%PDF- %PDF-
Direktori : /proc/self/root/snap/core20/current/usr/share/doc/ |
Current File : //proc/self/root/snap/core20/current/usr/share/doc/ChangeLog |
[ Changes in primed packages ] apparmor, libapparmor1:amd64 (built from apparmor) updated from 2.13.3-7ubuntu5.3 to 2.13.3-7ubuntu5.3build2: apparmor (2.13.3-7ubuntu5.3build2) focal-security; urgency=medium * No-change re-build upload for the focal-security pocket as part of the preparation for addressing CVE-2016-1585 (LP: #1597017) -- Steve Beattie <steve.beattie@canonical.com> Tue, 27 Aug 2024 14:51:30 -0700 cloud-init (built from cloud-init) updated from 24.1.3-0ubuntu1~20.04.5 to 24.2-0ubuntu1~20.04.1: cloud-init (24.2-0ubuntu1~20.04.1) focal; urgency=medium * d/control: remove netifaces due to GH-4634 * drop d/p/do-not-block-user-login.patch: Upstream now has "Before=systemd-user-sessions" in cloud-init.service * d/p/drop-unsupported-systemd-condition-environment.patch: drop ConditionEnvironment from unit files because systemd 245.4 ignores those keys and emits warnings at systemctl status * d/p/add-deprecation-info-boundary.patch: Update DEPRECATION_INFO_BOUNDARY to ensure new deprecations don't trigger warnings. * refresh patches: - d/p/cli-retain-file-argument-as-main-cmd-arg.patch - d/p/keep-dhclient-as-priority-client.patch - d/p/netplan99-cannot-use-default.patch - d/p/retain-ec2-default-net-update-events.patch - d/p/retain-netplan-world-readable.patch - d/p/retain-old-groups.patch - d/p/status-do-not-remove-duplicated-data.patch - d/p/status-retain-recoverable-error-exit-code.patch - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch * Upstream snapshot based on 24.2. (LP: #2071762). List of changes from upstream can be found at https://raw.githubusercontent.com/canonical/cloud-init/24.2/ChangeLog * drop all d/p/cpick-* files as they are included in upstream snapshot -- James Falcon <james.falcon@canonical.com> Thu, 11 Jul 2024 16:36:14 -0500 libexpat1:amd64 (built from expat) updated from 2.2.9-1ubuntu0.6 to 2.2.9-1ubuntu0.7: expat (2.2.9-1ubuntu0.7) focal-security; urgency=medium * SECURITY UPDATE: invalid input length - CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of expat/lib/xmlparse.c to identify and error out if a negative length is provided. - CVE-2024-45490 * SECURITY UPDATE: integer overflow - CVE-2024-45491.patch: adds a check to the dtdCopy function of expat/lib/xmlparse.c to detect and prevent an integer overflow. - CVE-2024-45491 * SECURITY UPDATE: integer overflow - CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of expat/lib/xmlparse.c to detect and prevent an integer overflow. - CVE-2024-45492 -- Ian Constantin <ian.constantin@canonical.com> Tue, 10 Sep 2024 13:17:46 +0300 libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.17-6ubuntu4.4 to 1.17-6ubuntu4.7: krb5 (1.17-6ubuntu4.7) focal; urgency=medium * Fix a memory leak in krb5_gss_inquire_cred (LP: #2060666) -- Ponnuvel Palaniyappan <pponnuvel@gmail.com> Thu, 08 Aug 2024 11:06:56 +0100 krb5 (1.17-6ubuntu4.6) focal-security; urgency=medium * SECURITY UPDATE: Invalid token requests - debian/patches/CVE-2024-37370.patch: Fix vulnerabilities in GSS message token handling - CVE-2024-37370 - CVE-2024-37371 -- Bruce Cable <bruce.cable@canonical.com> Mon, 15 Jul 2024 13:47:15 +1000 libssl1.1:amd64, openssl (built from openssl) updated from 1.1.1f-1ubuntu2.22 to 1.1.1f-1ubuntu2.23: openssl (1.1.1f-1ubuntu2.23) focal-security; urgency=medium * SECURITY UPDATE: unbounded mem growth when processing TLSv1.3 sessions - debian/patches/CVE-2024-2511.patch: fix unconstrained session cache growth in TLSv1.3 in ssl/ssl_lib.c, ssl/ssl_sess.c, ssl/statem/statem_srvr.c. - CVE-2024-2511 * SECURITY UPDATE: use after free with SSL_free_buffers - debian/patches/CVE-2024-4741.patch: only free the read buffers if we're not using them in ssl/record/rec_layer_s3.c, ssl/record/record.h, ssl/ssl_lib.c. - CVE-2024-4741 * SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto - debian/patches/CVE-2024-5535.patch: validate provided client list in ssl/ssl_lib.c. - CVE-2024-5535 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 30 Jul 2024 12:36:54 -0400 python3-zipp (built from python-zipp) updated from 1.0.0-1 to 1.0.0-1ubuntu0.1: python-zipp (1.0.0-1ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: denial of service vulnerability - debian/patches/CVE-2024-5569.patch: Sanitize malformed paths - CVE-2024-5569 -- Shishir Subedi <shishir.subedi@canonical.com> Sun, 21 Jul 2024 20:13:09 +0545 libpython3.8-minimal:amd64, libpython3.8-stdlib:amd64, python3.8, python3.8-minimal (built from python3.8) updated from 3.8.10-0ubuntu1~20.04.9 to 3.8.10-0ubuntu1~20.04.11: python3.8 (3.8.10-0ubuntu1~20.04.11) focal-security; urgency=medium * SECURITY UPDATE: race condition in ssl.SSLContext methods - debian/patches/CVE-2024-0397.patch: fix locking in cert_store_stats and get_ca_certs in Modules/_ssl.c. - CVE-2024-0397 * SECURITY UPDATE: is_private and is_global mismatch - debian/patches/CVE-2024-4032.patch: fix "private" (non-global) IP address ranges in Doc/library/ipaddress.rst, Lib/ipaddress.py, Lib/test/test_ipaddress.py. - CVE-2024-4032 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 29 Jul 2024 13:02:10 -0400 python3.8 (3.8.10-0ubuntu1~20.04.10) focal-security; urgency=medium * SECURITY UPDATE: incorrect permission assignment - debian/patches/CVE-2023-6597.patch: fix symlink bug in cleanup. - CVE-2023-6597 * SECURITY UPDATE: zipbomb DoS attack - debian/patches/CVE-2024-0450.patch: raise BadZipFile when trying to read an entry that overlaps with other entry or central directory. - CVE-2024-0450 -- Allen Huang <allen.huang@canonical.com> Mon, 25 Mar 2024 10:42:49 +0000 vim-common, vim-tiny, xxd (built from vim) updated from 2:8.1.2269-1ubuntu5.23 to 2:8.1.2269-1ubuntu5.24: vim (2:8.1.2269-1ubuntu5.24) focal-security; urgency=medium * SECURITY UPDATE: use after free - debian/patches/CVE-2024-41957.patch: set tagname to NULL after being freed - CVE-2024-41957 * SECURITY UPDATE: use after free - debian/patches/CVE-2024-43374.patch: add lock to keep reference valid - CVE-2024-43374 -- Bruce Cable <bruce.cable@canonical.com> Wed, 04 Sep 2024 13:11:27 +1000 wpasupplicant (built from wpa) updated from 2:2.9-1ubuntu4.3 to 2:2.9-1ubuntu4.4: wpa (2:2.9-1ubuntu4.4) focal-security; urgency=medium * SECURITY UPDATE: loading arbitrary shared objects, privilege escalation - debian/patches/lib_engine_trusted_path.patch: Allow shared objects to only be loaded from /usr/lib, thanks to mdeslaur - CVE-2024-5290 -- Sudhakar Verma <sudhakar.verma@canonical.com> Mon, 05 Aug 2024 17:49:49 +0530