{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-image-6.17.0-8-generic", "linux-modules-6.17.0-8-generic" ], "removed": [ "linux-image-6.17.0-6-generic", "linux-modules-6.17.0-6-generic" ], "diff": [ "apparmor", "bsdutils", "fdisk", "gir1.2-glib-2.0", "iproute2", "libapparmor1", "libblkid1", "libfdisk1", "libglib2.0-0t64", "liblastlog2-2", "libmount1", "libnetplan1", "libpng16-16t64", "libpython3.13-minimal", "libpython3.13-stdlib", "libsmartcols1", "libuuid1", "linux-image-virtual", "login", "mount", "netplan-generator", "netplan.io", "python-apt-common", "python3-apt", "python3-netplan", "python3-urllib3", "python3.13", "python3.13-minimal", "ubuntu-pro-client", "util-linux" ] } }, "diff": { "deb": [ { "name": "apparmor", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8.1", "version": "5.0.0~alpha1-0ubuntu8.1" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8.3", "version": "5.0.0~alpha1-0ubuntu8.3" }, "cves": [], "launchpad_bugs_fixed": [ 2130617, 2127491, 2127111, 2126920, 2129779 ], "changes": [ { "cves": [], "log": [ "", " * This is an SRU, tracked in LP: #2130617", " * Add patch to grant netrc access to tnftp (LP: #2127491):", " - d/p/u/profiles-grant-netrc-read-access-to-tnftp.patch", " * Add patch to fix device tree scan by systemd-detect-virt (LP: #2127111)", " - d/p/u/profiles-systemd-detect-virt-handle-device-tree-folder.patch", " * Add patch to allow lsblk reading of Azure NVMe ACPI (LP: #2126920):", " - d/p/u/lsblk_read_access_azure_acpi.patch", " * Add patch to fix errors in regression tests with Rust coreutils", " (LP: #2129779):", " - d/p/u/regression-fix-for-rust-coreutils.patch", "" ], "package": "apparmor", "version": "5.0.0~alpha1-0ubuntu8.3", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2130617, 2127491, 2127111, 2126920, 2129779 ], "author": "Ryan Lee ", "date": "Mon, 20 Oct 2025 11:10:39 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "bsdutils", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4", "version": "1:2.41-4ubuntu4" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4.1", "version": "1:2.41-4ubuntu4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.41-4ubuntu4.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2123886 ], "author": "Zachary Raines ", "date": "Mon, 22 Sep 2025 14:42:28 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "fdisk", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4", "version": "2.41-4ubuntu4" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4.1", "version": "2.41-4ubuntu4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.41-4ubuntu4.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2123886 ], "author": "Zachary Raines ", "date": "Mon, 22 Sep 2025 14:42:28 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "gir1.2-glib-2.0", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.86.0-2", "version": "2.86.0-2" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.86.0-2ubuntu0.1", "version": "2.86.0-2ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: heap overflow in g_escape_uri_string()", " - debian/patches/CVE-2025-13601.patch: add overflow check in", " glib/gconvert.c.", " - CVE-2025-13601", " * SECURITY UPDATE: buffer underflow through glib/gvariant", " - debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow", " parsing (byte)strings in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of", " child elements in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-3.patch: convert error handling code to", " use size_t in glib/gvariant-parser.c.", " - CVE-2025-14087", " * SECURITY UPDATE: integer overflow in gfileattribute", " - debian/patches/gfileattribute-overflow.patch: add overflow check in", " gio/gfileattribute.c.", " - No CVE number", "" ], "package": "glib2.0", "version": "2.86.0-2ubuntu0.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 10 Dec 2025 10:20:04 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "iproute2", "from_version": { "source_package_name": "iproute2", "source_package_version": "6.16.0-1ubuntu2", "version": "6.16.0-1ubuntu2" }, "to_version": { "source_package_name": "iproute2", "source_package_version": "6.16.0-1ubuntu2.1", "version": "6.16.0-1ubuntu2.1" }, "cves": [], "launchpad_bugs_fixed": [ 2125448 ], "changes": [ { "cves": [], "log": [ "", " * Modify tc police to permit burst sizes up greater than 4GB (LP: #2125448)", " - /d/p/2001-lib-Update-backend-of-print_size-to-accept-64-bit-si.patch", " - /d/p/2002-tc-Add-get_size64-and-get_size64_and_cell.patch", " - /d/p/2003-tc-Expand-tc_calc_xmittime-tc_calc_xmitsize-to-u64.patch", " - /d/p/2004-tc-police-enable-use-of-64-bit-burst-parameter.patch", "" ], "package": "iproute2", "version": "6.16.0-1ubuntu2.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2125448 ], "author": "Jorge Merlino ", "date": "Wed, 05 Nov 2025 05:24:21 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libapparmor1", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8.1", "version": "5.0.0~alpha1-0ubuntu8.1" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8.3", "version": "5.0.0~alpha1-0ubuntu8.3" }, "cves": [], "launchpad_bugs_fixed": [ 2130617, 2127491, 2127111, 2126920, 2129779 ], "changes": [ { "cves": [], "log": [ "", " * This is an SRU, tracked in LP: #2130617", " * Add patch to grant netrc access to tnftp (LP: #2127491):", " - d/p/u/profiles-grant-netrc-read-access-to-tnftp.patch", " * Add patch to fix device tree scan by systemd-detect-virt (LP: #2127111)", " - d/p/u/profiles-systemd-detect-virt-handle-device-tree-folder.patch", " * Add patch to allow lsblk reading of Azure NVMe ACPI (LP: #2126920):", " - d/p/u/lsblk_read_access_azure_acpi.patch", " * Add patch to fix errors in regression tests with Rust coreutils", " (LP: #2129779):", " - d/p/u/regression-fix-for-rust-coreutils.patch", "" ], "package": "apparmor", "version": "5.0.0~alpha1-0ubuntu8.3", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2130617, 2127491, 2127111, 2126920, 2129779 ], "author": "Ryan Lee ", "date": "Mon, 20 Oct 2025 11:10:39 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "libblkid1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4", "version": "2.41-4ubuntu4" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4.1", "version": "2.41-4ubuntu4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.41-4ubuntu4.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2123886 ], "author": "Zachary Raines ", "date": "Mon, 22 Sep 2025 14:42:28 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libfdisk1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4", "version": "2.41-4ubuntu4" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4.1", "version": "2.41-4ubuntu4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.41-4ubuntu4.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2123886 ], "author": "Zachary Raines ", "date": "Mon, 22 Sep 2025 14:42:28 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libglib2.0-0t64", "from_version": { "source_package_name": "glib2.0", "source_package_version": "2.86.0-2", "version": "2.86.0-2" }, "to_version": { "source_package_name": "glib2.0", "source_package_version": "2.86.0-2ubuntu0.1", "version": "2.86.0-2ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-13601", "url": "https://ubuntu.com/security/CVE-2025-13601", "cve_description": "A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.", "cve_priority": "medium", "cve_public_date": "2025-11-26 15:15:00 UTC" }, { "cve": "CVE-2025-14087", "url": "https://ubuntu.com/security/CVE-2025-14087", "cve_description": "A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.", "cve_priority": "medium", "cve_public_date": "2025-12-10 09:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: heap overflow in g_escape_uri_string()", " - debian/patches/CVE-2025-13601.patch: add overflow check in", " glib/gconvert.c.", " - CVE-2025-13601", " * SECURITY UPDATE: buffer underflow through glib/gvariant", " - debian/patches/CVE-2025-14087-1.patch: fix potential integer overflow", " parsing (byte)strings in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-2.patch: use size_t to count numbers of", " child elements in glib/gvariant-parser.c.", " - debian/patches/CVE-2025-14087-3.patch: convert error handling code to", " use size_t in glib/gvariant-parser.c.", " - CVE-2025-14087", " * SECURITY UPDATE: integer overflow in gfileattribute", " - debian/patches/gfileattribute-overflow.patch: add overflow check in", " gio/gfileattribute.c.", " - No CVE number", "" ], "package": "glib2.0", "version": "2.86.0-2ubuntu0.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 10 Dec 2025 10:20:04 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "liblastlog2-2", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4", "version": "2.41-4ubuntu4" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4.1", "version": "2.41-4ubuntu4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.41-4ubuntu4.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2123886 ], "author": "Zachary Raines ", "date": "Mon, 22 Sep 2025 14:42:28 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libmount1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4", "version": "2.41-4ubuntu4" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4.1", "version": "2.41-4ubuntu4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.41-4ubuntu4.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2123886 ], "author": "Zachary Raines ", "date": "Mon, 22 Sep 2025 14:42:28 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libnetplan1", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-7ubuntu3", "version": "1.1.2-7ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-8ubuntu1~25.10.1", "version": "1.1.2-8ubuntu1~25.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2127195 ], "changes": [ { "cves": [], "log": [ "", " * Backport netplan.io 1.1.2-8ubuntu1 (LP: #2127195)", " - Allows non standard OVS setups (e.g. OVS from snap)", " - Test improvements, especially for slower architectures such as riscv64", " - d/t/cloud-init.sh: Adopt for actually generated files instead of dummies", " - d/control: use dbus-daemon instead of dbus-x11 for build-time tests and", " suggests systemd-resolved", " * SRU compatibility", " - d/gbp.conf: Update for Questing", "" ], "package": "netplan.io", "version": "1.1.2-8ubuntu1~25.10.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127195 ], "author": "Lukas Märdian ", "date": "Tue, 25 Nov 2025 13:04:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpng16-16t64", "from_version": { "source_package_name": "libpng1.6", "source_package_version": "1.6.50-1", "version": "1.6.50-1" }, "to_version": { "source_package_name": "libpng1.6", "source_package_version": "1.6.50-1ubuntu0.1", "version": "1.6.50-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-64505", "url": "https://ubuntu.com/security/CVE-2025-64505", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-64506", "url": "https://ubuntu.com/security/CVE-2025-64506", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-64720", "url": "https://ubuntu.com/security/CVE-2025-64720", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-65018", "url": "https://ubuntu.com/security/CVE-2025-65018", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-64505", "url": "https://ubuntu.com/security/CVE-2025-64505", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-64506", "url": "https://ubuntu.com/security/CVE-2025-64506", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-64720", "url": "https://ubuntu.com/security/CVE-2025-64720", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-65018", "url": "https://ubuntu.com/security/CVE-2025-65018", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: buffer overflow issue", " - debian/patches/CVE-2025-64505.patch: Fix a buffer overflow in", " png_do_quantize", " - debian/patches/CVE-2025-64506.patch: Fix a heap buffer overflow in", " png_write_image_8bit", " - debian/patches/CVE-2025-64720.patch: Fix a buffer overflow in", " png_init_read_transformations", " - debian/patches/CVE-2025-65018.patch: Fix a heap buffer overflow in", " png_image_finish_read", " - CVE-2025-64505", " - CVE-2025-64506", " - CVE-2025-64720", " - CVE-2025-65018", "" ], "package": "libpng1.6", "version": "1.6.50-1ubuntu0.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Nishit Majithia ", "date": "Tue, 09 Dec 2025 17:38:32 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.13-minimal", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.7-1", "version": "3.13.7-1" }, "to_version": { "source_package_name": "python3.13", "source_package_version": "3.13.7-1ubuntu0.1", "version": "3.13.7-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-8291", "url": "https://ubuntu.com/security/CVE-2025-8291", "cve_description": "The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.", "cve_priority": "medium", "cve_public_date": "2025-10-07 18:16:00 UTC" }, { "cve": "CVE-2025-6075", "url": "https://ubuntu.com/security/CVE-2025-6075", "cve_description": "If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.", "cve_priority": "medium", "cve_public_date": "2025-10-31 17:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-8291", "url": "https://ubuntu.com/security/CVE-2025-8291", "cve_description": "The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.", "cve_priority": "medium", "cve_public_date": "2025-10-07 18:16:00 UTC" }, { "cve": "CVE-2025-6075", "url": "https://ubuntu.com/security/CVE-2025-6075", "cve_description": "If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.", "cve_priority": "medium", "cve_public_date": "2025-10-31 17:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Possible payload obfuscation", " - debian/patches/CVE-2025-8291.patch: check consistency of", " the zip64 end of central dir record in Lib/zipfile.py,", " Lib/test/test_zipfile.py.", " - CVE-2025-8291", " * SECURITY UPDATE: Performance degradation", " - debian/patches/CVE-2025-6075.patch: fix quadratic complexity", " in os.path.expandvars() in Lib/ntpatch.py, Lib/posixpath.py,", " Lib/test/test_genericpatch.py, Lib/test/test_npath.py.", " - CVE-2025-6075", "" ], "package": "python3.13", "version": "3.13.7-1ubuntu0.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Mon, 24 Nov 2025 17:21:28 -0330" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpython3.13-stdlib", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.7-1", "version": "3.13.7-1" }, "to_version": { "source_package_name": "python3.13", "source_package_version": "3.13.7-1ubuntu0.1", "version": "3.13.7-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-8291", "url": "https://ubuntu.com/security/CVE-2025-8291", "cve_description": "The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.", "cve_priority": "medium", "cve_public_date": "2025-10-07 18:16:00 UTC" }, { "cve": "CVE-2025-6075", "url": "https://ubuntu.com/security/CVE-2025-6075", "cve_description": "If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.", "cve_priority": "medium", "cve_public_date": "2025-10-31 17:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-8291", "url": "https://ubuntu.com/security/CVE-2025-8291", "cve_description": "The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.", "cve_priority": "medium", "cve_public_date": "2025-10-07 18:16:00 UTC" }, { "cve": "CVE-2025-6075", "url": "https://ubuntu.com/security/CVE-2025-6075", "cve_description": "If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.", "cve_priority": "medium", "cve_public_date": "2025-10-31 17:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Possible payload obfuscation", " - debian/patches/CVE-2025-8291.patch: check consistency of", " the zip64 end of central dir record in Lib/zipfile.py,", " Lib/test/test_zipfile.py.", " - CVE-2025-8291", " * SECURITY UPDATE: Performance degradation", " - debian/patches/CVE-2025-6075.patch: fix quadratic complexity", " in os.path.expandvars() in Lib/ntpatch.py, Lib/posixpath.py,", " Lib/test/test_genericpatch.py, Lib/test/test_npath.py.", " - CVE-2025-6075", "" ], "package": "python3.13", "version": "3.13.7-1ubuntu0.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Mon, 24 Nov 2025 17:21:28 -0330" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsmartcols1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4", "version": "2.41-4ubuntu4" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4.1", "version": "2.41-4ubuntu4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.41-4ubuntu4.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2123886 ], "author": "Zachary Raines ", "date": "Mon, 22 Sep 2025 14:42:28 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "libuuid1", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4", "version": "2.41-4ubuntu4" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4.1", "version": "2.41-4ubuntu4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.41-4ubuntu4.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2123886 ], "author": "Zachary Raines ", "date": "Mon, 22 Sep 2025 14:42:28 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-6.6", "version": "6.17.0-6.6" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.17.0-8.8", "" ], "package": "linux-meta", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 18:18:37 +0100" }, { "cves": [], "log": [ "", " * Main version: 6.17.0-7.7", "" ], "package": "linux-meta", "version": "6.17.0-7.7", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [], "author": "Edoardo Canepa ", "date": "Sat, 18 Oct 2025 10:41:23 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "login", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4", "version": "1:4.16.0-2+really2.41-4ubuntu4" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4.1", "version": "1:4.16.0-2+really2.41-4ubuntu4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.41-4ubuntu4.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2123886 ], "author": "Zachary Raines ", "date": "Mon, 22 Sep 2025 14:42:28 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "mount", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4", "version": "2.41-4ubuntu4" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4.1", "version": "2.41-4ubuntu4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.41-4ubuntu4.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2123886 ], "author": "Zachary Raines ", "date": "Mon, 22 Sep 2025 14:42:28 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "netplan-generator", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-7ubuntu3", "version": "1.1.2-7ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-8ubuntu1~25.10.1", "version": "1.1.2-8ubuntu1~25.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2127195 ], "changes": [ { "cves": [], "log": [ "", " * Backport netplan.io 1.1.2-8ubuntu1 (LP: #2127195)", " - Allows non standard OVS setups (e.g. OVS from snap)", " - Test improvements, especially for slower architectures such as riscv64", " - d/t/cloud-init.sh: Adopt for actually generated files instead of dummies", " - d/control: use dbus-daemon instead of dbus-x11 for build-time tests and", " suggests systemd-resolved", " * SRU compatibility", " - d/gbp.conf: Update for Questing", "" ], "package": "netplan.io", "version": "1.1.2-8ubuntu1~25.10.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127195 ], "author": "Lukas Märdian ", "date": "Tue, 25 Nov 2025 13:04:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "netplan.io", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-7ubuntu3", "version": "1.1.2-7ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-8ubuntu1~25.10.1", "version": "1.1.2-8ubuntu1~25.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2127195 ], "changes": [ { "cves": [], "log": [ "", " * Backport netplan.io 1.1.2-8ubuntu1 (LP: #2127195)", " - Allows non standard OVS setups (e.g. OVS from snap)", " - Test improvements, especially for slower architectures such as riscv64", " - d/t/cloud-init.sh: Adopt for actually generated files instead of dummies", " - d/control: use dbus-daemon instead of dbus-x11 for build-time tests and", " suggests systemd-resolved", " * SRU compatibility", " - d/gbp.conf: Update for Questing", "" ], "package": "netplan.io", "version": "1.1.2-8ubuntu1~25.10.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127195 ], "author": "Lukas Märdian ", "date": "Tue, 25 Nov 2025 13:04:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python-apt-common", "from_version": { "source_package_name": "python-apt", "source_package_version": "3.0.0ubuntu1", "version": "3.0.0ubuntu1" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "3.0.0ubuntu1.1", "version": "3.0.0ubuntu1.1" }, "cves": [ { "cve": "CVE-2025-6966", "url": "https://ubuntu.com/security/CVE-2025-6966", "cve_description": "NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.", "cve_priority": "medium", "cve_public_date": "2025-12-05 13:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2091865 ], "changes": [ { "cves": [ { "cve": "CVE-2025-6966", "url": "https://ubuntu.com/security/CVE-2025-6966", "cve_description": "NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.", "cve_priority": "medium", "cve_public_date": "2025-12-05 13:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: NULL pointer dereference (LP: #2091865)", " - python/tag.cc: check for NULL pointer before dereferencing", " - CVE-2025-6966", "" ], "package": "python-apt", "version": "3.0.0ubuntu1.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [ 2091865 ], "author": "Sudhakar Verma ", "date": "Fri, 05 Dec 2025 22:27:55 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apt", "from_version": { "source_package_name": "python-apt", "source_package_version": "3.0.0ubuntu1", "version": "3.0.0ubuntu1" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "3.0.0ubuntu1.1", "version": "3.0.0ubuntu1.1" }, "cves": [ { "cve": "CVE-2025-6966", "url": "https://ubuntu.com/security/CVE-2025-6966", "cve_description": "NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.", "cve_priority": "medium", "cve_public_date": "2025-12-05 13:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2091865 ], "changes": [ { "cves": [ { "cve": "CVE-2025-6966", "url": "https://ubuntu.com/security/CVE-2025-6966", "cve_description": "NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.", "cve_priority": "medium", "cve_public_date": "2025-12-05 13:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: NULL pointer dereference (LP: #2091865)", " - python/tag.cc: check for NULL pointer before dereferencing", " - CVE-2025-6966", "" ], "package": "python-apt", "version": "3.0.0ubuntu1.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [ 2091865 ], "author": "Sudhakar Verma ", "date": "Fri, 05 Dec 2025 22:27:55 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-netplan", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-7ubuntu3", "version": "1.1.2-7ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-8ubuntu1~25.10.1", "version": "1.1.2-8ubuntu1~25.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2127195 ], "changes": [ { "cves": [], "log": [ "", " * Backport netplan.io 1.1.2-8ubuntu1 (LP: #2127195)", " - Allows non standard OVS setups (e.g. OVS from snap)", " - Test improvements, especially for slower architectures such as riscv64", " - d/t/cloud-init.sh: Adopt for actually generated files instead of dummies", " - d/control: use dbus-daemon instead of dbus-x11 for build-time tests and", " suggests systemd-resolved", " * SRU compatibility", " - d/gbp.conf: Update for Questing", "" ], "package": "netplan.io", "version": "1.1.2-8ubuntu1~25.10.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127195 ], "author": "Lukas Märdian ", "date": "Tue, 25 Nov 2025 13:04:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-urllib3", "from_version": { "source_package_name": "python-urllib3", "source_package_version": "2.3.0-3", "version": "2.3.0-3" }, "to_version": { "source_package_name": "python-urllib3", "source_package_version": "2.3.0-3ubuntu0.1", "version": "2.3.0-3ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-66418", "url": "https://ubuntu.com/security/CVE-2025-66418", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.", "cve_priority": "medium", "cve_public_date": "2025-12-05 16:15:00 UTC" }, { "cve": "CVE-2025-66471", "url": "https://ubuntu.com/security/CVE-2025-66471", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.", "cve_priority": "medium", "cve_public_date": "2025-12-05 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-66418", "url": "https://ubuntu.com/security/CVE-2025-66418", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.", "cve_priority": "medium", "cve_public_date": "2025-12-05 16:15:00 UTC" }, { "cve": "CVE-2025-66471", "url": "https://ubuntu.com/security/CVE-2025-66471", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.", "cve_priority": "medium", "cve_public_date": "2025-12-05 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service due to unbounded decompression chain.", " - debian/patches/CVE-2025-66418.patch: Add max_decode_links limit and", " checks in src/urllib3/response.py. Add test in test/test_response.py.", " - CVE-2025-66418", " * SECURITY UPDATE: Denial of service due to decompression bomb.", " - debian/patches/CVE-2025-66471.patch: Fix decompression bomb in", " src/urllib3/response.py. Add tests in test/test_response.py.", " - debian/patches/CVE-2025-66471-post1.patch: Remove brotli version warning", " due to intrusive backport for brotli fixes and upstream version warning", " not being appropriate for distro backporting.", " - CVE-2025-66471", "" ], "package": "python-urllib3", "version": "2.3.0-3ubuntu0.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Wed, 10 Dec 2025 12:29:16 -0330" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.13", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.7-1", "version": "3.13.7-1" }, "to_version": { "source_package_name": "python3.13", "source_package_version": "3.13.7-1ubuntu0.1", "version": "3.13.7-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-8291", "url": "https://ubuntu.com/security/CVE-2025-8291", "cve_description": "The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.", "cve_priority": "medium", "cve_public_date": "2025-10-07 18:16:00 UTC" }, { "cve": "CVE-2025-6075", "url": "https://ubuntu.com/security/CVE-2025-6075", "cve_description": "If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.", "cve_priority": "medium", "cve_public_date": "2025-10-31 17:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-8291", "url": "https://ubuntu.com/security/CVE-2025-8291", "cve_description": "The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.", "cve_priority": "medium", "cve_public_date": "2025-10-07 18:16:00 UTC" }, { "cve": "CVE-2025-6075", "url": "https://ubuntu.com/security/CVE-2025-6075", "cve_description": "If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.", "cve_priority": "medium", "cve_public_date": "2025-10-31 17:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Possible payload obfuscation", " - debian/patches/CVE-2025-8291.patch: check consistency of", " the zip64 end of central dir record in Lib/zipfile.py,", " Lib/test/test_zipfile.py.", " - CVE-2025-8291", " * SECURITY UPDATE: Performance degradation", " - debian/patches/CVE-2025-6075.patch: fix quadratic complexity", " in os.path.expandvars() in Lib/ntpatch.py, Lib/posixpath.py,", " Lib/test/test_genericpatch.py, Lib/test/test_npath.py.", " - CVE-2025-6075", "" ], "package": "python3.13", "version": "3.13.7-1ubuntu0.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Mon, 24 Nov 2025 17:21:28 -0330" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3.13-minimal", "from_version": { "source_package_name": "python3.13", "source_package_version": "3.13.7-1", "version": "3.13.7-1" }, "to_version": { "source_package_name": "python3.13", "source_package_version": "3.13.7-1ubuntu0.1", "version": "3.13.7-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-8291", "url": "https://ubuntu.com/security/CVE-2025-8291", "cve_description": "The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.", "cve_priority": "medium", "cve_public_date": "2025-10-07 18:16:00 UTC" }, { "cve": "CVE-2025-6075", "url": "https://ubuntu.com/security/CVE-2025-6075", "cve_description": "If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.", "cve_priority": "medium", "cve_public_date": "2025-10-31 17:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-8291", "url": "https://ubuntu.com/security/CVE-2025-8291", "cve_description": "The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.", "cve_priority": "medium", "cve_public_date": "2025-10-07 18:16:00 UTC" }, { "cve": "CVE-2025-6075", "url": "https://ubuntu.com/security/CVE-2025-6075", "cve_description": "If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.", "cve_priority": "medium", "cve_public_date": "2025-10-31 17:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Possible payload obfuscation", " - debian/patches/CVE-2025-8291.patch: check consistency of", " the zip64 end of central dir record in Lib/zipfile.py,", " Lib/test/test_zipfile.py.", " - CVE-2025-8291", " * SECURITY UPDATE: Performance degradation", " - debian/patches/CVE-2025-6075.patch: fix quadratic complexity", " in os.path.expandvars() in Lib/ntpatch.py, Lib/posixpath.py,", " Lib/test/test_genericpatch.py, Lib/test/test_npath.py.", " - CVE-2025-6075", "" ], "package": "python3.13", "version": "3.13.7-1ubuntu0.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Mon, 24 Nov 2025 17:21:28 -0330" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-pro-client", "from_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "37ubuntu0", "version": "37ubuntu0" }, "to_version": { "source_package_name": "ubuntu-advantage-tools", "source_package_version": "37.1ubuntu0~25.10", "version": "37.1ubuntu0~25.10" }, "cves": [], "launchpad_bugs_fixed": [ 2129712, 2129712 ], "changes": [ { "cves": [], "log": [ "", " * Backport 37.1ubuntu0 to questing (LP: #2129712)", "" ], "package": "ubuntu-advantage-tools", "version": "37.1ubuntu0~25.10", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2129712 ], "author": "Renan Rodrigo ", "date": "Mon, 27 Oct 2025 09:42:19 -0300" }, { "cves": [], "log": [ "", " * do-release-upgrade: immediately release the APT lock acquired to run the", " post-upgrade hook (LP: #2129712)", "" ], "package": "ubuntu-advantage-tools", "version": "37.1ubuntu0", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2129712 ], "author": "Renan Rodrigo ", "date": "Thu, 23 Oct 2025 16:30:36 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "util-linux", "from_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4", "version": "2.41-4ubuntu4" }, "to_version": { "source_package_name": "util-linux", "source_package_version": "2.41-4ubuntu4.1", "version": "2.41-4ubuntu4.1" }, "cves": [], "launchpad_bugs_fixed": [ 2123886 ], "changes": [ { "cves": [], "log": [ "", " * Add ARM core support for Vera systems (LP: #2123886)", " - d/p/ubuntu/lp-2123886-add-missing-arm-cores.patch", "" ], "package": "util-linux", "version": "2.41-4ubuntu4.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2123886 ], "author": "Zachary Raines ", "date": "Mon, 22 Sep 2025 14:42:28 +0000" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-image-6.17.0-8-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.17.0-6.6", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [], "launchpad_bugs_fixed": [ 1786013, 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.17.0-8.8", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 18:18:46 +0100" }, { "cves": [], "log": [ "", " * Main version: 6.17.0-7.7", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "6.17.0-7.7", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 1786013 ], "author": "Edoardo Canepa ", "date": "Sat, 18 Oct 2025 10:41:43 +0200" } ], "notes": "linux-image-6.17.0-8-generic version '6.17.0-8.8' (source package linux-signed version '6.17.0-8.8') was added. linux-image-6.17.0-8-generic version '6.17.0-8.8' has the same source package name, linux-signed, as removed package linux-image-6.17.0-6-generic. As such we can use the source package version of the removed package, '6.17.0-6.6', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-6.17.0-8-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-6.6", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770, 2128695, 2127676, 2127187, 2119479, 2106681, 2121347, 1786013, 2123901, 2103680, 2128209 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "log": [ "", " * questing/linux: 6.17.0-8.8 -proposed tracker (LP: #2131554)", "", " * crash when reading from /sys/kernel/tracing/rv/enabled_monitors", " (LP: #2131136)", " - rv: Fully convert enabled_monitors to use list_head as iterator", "", " * i40e driver is triggering VF resets on every link state change", " (LP: #2130552)", " - i40e: avoid redundant VF link state updates", "", " * kernel crash on bootup for some arm64 machines (LP: #2129770)", " - KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check", "", " * CVE-2025-40018", " - ipvs: Defer ip_vs_ftp unregister during netns cleanup", "" ], "package": "linux", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 17:53:03 +0100" }, { "cves": [], "log": [ "", " * questing/linux: 6.17.0-7.7 -proposed tracker (LP: #2128695)", "", " * Fix incorrect bug number for CONFIG_KERNEL_ZSTD (LP: #2127676)", " - [Config] Fix bug note for CONFIG_KERNEL_ZSTD", "", " * support Panter Lake CPU performance preferences (LP: #2127187)", " - thermal: intel: int340x: Add support for power slider", " - thermal: intel: int340x: Enable power slider interface for Panther Lake", " - thermal: intel: int340x: Add module parameter for balanced Slider", " - thermal: intel: int340x: Add module parameter to change slider offset", " - thermal: intel: int340x: Power Slider: Validate slider_balance range", "", " * [SRU][Q/P/N:hwe-6.14] mt7925: Add MBSS support (LP: #2119479)", " - wifi: mt76: mt7925: add MBSSID support", "", " * Plucky preinstalled server fails to boot on rb3gen2 (LP: #2106681) //", " Questing preinstalled server fails to boot on sa8775p boards", " (LP: #2121347)", " - [Config] move more qcom interconnect/pinctrl/gcc options to builtin", "", " * Packaging resync (LP: #1786013)", " - [Packaging] update Ubuntu.md", "", " * r8169 can not wake on LAN via SFP moudule (LP: #2123901)", " - r8169: set EEE speed down ratio to 1", "", " * System hangs when running the memory stress test (LP: #2103680)", " - mm: page_alloc: avoid kswapd thrashing due to NUMA restrictions", "", " * Questing update: v6.17.2 upstream stable release (LP: #2128209)", " - drm/amdgpu: Enable MES lr_compute_wa by default", " - USB: serial: option: add SIMCom 8230C compositions", " - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1", " - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188", " - wifi: rtl8xxxu: Don't claim USB ID 07b8:8188", " - rust: drm: fix `srctree/` links", " - rust: block: fix `srctree/` links", " - rust: pci: fix incorrect platform reference in PCI driver probe doc", " comment", " - rust: pci: fix incorrect platform reference in PCI driver unbind doc", " comment", " - serial: qcom-geni: Fix blocked task", " - nvmem: layouts: fix automatic module loading", " - drivers/misc/amd-sbi/Kconfig: select REGMAP_I2C", " - binder: fix double-free in dbitmap", " - serial: stm32: allow selecting console when the driver is module", " - [Config] stm32: do not select console when driver is module", " - staging: axis-fifo: fix maximum TX packet length check", " - staging: axis-fifo: fix TX handling on copy_from_user() failure", " - staging: axis-fifo: flush RX FIFO on read errors", " - driver core: faux: Set power.no_pm for faux devices", " - driver core/PM: Set power.no_callbacks along with power.no_pm", " - Revert \"crypto: testmgr - desupport SHA-1 for FIPS 140\"", " - crypto: zstd - Fix compression bug caused by truncation", " - crypto: rng - Ensure set_ent is always present", " - net/9p: fix double req put in p9_fd_cancelled", " - KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O", " - f2fs: fix to do sanity check on node footer for non inode dnode", " - ring buffer: Propagate __rb_map_vma return value to caller", " - Linux 6.17.2", "" ], "package": "linux", "version": "6.17.0-7.7", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2128695, 2127676, 2127187, 2119479, 2106681, 2121347, 1786013, 2123901, 2103680, 2128209 ], "author": "Edoardo Canepa ", "date": "Sat, 18 Oct 2025 08:01:45 +0200" } ], "notes": "linux-modules-6.17.0-8-generic version '6.17.0-8.8' (source package linux version '6.17.0-8.8') was added. linux-modules-6.17.0-8-generic version '6.17.0-8.8' has the same source package name, linux, as removed package linux-modules-6.17.0-6-generic. As such we can use the source package version of the removed package, '6.17.0-6.6', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-image-6.17.0-6-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.17.0-6.6", "version": "6.17.0-6.6" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-6.17.0-6-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-6.6", "version": "6.17.0-6.6" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.10 questing image from release image serial 20251121 to 20260107", "from_series": "questing", "to_series": "questing", "from_serial": "20251121", "to_serial": "20260107", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }