{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-image-6.14.0-33-generic", "linux-modules-6.14.0-33-generic" ], "removed": [ "linux-image-6.14.0-32-generic", "linux-modules-6.14.0-32-generic" ], "diff": [ "apparmor", "cloud-init", "cloud-init-base", "dpkg", "libapparmor1", "libpcre2-8-0", "libssl3t64", "linux-image-virtual", "openssl", "openssl-provider-legacy" ] } }, "diff": { "deb": [ { "name": "apparmor", "from_version": { "source_package_name": "apparmor", "source_package_version": "4.1.0~beta5-0ubuntu14.1", "version": "4.1.0~beta5-0ubuntu14.1" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "4.1.0~beta5-0ubuntu14.2", "version": "4.1.0~beta5-0ubuntu14.2" }, "cves": [], "launchpad_bugs_fixed": [ 2115234 ], "changes": [ { "cves": [], "log": [ "", " * profiles: make /sys/devices PCI paths hex-aware (LP: #2115234)", "" ], "package": "apparmor", "version": "4.1.0~beta5-0ubuntu14.2", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2115234 ], "author": "Keifer Snedeker ", "date": "Tue, 09 Sep 2025 17:23:48 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "25.1.4-0ubuntu0~25.04.1", "version": "25.1.4-0ubuntu0~25.04.1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "25.2-0ubuntu1~25.04.1", "version": "25.2-0ubuntu1~25.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2120495 ], "changes": [ { "cves": [], "log": [ "", " * d/control: add Azure metapackage", " + New Azure binary package depending on cloud-init-base and", " python3-passlib.", " * d/cloud-init-base.preinst: avoid sed of /etc/fstab when absent", " * d/control: remove trailing whitespace", " * Upstream snapshot based on 25.2. (LP: #2120495).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/25.2/ChangeLog", "" ], "package": "cloud-init", "version": "25.2-0ubuntu1~25.04.1", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2120495 ], "author": "James Falcon ", "date": "Tue, 12 Aug 2025 17:09:23 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-init-base", "from_version": { "source_package_name": "cloud-init", "source_package_version": "25.1.4-0ubuntu0~25.04.1", "version": "25.1.4-0ubuntu0~25.04.1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "25.2-0ubuntu1~25.04.1", "version": "25.2-0ubuntu1~25.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2120495 ], "changes": [ { "cves": [], "log": [ "", " * d/control: add Azure metapackage", " + New Azure binary package depending on cloud-init-base and", " python3-passlib.", " * d/cloud-init-base.preinst: avoid sed of /etc/fstab when absent", " * d/control: remove trailing whitespace", " * Upstream snapshot based on 25.2. (LP: #2120495).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/25.2/ChangeLog", "" ], "package": "cloud-init", "version": "25.2-0ubuntu1~25.04.1", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2120495 ], "author": "James Falcon ", "date": "Tue, 12 Aug 2025 17:09:23 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "dpkg", "from_version": { "source_package_name": "dpkg", "source_package_version": "1.22.18ubuntu2", "version": "1.22.18ubuntu2" }, "to_version": { "source_package_name": "dpkg", "source_package_version": "1.22.18ubuntu2.2", "version": "1.22.18ubuntu2.2" }, "cves": [ { "cve": "CVE-2025-6297", "url": "https://ubuntu.com/security/CVE-2025-6297", "cve_description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.", "cve_priority": "low", "cve_public_date": "2025-07-01 17:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2122053 ], "changes": [ { "cves": [ { "cve": "CVE-2025-6297", "url": "https://ubuntu.com/security/CVE-2025-6297", "cve_description": "It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation even on untrusted data. This may result in leaving temporary files behind on cleanup. Given automated and repeated execution of dpkg-deb commands on adversarial .deb packages or with well compressible files, placed inside a directory with permissions not allowing removal by a non-root user, this can end up in a DoS scenario due to causing disk quota exhaustion or disk full conditions.", "cve_priority": "low", "cve_public_date": "2025-07-01 17:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE:", " - Fix cleanup for control member with restricted directories.", " (LP: #2122053)", " - Fixes CVE-2025-6297", "" ], "package": "dpkg", "version": "1.22.18ubuntu2.2", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [ 2122053 ], "author": "Joy Latten ", "date": "Fri, 19 Sep 2025 16:25:43 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libapparmor1", "from_version": { "source_package_name": "apparmor", "source_package_version": "4.1.0~beta5-0ubuntu14.1", "version": "4.1.0~beta5-0ubuntu14.1" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "4.1.0~beta5-0ubuntu14.2", "version": "4.1.0~beta5-0ubuntu14.2" }, "cves": [], "launchpad_bugs_fixed": [ 2115234 ], "changes": [ { "cves": [], "log": [ "", " * profiles: make /sys/devices PCI paths hex-aware (LP: #2115234)", "" ], "package": "apparmor", "version": "4.1.0~beta5-0ubuntu14.2", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2115234 ], "author": "Keifer Snedeker ", "date": "Tue, 09 Sep 2025 17:23:48 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpcre2-8-0", "from_version": { "source_package_name": "pcre2", "source_package_version": "10.45-1", "version": "10.45-1" }, "to_version": { "source_package_name": "pcre2", "source_package_version": "10.45-1ubuntu0.1", "version": "10.45-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-58050", "url": "https://ubuntu.com/security/CVE-2025-58050", "cve_description": "The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.", "cve_priority": "medium", "cve_public_date": "2025-08-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-58050", "url": "https://ubuntu.com/security/CVE-2025-58050", "cve_description": "The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.", "cve_priority": "medium", "cve_public_date": "2025-08-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: heap overflow in scan substring", " - debian/patches/CVE-2025-58050.patch: restore buffer after an ACCEPT", " inside an scan substring block in src/pcre2_match.c,", " testdata/testinput2, testdata/testoutput2.", " - CVE-2025-58050", "" ], "package": "pcre2", "version": "10.45-1ubuntu0.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 12 Sep 2025 10:30:21 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libssl3t64", "from_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu3", "version": "3.4.1-1ubuntu3" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu4", "version": "3.4.1-1ubuntu4" }, "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack. OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2025-09-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack. OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2025-09-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap", " - debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped", " key size in crypto/cms/cms_pwri.c.", " - CVE-2025-9230", " * SECURITY UPDATE: Timing side-channel in SM2 algorithm on 64 bit ARM", " - debian/patches/CVE-2025-9231-1.patch: use constant time modular", " inversion in crypto/ec/ecp_sm2p256.c.", " - debian/patches/CVE-2025-9231-2.patch: remove unused code in", " crypto/ec/ecp_sm2p256.c.", " - CVE-2025-9231", " * SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling", " - debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte", " in crypto/http/http_lib.c.", " - CVE-2025-9232", "" ], "package": "openssl", "version": "3.4.1-1ubuntu4", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 18 Sep 2025 07:07:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-32.32", "version": "6.14.0-32.32" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.14.0-33.33", "version": "6.14.0-33.33" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.14.0-33.33", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", "" ], "package": "linux-meta", "version": "6.14.0-33.33", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Wed, 17 Sep 2025 22:42:21 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssl", "from_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu3", "version": "3.4.1-1ubuntu3" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu4", "version": "3.4.1-1ubuntu4" }, "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack. OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2025-09-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack. OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2025-09-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap", " - debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped", " key size in crypto/cms/cms_pwri.c.", " - CVE-2025-9230", " * SECURITY UPDATE: Timing side-channel in SM2 algorithm on 64 bit ARM", " - debian/patches/CVE-2025-9231-1.patch: use constant time modular", " inversion in crypto/ec/ecp_sm2p256.c.", " - debian/patches/CVE-2025-9231-2.patch: remove unused code in", " crypto/ec/ecp_sm2p256.c.", " - CVE-2025-9231", " * SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling", " - debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte", " in crypto/http/http_lib.c.", " - CVE-2025-9232", "" ], "package": "openssl", "version": "3.4.1-1ubuntu4", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 18 Sep 2025 07:07:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssl-provider-legacy", "from_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu3", "version": "3.4.1-1ubuntu3" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu4", "version": "3.4.1-1ubuntu4" }, "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack. OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2025-09-30 14:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private key by an attacker.. While remote key recovery over a network was not attempted by the reporter, timing measurements revealed a timing signal which may allow such an attack. OpenSSL does not directly support certificates with SM2 keys in TLS, and so this CVE is not relevant in most TLS contexts. However, given that it is possible to add support for such certificates via a custom provider, coupled with the fact that in such a custom provider context the private key may be recoverable via remote timing measurements, we consider this to be a Moderate severity issue. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as SM2 is not an approved algorithm.", "cve_priority": "medium", "cve_public_date": "2025-09-30 14:15:00 UTC" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash which leads to Denial of Service for an application. The OpenSSL HTTP client API functions can be used directly by applications but they are also used by the OCSP client functions and CMP (Certificate Management Protocol) client implementation in OpenSSL. However the URLs used by these implementations are unlikely to be controlled by an attacker. In this vulnerable code the out of bounds read can only trigger a crash. Furthermore the vulnerability requires an attacker-controlled URL to be passed from an application to the OpenSSL function and the user has to have a 'no_proxy' environment variable set. For the aforementioned reasons the issue was assessed as Low severity. The vulnerable code was introduced in the following patch releases: 3.0.16, 3.1.8, 3.2.4, 3.3.3, 3.4.0 and 3.5.0. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the HTTP client implementation is outside the OpenSSL FIPS module boundary.", "cve_priority": "low", "cve_public_date": "2025-09-30 14:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap", " - debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped", " key size in crypto/cms/cms_pwri.c.", " - CVE-2025-9230", " * SECURITY UPDATE: Timing side-channel in SM2 algorithm on 64 bit ARM", " - debian/patches/CVE-2025-9231-1.patch: use constant time modular", " inversion in crypto/ec/ecp_sm2p256.c.", " - debian/patches/CVE-2025-9231-2.patch: remove unused code in", " crypto/ec/ecp_sm2p256.c.", " - CVE-2025-9231", " * SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling", " - debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte", " in crypto/http/http_lib.c.", " - CVE-2025-9232", "" ], "package": "openssl", "version": "3.4.1-1ubuntu4", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 18 Sep 2025 07:07:45 -0400" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-image-6.14.0-33-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.14.0-32.32", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "6.14.0-33.33", "version": "6.14.0-33.33" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.14.0-33.33", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "6.14.0-33.33", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Wed, 17 Sep 2025 22:42:29 +0200" } ], "notes": "linux-image-6.14.0-33-generic version '6.14.0-33.33' (source package linux-signed version '6.14.0-33.33') was added. linux-image-6.14.0-33-generic version '6.14.0-33.33' has the same source package name, linux-signed, as removed package linux-image-6.14.0-32-generic. As such we can use the source package version of the removed package, '6.14.0-32.32', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-6.14.0-33-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-32.32", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.14.0-33.33", "version": "6.14.0-33.33" }, "cves": [ { "cve": "CVE-2025-38477", "url": "https://ubuntu.com/security/CVE-2025-38477", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, qfq_dump_class may trigger a NULL dereference, and qfq_delete_class may cause a use-after-free. This patch addresses the issue by: 1. Moved qfq_destroy_class into the critical section. 2. Added sch_tree_lock protection to qfq_dump_class and qfq_dump_class_stats.", "cve_priority": "medium", "cve_public_date": "2025-07-28 12:15:00 UTC" }, { "cve": "CVE-2025-38500", "url": "https://ubuntu.com/security/CVE-2025-38500", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such interfaces. The check to enforce this was done only in the case where the xi was returned from xfrmi_locate() which doesn't look for the collect_md interface, and thus the validation was never reached. Calling changelink would thus errornously place the special interface xi in the xfrmi_net->xfrmi hash, but since it also exists in the xfrmi_net->collect_md_xfrmi pointer it would lead to a double free when the net namespace was taken down [1]. Change the check to use the xi from netdev_priv which is available earlier in the function to prevent changes in xfrm collect_md interfaces. [1] resulting oops: [ 8.516540] kernel BUG at net/core/dev.c:12029! [ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary) [ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 8.516569] Workqueue: netns cleanup_net [ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0 [ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 <0f> 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24 [ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206 [ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60 [ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122 [ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100 [ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00 [ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00 [ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000 [ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0 [ 8.516625] PKRU: 55555554 [ 8.516627] Call Trace: [ 8.516632] [ 8.516635] ? rtnl_is_locked+0x15/0x20 [ 8.516641] ? unregister_netdevice_queue+0x29/0xf0 [ 8.516650] ops_undo_list+0x1f2/0x220 [ 8.516659] cleanup_net+0x1ad/0x2e0 [ 8.516664] process_one_work+0x160/0x380 [ 8.516673] worker_thread+0x2aa/0x3c0 [ 8.516679] ? __pfx_worker_thread+0x10/0x10 [ 8.516686] kthread+0xfb/0x200 [ 8.516690] ? __pfx_kthread+0x10/0x10 [ 8.516693] ? __pfx_kthread+0x10/0x10 [ 8.516697] ret_from_fork+0x82/0xf0 [ 8.516705] ? __pfx_kthread+0x10/0x10 [ 8.516709] ret_from_fork_asm+0x1a/0x30 [ 8.516718] ", "cve_priority": "medium", "cve_public_date": "2025-08-12 16:15:00 UTC" }, { "cve": "CVE-2025-38617", "url": "https://ubuntu.com/security/CVE-2025-38617", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 (\"net/packet: fix a race in packet_bind() and packet_notifier()\"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.", "cve_priority": "medium", "cve_public_date": "2025-08-22 14:15:00 UTC" }, { "cve": "CVE-2025-38618", "url": "https://ubuntu.com/security/CVE-2025-38618", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY.", "cve_priority": "medium", "cve_public_date": "2025-08-22 14:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2124042, 1786013 ], "changes": [ { "cves": [ { "cve": "CVE-2025-38477", "url": "https://ubuntu.com/security/CVE-2025-38477", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, qfq_dump_class may trigger a NULL dereference, and qfq_delete_class may cause a use-after-free. This patch addresses the issue by: 1. Moved qfq_destroy_class into the critical section. 2. Added sch_tree_lock protection to qfq_dump_class and qfq_dump_class_stats.", "cve_priority": "medium", "cve_public_date": "2025-07-28 12:15:00 UTC" }, { "cve": "CVE-2025-38500", "url": "https://ubuntu.com/security/CVE-2025-38500", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such interfaces. The check to enforce this was done only in the case where the xi was returned from xfrmi_locate() which doesn't look for the collect_md interface, and thus the validation was never reached. Calling changelink would thus errornously place the special interface xi in the xfrmi_net->xfrmi hash, but since it also exists in the xfrmi_net->collect_md_xfrmi pointer it would lead to a double free when the net namespace was taken down [1]. Change the check to use the xi from netdev_priv which is available earlier in the function to prevent changes in xfrm collect_md interfaces. [1] resulting oops: [ 8.516540] kernel BUG at net/core/dev.c:12029! [ 8.516552] Oops: invalid opcode: 0000 [#1] SMP NOPTI [ 8.516559] CPU: 0 UID: 0 PID: 12 Comm: kworker/u80:0 Not tainted 6.15.0-virtme #5 PREEMPT(voluntary) [ 8.516565] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 8.516569] Workqueue: netns cleanup_net [ 8.516579] RIP: 0010:unregister_netdevice_many_notify+0x101/0xab0 [ 8.516590] Code: 90 0f 0b 90 48 8b b0 78 01 00 00 48 8b 90 80 01 00 00 48 89 56 08 48 89 32 4c 89 80 78 01 00 00 48 89 b8 80 01 00 00 eb ac 90 <0f> 0b 48 8b 45 00 4c 8d a0 88 fe ff ff 48 39 c5 74 5c 41 80 bc 24 [ 8.516593] RSP: 0018:ffffa93b8006bd30 EFLAGS: 00010206 [ 8.516598] RAX: ffff98fe4226e000 RBX: ffffa93b8006bd58 RCX: ffffa93b8006bc60 [ 8.516601] RDX: 0000000000000004 RSI: 0000000000000000 RDI: dead000000000122 [ 8.516603] RBP: ffffa93b8006bdd8 R08: dead000000000100 R09: ffff98fe4133c100 [ 8.516605] R10: 0000000000000000 R11: 00000000000003d2 R12: ffffa93b8006be00 [ 8.516608] R13: ffffffff96c1a510 R14: ffffffff96c1a510 R15: ffffa93b8006be00 [ 8.516615] FS: 0000000000000000(0000) GS:ffff98fee73b7000(0000) knlGS:0000000000000000 [ 8.516619] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 8.516622] CR2: 00007fcd2abd0700 CR3: 000000003aa40000 CR4: 0000000000752ef0 [ 8.516625] PKRU: 55555554 [ 8.516627] Call Trace: [ 8.516632] [ 8.516635] ? rtnl_is_locked+0x15/0x20 [ 8.516641] ? unregister_netdevice_queue+0x29/0xf0 [ 8.516650] ops_undo_list+0x1f2/0x220 [ 8.516659] cleanup_net+0x1ad/0x2e0 [ 8.516664] process_one_work+0x160/0x380 [ 8.516673] worker_thread+0x2aa/0x3c0 [ 8.516679] ? __pfx_worker_thread+0x10/0x10 [ 8.516686] kthread+0xfb/0x200 [ 8.516690] ? __pfx_kthread+0x10/0x10 [ 8.516693] ? __pfx_kthread+0x10/0x10 [ 8.516697] ret_from_fork+0x82/0xf0 [ 8.516705] ? __pfx_kthread+0x10/0x10 [ 8.516709] ret_from_fork_asm+0x1a/0x30 [ 8.516718] ", "cve_priority": "medium", "cve_public_date": "2025-08-12 16:15:00 UTC" }, { "cve": "CVE-2025-38617", "url": "https://ubuntu.com/security/CVE-2025-38617", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 (\"net/packet: fix a race in packet_bind() and packet_notifier()\"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.", "cve_priority": "medium", "cve_public_date": "2025-08-22 14:15:00 UTC" }, { "cve": "CVE-2025-38618", "url": "https://ubuntu.com/security/CVE-2025-38618", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY.", "cve_priority": "medium", "cve_public_date": "2025-08-22 14:15:00 UTC" } ], "log": [ "", " * plucky/linux: 6.14.0-33.33 -proposed tracker (LP: #2124042)", "", " * Packaging resync (LP: #1786013)", " - [Packaging] resync git-ubuntu-log", "", " * CVE-2025-38477", " - net/sched: sch_qfq: Fix race condition on qfq_aggregate", " - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in", " qfq_delete_class", "", " * CVE-2025-38500", " - xfrm: interface: fix use-after-free after changing collect_md xfrm", " interface", "", " * CVE-2025-38617", " - net/packet: fix a race in packet_set_ring() and packet_notifier()", "", " * CVE-2025-38618", " - vsock: Do not allow binding to VMADDR_PORT_ANY", "" ], "package": "linux", "version": "6.14.0-33.33", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2124042, 1786013 ], "author": "Manuel Diewald ", "date": "Wed, 17 Sep 2025 21:37:55 +0200" } ], "notes": "linux-modules-6.14.0-33-generic version '6.14.0-33.33' (source package linux version '6.14.0-33.33') was added. linux-modules-6.14.0-33-generic version '6.14.0-33.33' has the same source package name, linux, as removed package linux-modules-6.14.0-32-generic. As such we can use the source package version of the removed package, '6.14.0-32.32', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-image-6.14.0-32-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.14.0-32.32", "version": "6.14.0-32.32" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-6.14.0-32-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.14.0-32.32", "version": "6.14.0-32.32" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.04 plucky image from release image serial 20250923 to 20251001", "from_series": "plucky", "to_series": "plucky", "from_serial": "20250923", "to_serial": "20251001", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }