up}: Reference ethtool in /usr/bin.", "" ], "package": "ethtool", "version": "1:6.6-1", "urgency": "medium", "distributions": "unstable", "launchpad_bugs_fixed": [], "author": "Salvatore Bonaccorso ", "date": "Wed, 29 Nov 2023 17:07:25 +0100" } ], "notes": "For a newly added package only the three most recent changelog entries are shown." }, { "name": "linux-image-6.8.0-51-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.8.0-50.51", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "6.8.0-51.52", "version": "6.8.0-51.52" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-51.52", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "6.8.0-51.52", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Sat, 30 Nov 2024 20:09:28 +0100" } ], "notes": "linux-image-6.8.0-51-generic version '6.8.0-51.52' (source package linux-signed version '6.8.0-51.52') was added. linux-image-6.8.0-51-generic version '6.8.0-51.52' has the same source package name, linux-signed, as removed package linux-image-6.8.0-50-generic. As such we can use the source package version of the removed package, '6.8.0-50.51', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." }, { "name": "linux-modules-6.8.0-51-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-50.51", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-51.52", "version": "6.8.0-51.52" }, "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2090369, 1786013, 2087886 ], "changes": [ { "cves": [ { "cve": "CVE-2024-50264", "url": "https://ubuntu.com/security/CVE-2024-50264", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.", "cve_priority": "high", "cve_public_date": "2024-11-19 02:16:00 UTC" }, { "cve": "CVE-2024-53057", "url": "https://ubuntu.com/security/CVE-2024-53057", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)", "cve_priority": "medium", "cve_public_date": "2024-11-19 18:15:00 UTC" }, { "cve": "CVE-2024-49967", "url": "https://ubuntu.com/security/CVE-2024-49967", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1", "cve_priority": "medium", "cve_public_date": "2024-10-21 18:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-51.52 -proposed tracker (LP: #2090369)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", " - [Packaging] update variants", "", " * MGLRU: kswapd uses 100% CPU when MGLRU is enabled and under memory pressure", " (LP: #2087886)", " - mm/mglru: only clear kswapd_failures if reclaimable", "", " * CVE-2024-50264", " - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans", "", " * CVE-2024-53057", " - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT", "", " * CVE-2024-49967", " - ext4: no need to continue when the number of entries is 1", "" ], "package": "linux", "version": "6.8.0-51.52", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2090369, 1786013, 2087886 ], "author": "Manuel Diewald ", "date": "Sat, 30 Nov 2024 19:21:46 +0100" } ], "notes": "linux-modules-6.8.0-51-generic version '6.8.0-51.52' (source package linux version '6.8.0-51.52') was added. linux-modules-6.8.0-51-generic version '6.8.0-51.52' has the same source package name, linux, as removed package linux-modules-6.8.0-50-generic. As such we can use the source package version of the removed package, '6.8.0-50.51', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package." } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-image-6.8.0-50-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.8.0-50.51", "version": "6.8.0-50.51" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "linux-modules-6.8.0-50-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-50.51", "version": "6.8.0-50.51" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null }, { "name": "python3-netifaces", "from_version": { "source_package_name": "netifaces", "source_package_version": "0.11.0-2build3", "version": "0.11.0-2build3" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from daily image serial 20241211 to 20250109", "from_series": "noble", "to_series": "noble", "from_serial": "20241211", "to_serial": "20250109", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }