AlaK4X
Linux lhjmq-records 5.15.0-118-generic #128-Ubuntu SMP Fri Jul 5 09:28:59 UTC 2024 x86_64

Your IP : 3.21.46.129

Current Path : /snap/core20/current/usr/share/doc/
Upload File :
Current File : //snap/core20/current/usr/share/doc/ChangeLog

[ Changes in primed packages ]

apparmor, libapparmor1:amd64 (built from apparmor) updated from 2.13.3-7ubuntu5.3 to 2.13.3-7ubuntu5.3build2:

  apparmor (2.13.3-7ubuntu5.3build2) focal-security; urgency=medium

    * No-change re-build upload for the focal-security pocket as part
      of the preparation for addressing CVE-2016-1585 (LP: #1597017)

   -- Steve Beattie <steve.beattie@canonical.com>  Tue, 27 Aug 2024 14:51:30 -0700

cloud-init (built from cloud-init) updated from 24.1.3-0ubuntu1~20.04.5 to 24.2-0ubuntu1~20.04.1:

  cloud-init (24.2-0ubuntu1~20.04.1) focal; urgency=medium

    * d/control: remove netifaces due to GH-4634
    * drop d/p/do-not-block-user-login.patch:
      Upstream now has "Before=systemd-user-sessions" in cloud-init.service
    * d/p/drop-unsupported-systemd-condition-environment.patch:
      drop ConditionEnvironment from unit files because systemd 245.4 ignores
      those keys and emits warnings at systemctl status
    * d/p/add-deprecation-info-boundary.patch: Update
      DEPRECATION_INFO_BOUNDARY to ensure new deprecations don't trigger
      warnings.
    * refresh patches:
      - d/p/cli-retain-file-argument-as-main-cmd-arg.patch
      - d/p/keep-dhclient-as-priority-client.patch
      - d/p/netplan99-cannot-use-default.patch
      - d/p/retain-ec2-default-net-update-events.patch
      - d/p/retain-netplan-world-readable.patch
      - d/p/retain-old-groups.patch
      - d/p/status-do-not-remove-duplicated-data.patch
      - d/p/status-retain-recoverable-error-exit-code.patch
      - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch
    * Upstream snapshot based on 24.2. (LP: #2071762).
      List of changes from upstream can be found at
      https://raw.githubusercontent.com/canonical/cloud-init/24.2/ChangeLog
    * drop all d/p/cpick-* files as they are included in upstream snapshot

   -- James Falcon <james.falcon@canonical.com>  Thu, 11 Jul 2024 16:36:14 -0500

libexpat1:amd64 (built from expat) updated from 2.2.9-1ubuntu0.6 to 2.2.9-1ubuntu0.7:

  expat (2.2.9-1ubuntu0.7) focal-security; urgency=medium

    * SECURITY UPDATE: invalid input length
      - CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of
        expat/lib/xmlparse.c to identify and error out if a negative length is
        provided.
      - CVE-2024-45490
    * SECURITY UPDATE: integer overflow
      - CVE-2024-45491.patch: adds a check to the dtdCopy function of
        expat/lib/xmlparse.c to detect and prevent an integer overflow.
      - CVE-2024-45491
    * SECURITY UPDATE: integer overflow
      - CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of
        expat/lib/xmlparse.c to detect and prevent an integer overflow.
      - CVE-2024-45492

   -- Ian Constantin <ian.constantin@canonical.com>  Tue, 10 Sep 2024 13:17:46 +0300

libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.17-6ubuntu4.4 to 1.17-6ubuntu4.7:

  krb5 (1.17-6ubuntu4.7) focal; urgency=medium

    * Fix a memory leak in krb5_gss_inquire_cred (LP: #2060666)

   -- Ponnuvel Palaniyappan <pponnuvel@gmail.com>  Thu, 08 Aug 2024 11:06:56 +0100

  krb5 (1.17-6ubuntu4.6) focal-security; urgency=medium

    * SECURITY UPDATE: Invalid token requests
      - debian/patches/CVE-2024-37370.patch: Fix vulnerabilities in GSS
      message token handling
      - CVE-2024-37370
      - CVE-2024-37371

   -- Bruce Cable <bruce.cable@canonical.com>  Mon, 15 Jul 2024 13:47:15 +1000

libssl1.1:amd64, openssl (built from openssl) updated from 1.1.1f-1ubuntu2.22 to 1.1.1f-1ubuntu2.23:

  openssl (1.1.1f-1ubuntu2.23) focal-security; urgency=medium

    * SECURITY UPDATE: unbounded mem growth when processing TLSv1.3 sessions
      - debian/patches/CVE-2024-2511.patch: fix unconstrained session cache
        growth in TLSv1.3 in ssl/ssl_lib.c, ssl/ssl_sess.c,
        ssl/statem/statem_srvr.c.
      - CVE-2024-2511
    * SECURITY UPDATE: use after free with SSL_free_buffers
      - debian/patches/CVE-2024-4741.patch: only free the read buffers if
        we're not using them in ssl/record/rec_layer_s3.c,
        ssl/record/record.h, ssl/ssl_lib.c.
      - CVE-2024-4741
    * SECURITY UPDATE: crash or memory disclosure via SSL_select_next_proto
      - debian/patches/CVE-2024-5535.patch: validate provided client list in
        ssl/ssl_lib.c.
      - CVE-2024-5535

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 30 Jul 2024 12:36:54 -0400

python3-zipp (built from python-zipp) updated from 1.0.0-1 to 1.0.0-1ubuntu0.1:

  python-zipp (1.0.0-1ubuntu0.1) focal-security; urgency=medium

    * SECURITY UPDATE: denial of service vulnerability
      - debian/patches/CVE-2024-5569.patch: Sanitize malformed paths
      - CVE-2024-5569

   -- Shishir Subedi <shishir.subedi@canonical.com>  Sun, 21 Jul 2024 20:13:09 +0545

libpython3.8-minimal:amd64, libpython3.8-stdlib:amd64, python3.8, python3.8-minimal (built from python3.8) updated from 3.8.10-0ubuntu1~20.04.9 to 3.8.10-0ubuntu1~20.04.11:

  python3.8 (3.8.10-0ubuntu1~20.04.11) focal-security; urgency=medium

    * SECURITY UPDATE: race condition in ssl.SSLContext methods
      - debian/patches/CVE-2024-0397.patch: fix locking in cert_store_stats
        and get_ca_certs in Modules/_ssl.c.
      - CVE-2024-0397
    * SECURITY UPDATE: is_private and is_global mismatch
      - debian/patches/CVE-2024-4032.patch: fix "private" (non-global) IP
        address ranges in Doc/library/ipaddress.rst, Lib/ipaddress.py,
        Lib/test/test_ipaddress.py.
      - CVE-2024-4032

   -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 29 Jul 2024 13:02:10 -0400

  python3.8 (3.8.10-0ubuntu1~20.04.10) focal-security; urgency=medium

    * SECURITY UPDATE: incorrect permission assignment
      - debian/patches/CVE-2023-6597.patch: fix symlink bug in cleanup.
      - CVE-2023-6597
    * SECURITY UPDATE: zipbomb DoS attack
      - debian/patches/CVE-2024-0450.patch: raise BadZipFile when trying
        to read an entry that overlaps with other entry or central
        directory.
      - CVE-2024-0450

   -- Allen Huang <allen.huang@canonical.com>  Mon, 25 Mar 2024 10:42:49 +0000

vim-common, vim-tiny, xxd (built from vim) updated from 2:8.1.2269-1ubuntu5.23 to 2:8.1.2269-1ubuntu5.24:

  vim (2:8.1.2269-1ubuntu5.24) focal-security; urgency=medium

    * SECURITY UPDATE: use after free
      - debian/patches/CVE-2024-41957.patch: set tagname to NULL
        after being freed
      - CVE-2024-41957
    * SECURITY UPDATE: use after free
      - debian/patches/CVE-2024-43374.patch: add lock to keep
        reference valid
      - CVE-2024-43374

   -- Bruce Cable <bruce.cable@canonical.com>  Wed, 04 Sep 2024 13:11:27 +1000

wpasupplicant (built from wpa) updated from 2:2.9-1ubuntu4.3 to 2:2.9-1ubuntu4.4:

  wpa (2:2.9-1ubuntu4.4) focal-security; urgency=medium

    * SECURITY UPDATE: loading arbitrary shared objects, privilege escalation
      - debian/patches/lib_engine_trusted_path.patch: Allow shared objects
        to only be loaded from /usr/lib, thanks to mdeslaur
      - CVE-2024-5290 

   -- Sudhakar Verma <sudhakar.verma@canonical.com>  Mon, 05 Aug 2024 17:49:49 +0530