{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "amd64-microcode", "apport", "apport-core-dump-handler", "cloud-init", "cloud-init-base", "libpam-systemd", "libpython3.13-minimal", "libpython3.13-stdlib", "libsystemd-shared", "libsystemd0", "libudev1", "python3-apport", "python3-pkg-resources", "python3-problem-report", "python3-requests", "python3.13", "python3.13-minimal", "systemd", "systemd-resolved", "systemd-sysv", "systemd-timesyncd", "tzdata", "udev" ] } }, "diff": { "deb": [ { "name": "amd64-microcode", "from_version": { "source_package_name": "amd64-microcode", "source_package_version": "3.20240820.1ubuntu1", "version": "3.20240820.1ubuntu1" }, "to_version": { "source_package_name": "amd64-microcode", "source_package_version": "3.20250311.1ubuntu0.25.04.1", "version": "3.20250311.1ubuntu0.25.04.1" }, "cves": [ { "cve": "CVE-2024-56161", "url": "https://ubuntu.com/security/CVE-2024-56161", "cve_description": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.", "cve_priority": "medium", "cve_public_date": "2025-02-03 18:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-56161", "url": "https://ubuntu.com/security/CVE-2024-56161", "cve_description": "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.", "cve_priority": "medium", "cve_public_date": "2025-02-03 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Update package data from linux-firmware 20250311", " - New AMD microcodes (20241121):", " Family=0x17 Model=0x60 Stepping=0x01: Patch=0x0860010d", " Family=0x17 Model=0x68 Stepping=0x01: Patch=0x08608108", " Family=0x17 Model=0x71 Stepping=0x00: Patch=0x08701034", " Family=0x19 Model=0x08 Stepping=0x02: Patch=0x0a00820c", " Family=0x19 Model=0x18 Stepping=0x01: Patch=0x0a108108", " Family=0x19 Model=0x21 Stepping=0x00: Patch=0x0a20102d", " Family=0x19 Model=0x21 Stepping=0x02: Patch=0x0a201210", " Family=0x19 Model=0x44 Stepping=0x01: Patch=0x0a404107", " Family=0x19 Model=0x50 Stepping=0x00: Patch=0x0a500011", " Family=0x19 Model=0x61 Stepping=0x02: Patch=0x0a601209", " Family=0x19 Model=0x74 Stepping=0x01: Patch=0x0a704107", " Family=0x19 Model=0x75 Stepping=0x02: Patch=0x0a705206", " Family=0x19 Model=0x78 Stepping=0x00: Patch=0x0a708007", " Family=0x19 Model=0x7c Stepping=0x00: Patch=0x0a70c005", " - Updated microcodes:", " Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a0000a", " - New SEV firmware (20250221):", " Family 1ah models 00h-0fh: version 1.55 build 54", " - Updated SEV firmware:", " Family 17h models 30h-3fh: version 0.24 build 20", " Family 19h models 00h-0fh: version 1.55 build 29", " Family 19h models 10h-1fh: version 1.55 build 39", " Family 19h models a0h-afh: version 1.55 build 39", " - CVE-2024-56161 (AMD-SB-3019)", " Update remote attestation to be compatible with AMD systems with", " up-to-date firmware (i.e. which fixes \"EntrySign\"), and update", " AMD-SEV for AMD-SB-3019 mitigations.", " * Remaining changes:", " - initramfs-tools hook (debian/initramfs.hook):", " + Default to 'early' instead of 'auto' when building with", " MODULES=most", " + Do not override preset defaults from auto-exported conf", " snippets loaded by initramfs-tools.", "" ], "package": "amd64-microcode", "version": "3.20250311.1ubuntu0.25.04.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Eduardo Barretto ", "date": "Tue, 27 May 2025 15:24:46 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.32.0-0ubuntu5", "version": "2.32.0-0ubuntu5" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.32.0-0ubuntu5.2", "version": "2.32.0-0ubuntu5.2" }, "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2112272, 2106338, 2107472 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: apport not generating core dumps inside containers", " (LP: #2112272)", " - d/p/check-exe-mtime.patch: Check the exe mtime within the proc root", " mount.", "" ], "package": "apport", "version": "2.32.0-0ubuntu5.2", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [ 2112272 ], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 16:04:27 -0300" }, { "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Insecure report permissions (LP: #2106338)", " - d/p/apport-Do-not-change-report-group-to-report-owners-primar.patch: Do", " not change report group to report owners primary group.", " - CVE-2025-5467", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " (LP: #2107472)", " - d/p/apport-move-consistency_checks-call-further-up.patch: Move", " consistency_checks call further up.", " - d/p/apport-do-not-override-options.pid.patch: Do not override", " options.pid.", " - d/p/apport-open-proc-pid-as-early-as-possible.patch: Open /proc/ as", " early as possible.", " - d/p/fileutils-respect-proc_pid_fd-in-get_core_path.patch: Respect", " proc_pid_fd in get_core_path.", " - d/p/apport-use-opened-proc-pid-everywhere.patch: Use opened /proc/", " everywhere.", " - d/p/apport-do-consistency-check-before-forwarding-crashes.patch: Do", " consistency check before forwarding crashes.", " - d/p/apport-require-dump-mode-to-be-specified.patch: Require --dump-mode", " to be specified.", " - d/p/apport-determine-report-owner-by-dump_mode.patch: Determine report", " owner by dump_mode.", " - d/p/apport-do-not-forward-crash-for-dump_mode-2.patch: Do not forward", " crash for dump_mode == 2.", " - d/p/apport-support-pidfd-F-parameter-from-kernel.patch: Support pidfd", " (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.32.0-0ubuntu5.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [ 2106338, 2107472 ], "author": "Octavio Galland ", "date": "Fri, 23 May 2025 10:36:40 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "apport-core-dump-handler", "from_version": { "source_package_name": "apport", "source_package_version": "2.32.0-0ubuntu5", "version": "2.32.0-0ubuntu5" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.32.0-0ubuntu5.2", "version": "2.32.0-0ubuntu5.2" }, "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2112272, 2106338, 2107472 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: apport not generating core dumps inside containers", " (LP: #2112272)", " - d/p/check-exe-mtime.patch: Check the exe mtime within the proc root", " mount.", "" ], "package": "apport", "version": "2.32.0-0ubuntu5.2", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [ 2112272 ], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 16:04:27 -0300" }, { "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Insecure report permissions (LP: #2106338)", " - d/p/apport-Do-not-change-report-group-to-report-owners-primar.patch: Do", " not change report group to report owners primary group.", " - CVE-2025-5467", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " (LP: #2107472)", " - d/p/apport-move-consistency_checks-call-further-up.patch: Move", " consistency_checks call further up.", " - d/p/apport-do-not-override-options.pid.patch: Do not override", " options.pid.", " - d/p/apport-open-proc-pid-as-early-as-possible.patch: Open /proc/ as", " early as possible.", " - d/p/fileutils-respect-proc_pid_fd-in-get_core_path.patch: Respect", " proc_pid_fd in get_core_path.", " - d/p/apport-use-opened-proc-pid-everywhere.patch: Use opened /proc/", " everywhere.", " - d/p/apport-do-consistency-check-before-forwarding-crashes.patch: Do", " consistency check before forwarding crashes.", " - d/p/apport-require-dump-mode-to-be-specified.patch: Require --dump-mode", " to be specified.", " - d/p/apport-determine-report-owner-by-dump_mode.patch: Determine report", " owner by dump_mode.", " - d/p/apport-do-not-forward-crash-for-dump_mode-2.patch: Do not forward", " crash for dump_mode == 2.", " - d/p/apport-support-pidfd-F-parameter-from-kernel.patch: Support pidfd", " (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.32.0-0ubuntu5.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [ 2106338, 2107472 ], "author": "Octavio Galland ", "date": "Fri, 23 May 2025 10:36:40 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "25.1.1-0ubuntu2", "version": "25.1.1-0ubuntu2" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "25.1.2-0ubuntu0~25.04.1", "version": "25.1.2-0ubuntu0~25.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2104165 ], "changes": [ { "cves": [], "log": [ "", " * d/cloud-init-base.postinst: don't version-gate the migration from using", " cloud-init-base debconf values over cloud-init.", " * Upstream snapshot based on 25.1.2. (LP: #2104165).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/25.1.2/ChangeLog", "" ], "package": "cloud-init", "version": "25.1.2-0ubuntu0~25.04.1", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2104165 ], "author": "James Falcon ", "date": "Mon, 19 May 2025 14:20:17 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-init-base", "from_version": { "source_package_name": "cloud-init", "source_package_version": "25.1.1-0ubuntu2", "version": "25.1.1-0ubuntu2" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "25.1.2-0ubuntu0~25.04.1", "version": "25.1.2-0ubuntu0~25.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2104165 ], "changes": [ { "cves": [], "log": [ "", " * d/cloud-init-base.postinst: don't version-gate the migration from using", " cloud-init-base debconf values over cloud-init.", " * Upstream snapshot based on 25.1.2. (LP: #2104165).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/25.1.2/ChangeLog", "" ], "package": "cloud-init", "version": "25.1.2-0ubuntu0~25.04.1", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2104165 ], "author": "James Falcon ", "date": "Mon, 19 May 2025 14:20:17 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpam-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3", "version": "257.4-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3.1", "version": "257.4-1ubuntu3.1" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - debian/patches/CVE_2025_4598_5.patch: coredump: add support for new %F", " PIDFD specifier.", " - debian/patches/CVE_2025_4598_6.patch: coredump: when %F/pidfd is used,", " again allow forwarding to containers.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "257.4-1ubuntu3.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 10:00:26 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.13-minimal", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.3-1", "version": "3.13.3-1" }, "to_version": { "source_package_name": "python3.13", "source_package_version": "3.13.3-1ubuntu0.1", "version": "3.13.3-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-4516", "url": "https://ubuntu.com/security/CVE-2025-4516", "cve_description": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.", "cve_priority": "medium", "cve_public_date": "2025-05-15 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4516", "url": "https://ubuntu.com/security/CVE-2025-4516", "cve_description": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.", "cve_priority": "medium", "cve_public_date": "2025-05-15 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: DoS via bytes.decode with unicode_escape", " - debian/patches/CVE-2025-4516.patch: fix use-after-free in the", " unicode-escape decoder with an error handler in", " Include/internal/pycore_bytesobject.h,", " Include/internal/pycore_unicodeobject.h,", " Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py,", " Objects/bytesobject.c, Objects/unicodeobject.c,", " Parser/string_parser.c.", " - CVE-2025-4516", "" ], "package": "python3.13", "version": "3.13.3-1ubuntu0.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 26 May 2025 12:21:48 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.13-stdlib", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.3-1", "version": "3.13.3-1" }, "to_version": { "source_package_name": "python3.13", "source_package_version": "3.13.3-1ubuntu0.1", "version": "3.13.3-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-4516", "url": "https://ubuntu.com/security/CVE-2025-4516", "cve_description": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.", "cve_priority": "medium", "cve_public_date": "2025-05-15 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4516", "url": "https://ubuntu.com/security/CVE-2025-4516", "cve_description": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.", "cve_priority": "medium", "cve_public_date": "2025-05-15 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: DoS via bytes.decode with unicode_escape", " - debian/patches/CVE-2025-4516.patch: fix use-after-free in the", " unicode-escape decoder with an error handler in", " Include/internal/pycore_bytesobject.h,", " Include/internal/pycore_unicodeobject.h,", " Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py,", " Objects/bytesobject.c, Objects/unicodeobject.c,", " Parser/string_parser.c.", " - CVE-2025-4516", "" ], "package": "python3.13", "version": "3.13.3-1ubuntu0.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 26 May 2025 12:21:48 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd-shared", "from_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3", "version": "257.4-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3.1", "version": "257.4-1ubuntu3.1" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - debian/patches/CVE_2025_4598_5.patch: coredump: add support for new %F", " PIDFD specifier.", " - debian/patches/CVE_2025_4598_6.patch: coredump: when %F/pidfd is used,", " again allow forwarding to containers.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "257.4-1ubuntu3.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 10:00:26 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd0", "from_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3", "version": "257.4-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3.1", "version": "257.4-1ubuntu3.1" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - debian/patches/CVE_2025_4598_5.patch: coredump: add support for new %F", " PIDFD specifier.", " - debian/patches/CVE_2025_4598_6.patch: coredump: when %F/pidfd is used,", " again allow forwarding to containers.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "257.4-1ubuntu3.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 10:00:26 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libudev1", "from_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3", "version": "257.4-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3.1", "version": "257.4-1ubuntu3.1" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - debian/patches/CVE_2025_4598_5.patch: coredump: add support for new %F", " PIDFD specifier.", " - debian/patches/CVE_2025_4598_6.patch: coredump: when %F/pidfd is used,", " again allow forwarding to containers.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "257.4-1ubuntu3.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 10:00:26 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.32.0-0ubuntu5", "version": "2.32.0-0ubuntu5" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.32.0-0ubuntu5.2", "version": "2.32.0-0ubuntu5.2" }, "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2112272, 2106338, 2107472 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: apport not generating core dumps inside containers", " (LP: #2112272)", " - d/p/check-exe-mtime.patch: Check the exe mtime within the proc root", " mount.", "" ], "package": "apport", "version": "2.32.0-0ubuntu5.2", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [ 2112272 ], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 16:04:27 -0300" }, { "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Insecure report permissions (LP: #2106338)", " - d/p/apport-Do-not-change-report-group-to-report-owners-primar.patch: Do", " not change report group to report owners primary group.", " - CVE-2025-5467", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " (LP: #2107472)", " - d/p/apport-move-consistency_checks-call-further-up.patch: Move", " consistency_checks call further up.", " - d/p/apport-do-not-override-options.pid.patch: Do not override", " options.pid.", " - d/p/apport-open-proc-pid-as-early-as-possible.patch: Open /proc/ as", " early as possible.", " - d/p/fileutils-respect-proc_pid_fd-in-get_core_path.patch: Respect", " proc_pid_fd in get_core_path.", " - d/p/apport-use-opened-proc-pid-everywhere.patch: Use opened /proc/", " everywhere.", " - d/p/apport-do-consistency-check-before-forwarding-crashes.patch: Do", " consistency check before forwarding crashes.", " - d/p/apport-require-dump-mode-to-be-specified.patch: Require --dump-mode", " to be specified.", " - d/p/apport-determine-report-owner-by-dump_mode.patch: Determine report", " owner by dump_mode.", " - d/p/apport-do-not-forward-crash-for-dump_mode-2.patch: Do not forward", " crash for dump_mode == 2.", " - d/p/apport-support-pidfd-F-parameter-from-kernel.patch: Support pidfd", " (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.32.0-0ubuntu5.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [ 2106338, 2107472 ], "author": "Octavio Galland ", "date": "Fri, 23 May 2025 10:36:40 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-pkg-resources", "from_version": { "source_package_name": "setuptools", "source_package_version": "75.8.0-1", "version": "75.8.0-1" }, "to_version": { "source_package_name": "setuptools", "source_package_version": "75.8.0-1ubuntu1", "version": "75.8.0-1ubuntu1" }, "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: path traversal vulnerability", " - debian/patches/CVE-2025-47273-pre1.patch: Extract", " _resolve_download_filename with test.", " - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name", " resolves relative to the tmpdir.", " - CVE-2025-47273", "" ], "package": "setuptools", "version": "75.8.0-1ubuntu1", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [], "author": "Fabian Toepfer ", "date": "Wed, 28 May 2025 19:12:59 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-problem-report", "from_version": { "source_package_name": "apport", "source_package_version": "2.32.0-0ubuntu5", "version": "2.32.0-0ubuntu5" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.32.0-0ubuntu5.2", "version": "2.32.0-0ubuntu5.2" }, "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2112272, 2106338, 2107472 ], "changes": [ { "cves": [], "log": [ "", " * SECURITY REGRESSION: apport not generating core dumps inside containers", " (LP: #2112272)", " - d/p/check-exe-mtime.patch: Check the exe mtime within the proc root", " mount.", "" ], "package": "apport", "version": "2.32.0-0ubuntu5.2", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [ 2112272 ], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 16:04:27 -0300" }, { "cves": [ { "cve": "CVE-2025-5467", "url": "https://ubuntu.com/security/CVE-2025-5467", "cve_description": "", "cve_priority": "n/a", "cve_public_date": "" }, { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the function `_check_global_pid_and_forward`, which detects if the crashing process resided in a container, was being called before `consistency_checks`, which attempts to detect if the crashing process had been replaced. Because of this, if a process crashed and was quickly replaced with a containerized one, apport could be made to forward the core dump to the container, potentially leaking sensitive information. `consistency_checks` is now being called before `_check_global_pid_and_forward`. Additionally, given that the PID-reuse race condition cannot be reliably detected from userspace alone, crashes are only forwarded to containers if the kernel provided a pidfd, or if the crashing process was unprivileged (i.e., if dump mode == 1).", "cve_priority": "medium", "cve_public_date": "2025-05-30 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Insecure report permissions (LP: #2106338)", " - d/p/apport-Do-not-change-report-group-to-report-owners-primar.patch: Do", " not change report group to report owners primary group.", " - CVE-2025-5467", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " (LP: #2107472)", " - d/p/apport-move-consistency_checks-call-further-up.patch: Move", " consistency_checks call further up.", " - d/p/apport-do-not-override-options.pid.patch: Do not override", " options.pid.", " - d/p/apport-open-proc-pid-as-early-as-possible.patch: Open /proc/ as", " early as possible.", " - d/p/fileutils-respect-proc_pid_fd-in-get_core_path.patch: Respect", " proc_pid_fd in get_core_path.", " - d/p/apport-use-opened-proc-pid-everywhere.patch: Use opened /proc/", " everywhere.", " - d/p/apport-do-consistency-check-before-forwarding-crashes.patch: Do", " consistency check before forwarding crashes.", " - d/p/apport-require-dump-mode-to-be-specified.patch: Require --dump-mode", " to be specified.", " - d/p/apport-determine-report-owner-by-dump_mode.patch: Determine report", " owner by dump_mode.", " - d/p/apport-do-not-forward-crash-for-dump_mode-2.patch: Do not forward", " crash for dump_mode == 2.", " - d/p/apport-support-pidfd-F-parameter-from-kernel.patch: Support pidfd", " (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.32.0-0ubuntu5.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [ 2106338, 2107472 ], "author": "Octavio Galland ", "date": "Fri, 23 May 2025 10:36:40 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-requests", "from_version": { "source_package_name": "requests", "source_package_version": "2.32.3+dfsg-4ubuntu1", "version": "2.32.3+dfsg-4ubuntu1" }, "to_version": { "source_package_name": "requests", "source_package_version": "2.32.3+dfsg-4ubuntu1.1", "version": "2.32.3+dfsg-4ubuntu1.1" }, "cves": [ { "cve": "CVE-2024-47081", "url": "https://ubuntu.com/security/CVE-2024-47081", "cve_description": "Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.", "cve_priority": "medium", "cve_public_date": "2025-06-09 18:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-47081", "url": "https://ubuntu.com/security/CVE-2024-47081", "cve_description": "Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.", "cve_priority": "medium", "cve_public_date": "2025-06-09 18:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Information Leak", " - debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc", " lookup instead of netloc", " - CVE-2024-47081", "" ], "package": "requests", "version": "2.32.3+dfsg-4ubuntu1.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Wed, 11 Jun 2025 13:27:59 +1000" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.13", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.3-1", "version": "3.13.3-1" }, "to_version": { "source_package_name": "python3.13", "source_package_version": "3.13.3-1ubuntu0.1", "version": "3.13.3-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-4516", "url": "https://ubuntu.com/security/CVE-2025-4516", "cve_description": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.", "cve_priority": "medium", "cve_public_date": "2025-05-15 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4516", "url": "https://ubuntu.com/security/CVE-2025-4516", "cve_description": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.", "cve_priority": "medium", "cve_public_date": "2025-05-15 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: DoS via bytes.decode with unicode_escape", " - debian/patches/CVE-2025-4516.patch: fix use-after-free in the", " unicode-escape decoder with an error handler in", " Include/internal/pycore_bytesobject.h,", " Include/internal/pycore_unicodeobject.h,", " Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py,", " Objects/bytesobject.c, Objects/unicodeobject.c,", " Parser/string_parser.c.", " - CVE-2025-4516", "" ], "package": "python3.13", "version": "3.13.3-1ubuntu0.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 26 May 2025 12:21:48 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.13-minimal", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.3-1", "version": "3.13.3-1" }, "to_version": { "source_package_name": "python3.13", "source_package_version": "3.13.3-1ubuntu0.1", "version": "3.13.3-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-4516", "url": "https://ubuntu.com/security/CVE-2025-4516", "cve_description": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.", "cve_priority": "medium", "cve_public_date": "2025-05-15 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4516", "url": "https://ubuntu.com/security/CVE-2025-4516", "cve_description": "There is an issue in CPython when using `bytes.decode(\"unicode_escape\", error=\"ignore|replace\")`. If you are not using the \"unicode_escape\" encoding or an error handler your usage is not affected. To work-around this issue you may stop using the error= handler and instead wrap the bytes.decode() call in a try-except catching the DecodeError.", "cve_priority": "medium", "cve_public_date": "2025-05-15 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: DoS via bytes.decode with unicode_escape", " - debian/patches/CVE-2025-4516.patch: fix use-after-free in the", " unicode-escape decoder with an error handler in", " Include/internal/pycore_bytesobject.h,", " Include/internal/pycore_unicodeobject.h,", " Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py,", " Objects/bytesobject.c, Objects/unicodeobject.c,", " Parser/string_parser.c.", " - CVE-2025-4516", "" ], "package": "python3.13", "version": "3.13.3-1ubuntu0.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 26 May 2025 12:21:48 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3", "version": "257.4-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3.1", "version": "257.4-1ubuntu3.1" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - debian/patches/CVE_2025_4598_5.patch: coredump: add support for new %F", " PIDFD specifier.", " - debian/patches/CVE_2025_4598_6.patch: coredump: when %F/pidfd is used,", " again allow forwarding to containers.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "257.4-1ubuntu3.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 10:00:26 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-resolved", "from_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3", "version": "257.4-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3.1", "version": "257.4-1ubuntu3.1" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - debian/patches/CVE_2025_4598_5.patch: coredump: add support for new %F", " PIDFD specifier.", " - debian/patches/CVE_2025_4598_6.patch: coredump: when %F/pidfd is used,", " again allow forwarding to containers.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "257.4-1ubuntu3.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 10:00:26 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-sysv", "from_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3", "version": "257.4-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3.1", "version": "257.4-1ubuntu3.1" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - debian/patches/CVE_2025_4598_5.patch: coredump: add support for new %F", " PIDFD specifier.", " - debian/patches/CVE_2025_4598_6.patch: coredump: when %F/pidfd is used,", " again allow forwarding to containers.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "257.4-1ubuntu3.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 10:00:26 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-timesyncd", "from_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3", "version": "257.4-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3.1", "version": "257.4-1ubuntu3.1" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - debian/patches/CVE_2025_4598_5.patch: coredump: add support for new %F", " PIDFD specifier.", " - debian/patches/CVE_2025_4598_6.patch: coredump: when %F/pidfd is used,", " again allow forwarding to containers.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "257.4-1ubuntu3.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 10:00:26 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "tzdata", "from_version": { "source_package_name": "tzdata", "source_package_version": "2025b-1ubuntu1", "version": "2025b-1ubuntu1" }, "to_version": { "source_package_name": "tzdata", "source_package_version": "2025b-1ubuntu1.1", "version": "2025b-1ubuntu1.1" }, "cves": [], "launchpad_bugs_fixed": [ 2107950 ], "changes": [ { "cves": [], "log": [ "", " * Update the ICU timezone data to 2025b (LP: #2107950)", " * Add autopkgtest test case for ICU timezone data 2025b", "" ], "package": "tzdata", "version": "2025b-1ubuntu1.1", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2107950 ], "author": "Benjamin Drung ", "date": "Tue, 22 Apr 2025 11:56:42 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "udev", "from_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3", "version": "257.4-1ubuntu3" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.4-1ubuntu3.1", "version": "257.4-1ubuntu3.1" }, "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4598", "url": "https://ubuntu.com/security/CVE-2025-4598", "cve_description": "A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process. A SUID binary or process has a special type of permission, which allows the process to run with the file owner's permissions, regardless of the user executing the binary. This allows the process to access more restricted data than unprivileged users or processes would be able to. An attacker can leverage this flaw by forcing a SUID process to crash and force the Linux kernel to recycle the process PID before systemd-coredump can analyze the /proc/pid/auxv file. If the attacker wins the race condition, they gain access to the original's SUID process coredump file. They can read sensitive content loaded into memory by the original binary, affecting data confidentiality.", "cve_priority": "medium", "cve_public_date": "2025-05-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: race condition in systemd-coredump", " - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of", " _META_MANDATORY_MAX.", " - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core", " pattern.", " - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding", " non-dumpable processes.", " - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus", " assertion.", " - debian/patches/CVE_2025_4598_5.patch: coredump: add support for new %F", " PIDFD specifier.", " - debian/patches/CVE_2025_4598_6.patch: coredump: when %F/pidfd is used,", " again allow forwarding to containers.", " - CVE-2025-4598", "" ], "package": "systemd", "version": "257.4-1ubuntu3.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Wed, 04 Jun 2025 10:00:26 -0300" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.04 plucky image from release image serial 20250527 to 20250617", "from_series": "plucky", "to_series": "plucky", "from_serial": "20250527", "to_serial": "20250617", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }