{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "intel-microcode", "libcap2", "libcap2-bin" ] } }, "diff": { "deb": [ { "name": "intel-microcode", "from_version": { "source_package_name": "intel-microcode", "source_package_version": "3.20241112.0ubuntu0.24.04.1", "version": "3.20241112.0ubuntu0.24.04.1" }, "to_version": { "source_package_name": "intel-microcode", "source_package_version": "3.20250211.0ubuntu0.24.04.1", "version": "3.20250211.0ubuntu0.24.04.1" }, "cves": [ { "cve": "CVE-2024-31068", "url": "https://ubuntu.com/security/CVE-2024-31068", "cve_description": "Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privileged user to potentially enable denial of service via local access.", "cve_priority": "medium", "cve_public_date": "2025-02-12 22:15:00 UTC" }, { "cve": "CVE-2024-36293", "url": "https://ubuntu.com/security/CVE-2024-36293", "cve_description": "Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.", "cve_priority": "medium", "cve_public_date": "2025-02-12 22:15:00 UTC" }, { "cve": "CVE-2024-39279", "url": "https://ubuntu.com/security/CVE-2024-39279", "cve_description": "Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.", "cve_priority": "medium", "cve_public_date": "2025-02-12 22:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-31068", "url": "https://ubuntu.com/security/CVE-2024-31068", "cve_description": "Improper Finite State Machines (FSMs) in Hardware Logic for some Intel(R) Processors may allow privileged user to potentially enable denial of service via local access.", "cve_priority": "medium", "cve_public_date": "2025-02-12 22:15:00 UTC" }, { "cve": "CVE-2024-36293", "url": "https://ubuntu.com/security/CVE-2024-36293", "cve_description": "Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.", "cve_priority": "medium", "cve_public_date": "2025-02-12 22:15:00 UTC" }, { "cve": "CVE-2024-39279", "url": "https://ubuntu.com/security/CVE-2024-39279", "cve_description": "Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.", "cve_priority": "medium", "cve_public_date": "2025-02-12 22:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: New upstream microcode datafile 20250211", " - New microcodes:", " sig 0x000a06f3, pf_mask 0x01, 2024-11-22, rev 0x3000330, size 1533952", " sig 0x000b0674, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968", " sig 0x000b06f6, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280", " sig 0x000b06f7, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280", " - Updated microcodes:", " sig 0x000606a6, pf_mask 0x87, 2024-08-02, rev 0xd0003f5, size 308224", " sig 0x000606c1, pf_mask 0x10, 2024-08-08, rev 0x10002c0, size 300032", " sig 0x000806f4, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592", " sig 0x000806f4, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824", " sig 0x000806f5, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592", " sig 0x000806f5, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824", " sig 0x000806f6, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592", " sig 0x000806f6, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824", " sig 0x000806f7, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824", " sig 0x000806f8, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592", " sig 0x000806f8, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824", " sig 0x00090672, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280", " sig 0x00090675, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280", " sig 0x000906a3, pf_mask 0x80, 2024-08-01, rev 0x0436, size 223232", " sig 0x000906a4, pf_mask 0x40, 2024-07-29, rev 0x0009, size 119808", " sig 0x000906a4, pf_mask 0x80, 2024-08-01, rev 0x0436, size 223232", " sig 0x000906ea, pf_mask 0x22, 2024-07-28, rev 0x00fa, size 105472", " sig 0x000906ed, pf_mask 0x22, 2024-07-31, rev 0x0102, size 106496", " sig 0x000a0671, pf_mask 0x02, 2024-08-01, rev 0x0063, size 108544", " sig 0x000b0671, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968", " sig 0x000b06a2, pf_mask 0xe0, 2024-07-31, rev 0x4124, size 220160", " sig 0x000b06a3, pf_mask 0xe0, 2024-07-31, rev 0x4124, size 220160", " sig 0x000b06a8, pf_mask 0xe0, 2024-07-31, rev 0x4124, size 220160", " sig 0x000b06e0, pf_mask 0x19, 2024-09-06, rev 0x001c, size 138240", " sig 0x000b06f2, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280", " sig 0x000b06f5, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280", " sig 0x000c06f1, pf_mask 0x87, 2024-07-30, rev 0x21000291, size 560128", " sig 0x000c06f2, pf_mask 0x87, 2024-07-30, rev 0x21000291, size 560128", " - CVE-2024-31068 (INTEL-SA-01166)", " - CVE-2024-36293 (INTEL-SA-01213)", " - CVE-2024-39279 (INTEL-SA-01139)", " * source: update symlinks to reflect id of the latest release, 20250211", "" ], "package": "intel-microcode", "version": "3.20250211.0ubuntu0.24.04.1", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Alex Murray ", "date": "Wed, 12 Feb 2025 10:41:04 +1030" } ], "notes": null }, { "name": "libcap2", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.66-5ubuntu2.1", "version": "1:2.66-5ubuntu2.1" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.66-5ubuntu2.2", "version": "1:2.66-5ubuntu2.2" }, "cves": [ { "cve": "CVE-2025-1390", "url": "https://ubuntu.com/security/CVE-2025-1390", "cve_description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "cve_priority": "medium", "cve_public_date": "2025-02-20" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-1390", "url": "https://ubuntu.com/security/CVE-2025-1390", "cve_description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "cve_priority": "medium", "cve_public_date": "2025-02-20" } ], "log": [ "", " * SECURITY UPDATE: incorrect group name handling", " - debian/patches/CVE-2025-1390-1.patch: fix potential configuration", " parsing error in pam_cap/pam_cap.c.", " - debian/patches/CVE-2025-1390-2.patch: add a test for bad group prefix", " in pam_cap/sudotest.conf.", " - CVE-2025-1390", "" ], "package": "libcap2", "version": "1:2.66-5ubuntu2.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 20 Feb 2025 10:49:57 -0500" } ], "notes": null }, { "name": "libcap2-bin", "from_version": { "source_package_name": "libcap2", "source_package_version": "1:2.66-5ubuntu2.1", "version": "1:2.66-5ubuntu2.1" }, "to_version": { "source_package_name": "libcap2", "source_package_version": "1:2.66-5ubuntu2.2", "version": "1:2.66-5ubuntu2.2" }, "cves": [ { "cve": "CVE-2025-1390", "url": "https://ubuntu.com/security/CVE-2025-1390", "cve_description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "cve_priority": "medium", "cve_public_date": "2025-02-20" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-1390", "url": "https://ubuntu.com/security/CVE-2025-1390", "cve_description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "cve_priority": "medium", "cve_public_date": "2025-02-20" } ], "log": [ "", " * SECURITY UPDATE: incorrect group name handling", " - debian/patches/CVE-2025-1390-1.patch: fix potential configuration", " parsing error in pam_cap/pam_cap.c.", " - debian/patches/CVE-2025-1390-2.patch: add a test for bad group prefix", " in pam_cap/sudotest.conf.", " - CVE-2025-1390", "" ], "package": "libcap2", "version": "1:2.66-5ubuntu2.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 20 Feb 2025 10:49:57 -0500" } ], "notes": null } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from daily image serial 20250221 to 20250224", "from_series": "noble", "to_series": "noble", "from_serial": "20250221", "to_serial": "20250224", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }