| Current File : //snap/core22/2115/usr/share/doc/ChangeLog |
30/07/2025, commit https://git.launchpad.net/snap-core22/tree/5915fa29307f6839820c681cf666367c164d1088
[ Changes in the core22 snap ]
No detected changes for the core22 snap
[ Changes in primed packages ]
cloud-init (built from cloud-init) updated from 25.1.2-0ubuntu0~22.04.2 to 25.1.4-0ubuntu0~22.04.1:
cloud-init (25.1.4-0ubuntu0~22.04.1) jammy-security; urgency=medium
* refresh patches:
- d/p/revert-usr-lib-systemd-units.patch
* Upstream snapshot based on 25.1.4.
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.4/ChangeLog
- Bugs fixed in this snapshot:
+ fix: disable cloud-init when non-x86 environments have no DMI-data
and no strict datasources detected (LP: #2069607) (CVE-2024-6174)
-- Chad Smith <chad.smith@canonical.com> Tue, 24 Jun 2025 15:15:25 -0600
cloud-init (25.1.3-0ubuntu0~22.04.1) jammy-security; urgency=medium
* d/cloud-init-base.postinst: move existing hotplug-cmd fifo to root-only
share dir (CVE-2024-11584)
* Upstream security bugfix release based on 25.1.3.
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.3/ChangeLog
- Bugs fixed in this snapshot:
- security: make hotplug socket only writable by root (LP: #2114229)
(CVE-2024-11584)
- security: make ds-identify behavior strict datasource discovery on
non-x86 platforms without DMI data (LP: #2069607) (CVE-2024-6174)
-- Chad Smith <chad.smith@canonical.com> Thu, 12 Jun 2025 20:28:18 -0600
gnutls-bin, libgnutls30:arm64 (built from gnutls28) updated from 3.7.3-4ubuntu1.6 to 3.7.3-4ubuntu1.7:
gnutls28 (3.7.3-4ubuntu1.7) jammy-security; urgency=medium
* SECURITY UPDATE: double-free via otherName in the SAN
- debian/patches/CVE-2025-32988.patch: avoid double free when exporting
othernames in SAN in lib/x509/extensions.c.
- CVE-2025-32988
* SECURITY UPDATE: OOB read via malformed length field in SCT extension
- debian/patches/CVE-2025-32989.patch: fix read buffer overrun in SCT
timestamps in lib/x509/x509_ext.c.
- CVE-2025-32989
* SECURITY UPDATE: heap write overflow in certtool via invalid template
- debian/patches/CVE-2025-32990.patch: avoid 1-byte write buffer
overrun when parsing template in src/certtool-cfg.c,
tests/cert-tests/Makefile.am, tests/cert-tests/template-test.sh,
tests/cert-tests/templates/template-too-many-othernames.tmpl.
- CVE-2025-32990
* SECURITY UPDATE: NULL deref via missing PSK in TLS 1.3 handshake
- debian/patches/CVE-2025-6395.patch: clear HSK_PSK_SELECTED when
resetting binders in lib/handshake.c, lib/state.c, tests/Makefile.am,
tests/tls13/hello_retry_request_psk.c.
- CVE-2025-6395
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 11 Jul 2025 09:13:17 -0400
iputils-ping (built from iputils) updated from 3:20211215-1 to 3:20211215-1ubuntu0.1:
iputils (3:20211215-1ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: DoS via crafted ICMP Echo Reply packet
- debian/patches/CVE-2025-47268: fix signed 64-bit integer overflow in
RTT calculation in iputils_common.h, ping/ping_common.c.
- debian/patches/CVE-2025-48964.patch: fix moving average rtt
calculation in iputils_common.h, ping/ping.h, ping/ping_common.c.
- CVE-2025-47268
- CVE-2025-48964
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 24 Jul 2025 07:51:44 -0400
perl-base (built from perl) updated from 5.34.0-3ubuntu1.4 to 5.34.0-3ubuntu1.5:
perl (5.34.0-3ubuntu1.5) jammy-security; urgency=medium
* SECURITY UPDATE: threads race condition in file operations
- debian/patches/fixes/CVE-2025-40909-metaconfig.diff: check for
fdopendir in regen-configure/U/perl/d_fdopendir.U.
- debian/patches/fixes/CVE-2025-40909-1.diff: clone dirhandles without
fchdir in Configure, Cross/config.sh-arm-linux,
Cross/config.sh-arm-linux-n770, Porting/Glossary, Porting/config.sh,
config_h.SH, configure.com, plan9/config_sh.sample, sv.c,
t/op/threads-dirh.t, win32/config.gc, win32/config.vc.
- debian/patches/fixes/CVE-2025-40909-2.diff: minor corrections in
Cross/config.sh-arm-linux, Cross/config.sh-arm-linux-n770,
config_h.SH,plan9/config_sh.sample.
- debian/patches/fixes/CVE-2025-40909-3.diff: use PerlLIO_dup_cloexec
in Perl_dirp_dup to set O_CLOEXEC in sv.c.
- debian/patches/fixes/CVE-2025-40909-metaconfig-reorder.diff: slightly
reorder Configure and config_h.SH to match metaconfig output in
Configure, config_h.SH.
- debian/patches/fixes/CVE-2025-40909-generated.diff: update generated
files and checksums in uconfig.sh, uconfig64.sh, uconfig.h,
NetWare/config.wc.
- CVE-2025-40909
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 25 Jul 2025 13:26:40 -0400
libsqlite3-0:arm64 (built from sqlite3) updated from 3.37.2-2ubuntu0.4 to 3.37.2-2ubuntu0.5:
sqlite3 (3.37.2-2ubuntu0.5) jammy-security; urgency=medium
* SECURITY UPDATE: Memory corruption via number of aggregate terms
- debian/patches/CVE-2025-6965.patch: raise an error right away if the
number of aggregate terms in a query exceeds the maximum number of
columns in src/expr.c, src/sqliteInt.h.
- CVE-2025-6965
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 18 Jul 2025 11:17:24 -0400
08/07/2025, commit https://git.launchpad.net/snap-core22/tree/5915fa29307f6839820c681cf666367c164d1088
[ Changes in the core22 snap ]
Philip Meulengracht (1):
tools: aggregate old changelogs
[ Changes in primed packages ]
gpgv (built from gnupg2) updated from 2.2.27-3ubuntu2.3 to 2.2.27-3ubuntu2.4:
gnupg2 (2.2.27-3ubuntu2.4) jammy-security; urgency=medium
* debian/patches/fix-key-validity-regression-due-to-CVE-2025-
30258.patch:
- Fix a key validity regression following patches for CVE-2025-30258,
causing trusted "certify-only" primary keys to be ignored when checking
signature on user IDs and computing key validity. This regression makes
imported keys signed by a trusted "certify-only" key have an unknown
validity (LP: #2114775).
-- dcpi <dcpi@u22vm> Wed, 25 Jun 2025 13:54:28 +0000
libssh-4:arm64 (built from libssh) updated from 0.9.6-2ubuntu0.22.04.3 to 0.9.6-2ubuntu0.22.04.4:
libssh (0.9.6-2ubuntu0.22.04.4) jammy-security; urgency=medium
* SECURITY UPDATE: Write beyond bounds in binary to base64 conversion
functions
- debian/patches/CVE-2025-4877.patch: prevent integer overflow and
potential OOB.
- CVE-2025-4877
* SECURITY UPDATE: Use of uninitialized variable in
privatekey_from_file()
- debian/patches/CVE-2025-4878-1.patch: initialize pointers where
possible.
- debian/patches/CVE-2025-4878-2.patch: properly check return value to
avoid NULL pointer dereference.
- CVE-2025-4878
* SECURITY UPDATE: OOB read in sftp_handle function
- debian/patches/CVE-2025-5318.patch: fix possible buffer overrun.
- CVE-2025-5318
* SECURITY UPDATE: ssh_kdf() returns a success code on certain failures
- debian/patches/CVE-2025-5372-pre1.patch: Reformat ssh_kdf().
- debian/patches/CVE-2025-5372.patch: simplify error checking and
handling of return codes in ssh_kdf().
- CVE-2025-5372
* SECURITY UPDATE: Missing packet filter may expose to variant of
Terrapin attack
- debian/patches/missing_packet_filter.patch: implement missing packet
filter for DH GEX.
- No CVE number
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 02 Jul 2025 14:48:47 -0400
libpam-modules-bin, libpam-modules:arm64, libpam-runtime, libpam0g:arm64 (built from pam) updated from 1.4.0-11ubuntu2.5 to 1.4.0-11ubuntu2.6:
pam (1.4.0-11ubuntu2.6) jammy-security; urgency=medium
* SECURITY UPDATE: privilege escalation via pam_namespace
- debian/patches-applied/pam_namespace_170.patch: sync pam_namespace
module to version 1.7.0.
- debian/patches-applied/pam_namespace_post170-*.patch: add post-1.7.0
changes from upstream git tree.
- debian/patches-applied/pam_namespace_revert_abi.patch: revert ABI
change to prevent unintended issues in running daemons.
- debian/patches-applied/CVE-2025-6020-1.patch: fix potential privilege
escalation.
- debian/patches-applied/CVE-2025-6020-2.patch: add flags to indicate
path safety.
- debian/patches-applied/CVE-2025-6020-3.patch: secure_opendir: do not
look at the group ownership.
- debian/patches-applied/CVE-2024-22365.patch: removed, included in
patch cluster above.
- CVE-2025-6020
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 12 Jun 2025 10:45:28 -0400
python3-urllib3 (built from python-urllib3) updated from 1.26.5-1~exp1ubuntu0.2 to 1.26.5-1~exp1ubuntu0.3:
python-urllib3 (1.26.5-1~exp1ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: Information disclosure through improperly disabled
redirects.
- debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries
to Retry.from_int(retries, redirect=False) as well as set
raise_on_redirect in ./src/urllib3/poolmanager.py.
- CVE-2025-50181
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 23 Jun 2025 17:07:25 -0230
libpython3.10-minimal:arm64, libpython3.10-stdlib:arm64, python3.10, python3.10-minimal (built from python3.10) updated from 3.10.12-1~22.04.9 to 3.10.12-1~22.04.10:
python3.10 (3.10.12-1~22.04.10) jammy-security; urgency=medium
* SECURITY UPDATE: incorrect address list folding
- debian/patches/CVE-2025-1795-1.patch: don't encode list separators in
Lib/email/_header_value_parser.py,
Lib/test/test_email/test__header_value_parser.py.
- debian/patches/CVE-2025-1795-2.patch: fix AttributeError in the email
module in Lib/email/_header_value_parser.py,
Lib/test/test_email/test__header_value_parser.py.
- CVE-2025-1795
* SECURITY UPDATE: DoS via bytes.decode with unicode_escape
- debian/patches/CVE-2025-4516.patch: fix use-after-free in the
unicode-escape decoder with an error handler in
Include/cpython/bytesobject.h, Include/cpython/unicodeobject.h,
Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py,
Objects/bytesobject.c, Objects/unicodeobject.c,
Parser/string_parser.c.
- CVE-2025-4516
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 27 May 2025 13:12:29 -0400
python3-requests (built from requests) updated from 2.25.1+dfsg-2ubuntu0.1 to 2.25.1+dfsg-2ubuntu0.3:
requests (2.25.1+dfsg-2ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: Information Leak
- debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc
lookup instead of netloc
- CVE-2024-47081
-- Bruce Cable <bruce.cable@canonical.com> Wed, 11 Jun 2025 13:27:31 +1000
sudo (built from sudo) updated from 1.9.9-1ubuntu2.4 to 1.9.9-1ubuntu2.5:
sudo (1.9.9-1ubuntu2.5) jammy-security; urgency=medium
* SECURITY UPDATE: Local Privilege Escalation via host option
- debian/patches/CVE-2025-32462.patch: only allow specifying a host
when listing privileges.
- CVE-2025-32462
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jun 2025 08:48:23 -0400
12/06/2025, commit https://git.launchpad.net/snap-core22/tree/7c3b8a59559a1d01f35830501a6ef478213ae767
[ Changes in the core22 snap ]
No detected changes for the core22 snap
[ Changes in primed packages ]
libapt-pkg6.0:arm64 (built from apt) updated from 2.4.13 to 2.4.14:
apt (2.4.14) jammy; urgency=medium
* Fix buffer overflow, stack overflow, exponential complexity in
apt-ftparchive Contents generation (LP: #2083697)
- ftparchive: Mystrdup: Add safety check and bump buffer size
- ftparchive: contents: Avoid exponential complexity and overflows
- test framework: Improve valgrind support
- test: Check that apt-ftparchive handles deep paths
- increase valgrind cleanliness to make the tests pass
- pkgcachegen: Use placement new to construct header
- Workaround valgrind "invalid read" in ExtractTar::Go by moving large
buffer from stack to heap. The large buffer triggered some bugs in
valgrind stack clash protection handling.
-- Julian Andres Klode <juliank@ubuntu.com> Tue, 22 Oct 2024 15:09:58 +0200
cloud-init (built from cloud-init) updated from 24.4.1-0ubuntu0~22.04.2 to 25.1.2-0ubuntu0~22.04.2:
cloud-init (25.1.2-0ubuntu0~22.04.2) jammy; urgency=medium
* New bugfix release. (LP: #2113797)
- Revert relocation of systemd units and service files from /usr/lib
back to /lib so debhelper correctly enables cloud-init services in
postinst
-- Chad Smith <chad.smith@canonical.com> Mon, 09 Jun 2025 17:00:37 -0600
cloud-init (25.1.2-0ubuntu0~22.04.1) jammy; urgency=medium
* Upstream snapshot based on 25.1.2. (LP: #2104165).
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.2/ChangeLog
-- James Falcon <james.falcon@canonical.com> Fri, 02 May 2025 12:47:51 -0500
cloud-init (25.1.1-0ubuntu1~22.04.1) jammy; urgency=medium
* Drop cpicks which are now upstream:
- d/p/cpick-d75840be-fix-retry-AWS-hotplug-for-async-IMDS-5995
- d/p/cpick-84806336-chore-Add-feature-flag-for-manual-network-waiting
- d/p/cpick-c60771d8-test-pytestify-test_url_helper.py
- d/p/cpick-8810a2dc-test-Remove-CiTestCase-from-test_url_helper.py
- d/p/cpick-582f16c1-test-add-OauthUrlHelper-tests
- d/p/cpick-9311e066-fix-Update-OauthUrlHelper-to-use-readurl-exception_cb
* refresh patches
- d/p/deprecation-version-boundary.patch
- d/p/no-single-process.patch
- d/p/retain-ec2-default-net-update-events.patch
- d/p/revert-551f560d-cloud-config-after-snap-seeding.patch
* sort hunks within all patches (--sort on quilt refresh)
* d/cloud-init.templates:
- Move VMware before OVF. See GH-4030
- Enable CloudCIX by default
* Upstream snapshot based on 25.1.1.
List of changes from upstream can be found at
https://raw.githubusercontent.com/canonical/cloud-init/25.1.1/ChangeLog
-- Chad Smith <chad.smith@canonical.com> Tue, 25 Mar 2025 10:33:28 -0600
python3-pkg-resources, python3-setuptools (built from setuptools) updated from 59.6.0-1.2ubuntu0.22.04.2 to 59.6.0-1.2ubuntu0.22.04.3:
setuptools (59.6.0-1.2ubuntu0.22.04.3) jammy-security; urgency=medium
* SECURITY UPDATE: path traversal vulnerability
- debian/patches/CVE-2025-47273-pre1.patch: Extract
_resolve_download_filename with test.
- debian/patches/CVE-2025-47273.patch: Add a check to ensure the name
resolves relative to the tmpdir.
- CVE-2025-47273
-- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 28 May 2025 19:13:58 +0200
libpam-systemd:arm64, libsystemd0:arm64, libudev1:arm64, systemd, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 249.11-0ubuntu3.15 to 249.11-0ubuntu3.16:
systemd (249.11-0ubuntu3.16) jammy-security; urgency=medium
* SECURITY UPDATE: race condition in systemd-coredump
- debian/patches/CVE_2025_4598_1.patch: coredump: get rid of
_META_MANDATORY_MAX.
- debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core
pattern.
- debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus
assertion.
- CVE-2025-4598
-- Octavio Galland <octavio.galland@canonical.com> Wed, 04 Jun 2025 11:17:43 -0300