⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.120
Server IP:
13.127.59.50
Server:
Linux ip-172-31-46-210 5.15.0-1033-aws #37~20.04.1-Ubuntu SMP Fri Mar 17 11:39:30 UTC 2023 x86_64
Server Software:
Apache/2.4.41 (Ubuntu)
PHP Version:
7.4.3-4ubuntu2.29
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
self
/
root
/
snap
/
core24
/
1055
/
usr
/
share
/
doc
/
View File Name :
ChangeLog
18/06/2025, commit https://git.launchpad.net/snap-core24/tree/f9ca904d1e47c062780620e0060063d8a54646dd [ Changes in the core24 snap ] Alfonso Sánchez-Beato (1): .github,tests: do not rebuild base for each test [ Changes in primed packages ] libapt-pkg6.0t64:amd64 (built from apt) updated from 2.7.14build2 to 2.8.3: apt (2.8.3) noble; urgency=medium * Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126) - Revert "Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment" - Revert "Only warn about <rsa2048 when upgrading from 2.7.x to 2.8.x" - Revert rsa1024 to warnings again This leaves the mechanisms in place and no longer warns about NIST curves. * Fix keeping back removals of obsolete packages; and return an error if ResolveByKeep() is unsuccessful (LP: #2078720) * Fix buffer overflow, stack overflow, exponential complexity in apt-ftparchive Contents generation (LP: #2083697) - ftparchive: Mystrdup: Add safety check and bump buffer size - ftparchive: contents: Avoid exponential complexity and overflows - test framework: Improve valgrind support - test: Check that apt-ftparchive handles deep paths - Workaround valgrind "invalid read" in ExtractTar::Go by moving large buffer from stack to heap. The large buffer triggered some bugs in valgrind stack clash protection handling. -- Julian Andres Klode <juliank@ubuntu.com> Tue, 22 Oct 2024 15:02:22 +0200 apt (2.8.2) noble; urgency=medium * Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment (follow-up for LP: #2073126) -- Julian Andres Klode <juliank@ubuntu.com> Tue, 13 Aug 2024 16:47:13 +0200 apt (2.8.1) noble; urgency=medium * Only revoke weak RSA keys for now, add 'next' and 'future' levels (backported from 2.9.7) Note that the changes to warn about keys not matching the future level in the --audit level are not fully included, as the --audit feature has not yet been backported. (LP: #2073126) * Introduce further mitigation on upgrades from 2.7.x to allow these systems to continue using rsa1024 repositories with warnings until the 24.04.2 point release (LP: #2073126) -- Julian Andres Klode <juliank@ubuntu.com> Tue, 30 Jul 2024 17:12:00 +0900 apt (2.8.0) noble; urgency=medium [ Julian Andres Klode ] * Revert "Temporarily downgrade key assertions to "soon worthless"" We temporarily downgraded the errors to warnings to give the launchpad PPAs time to be fixed, but warnings are not safe: Untrusted keys could be hiding on your system, but just not used at the moment. Hence revert this so we get the errors we want. (LP: #2060721) * Branch off the stable 2.8.y branch for noble: - CI: Test in ubuntu:noble images for 2.8.y - debian/gbp.conf: Point at the 2.8.y branch [ David Kalnischkies ] * Test suite fixes: - Avoid subshell hiding failure report from testfilestats - Ignore umask of leftover diff_Index in failed pdiff test * Documentation translation fixes: - Fix and unfuzzy previous VCG/Graphviz URI change -- Julian Andres Klode <juliank@ubuntu.com> Tue, 16 Apr 2024 16:59:14 +0200 cloud-init (built from cloud-init) updated from 24.4.1-0ubuntu0~24.04.3 to 25.1.2-0ubuntu0~24.04.1: cloud-init (25.1.2-0ubuntu0~24.04.1) noble; urgency=medium * Upstream snapshot based on 25.1.2. (LP: #2104165). List of changes from upstream can be found at https://raw.githubusercontent.com/canonical/cloud-init/25.1.2/ChangeLog -- James Falcon <james.falcon@canonical.com> Mon, 19 May 2025 15:00:58 -0500 cloud-init (25.1.1-0ubuntu1~24.04.1) noble; urgency=medium * Drop cpicks which are now upstream: - cpick-d75840be-fix-retry-AWS-hotplug-for-async-IMDS-5995 - cpick-84806336-chore-Add-feature-flag-for-manual-network-waiting - d/p/cpick-c60771d8-test-pytestify-test_url_helper.py - d/p/cpick-8810a2dc-test-Remove-CiTestCase-from-test_url_helper.py - d/p/cpick-582f16c1-test-add-OauthUrlHelper-tests - d/p/cpick-9311e066-fix-Update-OauthUrlHelper-to-use-readurl-exception_cb * refresh patches - d/p/deprecation-version-boundary.patch - d/p/grub-dpkg-support.patch - d/p/no-nocloud-network.patch - d/p/no-single-process.patch * sort hunks within all patches (--sort on quilt refresh) * Upstream snapshot based on 25.1.1. List of changes from upstream can be found at https://raw.githubusercontent.com/canonical/cloud-init/25.1.1/ChangeLog -- Chad Smith <chad.smith@canonical.com> Tue, 25 Mar 2025 11:02:28 -0600 libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.20.1-6ubuntu2.5 to 1.20.1-6ubuntu2.6: krb5 (1.20.1-6ubuntu2.6) noble-security; urgency=medium * SECURITY UPDATE: Use of weak cryptographic hash. - debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options. Disallow usage of des3 and rc4 unless allowed in the config. Replace warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage of deprecated enctypes in ./src/kdc/kdc_util.c. - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c. - CVE-2025-3576 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 15 May 2025 10:09:20 +0200 openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:9.6p1-3ubuntu13.11 to 1:9.6p1-3ubuntu13.12: openssh (1:9.6p1-3ubuntu13.12) noble; urgency=medium * d/p/sshd-socket-generator.patch: add note to sshd_config Explain that a systemctl daemon-reload is needed for changes to Port et al to take effect. (LP: #2069041) -- Nick Rosbrook <enr0n@ubuntu.com> Tue, 29 Apr 2025 10:57:04 -0400 libpam-modules-bin, libpam-modules:amd64, libpam-runtime, libpam0g:amd64 (built from pam) updated from 1.5.3-5ubuntu5.1 to 1.5.3-5ubuntu5.4: pam (1.5.3-5ubuntu5.4) noble-security; urgency=medium * SECURITY UPDATE: privilege escalation via pam_namespace - debian/patches/pam_namespace_170.patch: sync pam_namespace module to version 1.7.0. - debian/patches/pam_namespace_post170-*.patch: add post-1.7.0 changes from upstream git tree. - debian/patches/pam_namespace_revert_abi.patch: revert ABI change to prevent unintended issues in running daemons. - debian/patches/CVE-2025-6020-1.patch: fix potential privilege escalation. - debian/patches/CVE-2025-6020-2.patch: add flags to indicate path safety. - debian/patches/CVE-2025-6020-3.patch: secure_opendir: do not look at the group ownership. - debian/patches/pam_namespace_o_directory.patch: removed, included in patch cluster above. - CVE-2025-6020 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 12 Jun 2025 10:45:28 -0400 pam (1.5.3-5ubuntu5.2) noble; urgency=medium * d/p/031_pam_include: fix loading from /usr/lib/pam.d (LP: #2087827) -- Simon Chopin <schopin@ubuntu.com> Mon, 26 May 2025 16:34:46 +0200 libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.5 to 3.12.3-1ubuntu0.6: python3.12 (3.12.3-1ubuntu0.6) noble-security; urgency=medium * SECURITY UPDATE: incorrect address list folding - debian/patches/CVE-2025-1795-2.patch: fix AttributeError in the email module in Lib/email/_header_value_parser.py, Lib/test/test_email/test__header_value_parser.py. - CVE-2025-1795 * SECURITY UPDATE: DoS via bytes.decode with unicode_escape - debian/patches/CVE-2025-4516.patch: fix use-after-free in the unicode-escape decoder with an error handler in Include/cpython/bytesobject.h, Include/cpython/unicodeobject.h, Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py, Objects/bytesobject.c, Objects/unicodeobject.c, Parser/string_parser.c. - CVE-2025-4516 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 26 May 2025 14:50:19 -0400 python3-requests (built from requests) updated from 2.31.0+dfsg-1ubuntu1 to 2.31.0+dfsg-1ubuntu1.1: requests (2.31.0+dfsg-1ubuntu1.1) noble-security; urgency=medium * SECURITY UPDATE: Information Leak - debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc lookup instead of netloc - CVE-2024-47081 * Skip Test - skip-failing-zip-test.patch: Skip failing zip test -- Bruce Cable <bruce.cable@canonical.com> Thu, 12 Jun 2025 11:19:32 +1000 python3-pkg-resources (built from setuptools) updated from 68.1.2-2ubuntu1.1 to 68.1.2-2ubuntu1.2: setuptools (68.1.2-2ubuntu1.2) noble-security; urgency=medium * SECURITY UPDATE: path traversal vulnerability - debian/patches/CVE-2025-47273-pre1.patch: Extract _resolve_download_filename with test. - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name resolves relative to the tmpdir. - CVE-2025-47273 -- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 28 May 2025 19:00:32 +0200 libpam-systemd:amd64, libsystemd-shared:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-coredump, systemd-dev, systemd-resolved, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 255.4-1ubuntu8.6 to 255.4-1ubuntu8.8: systemd (255.4-1ubuntu8.8) noble-security; urgency=medium * SECURITY UPDATE: race condition in systemd-coredump - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of _META_MANDATORY_MAX. - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core pattern. - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding non-dumpable processes. - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus assertion. - CVE-2025-4598 * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed -- Octavio Galland <octavio.galland@canonical.com> Wed, 04 Jun 2025 09:24:15 -0300 tzdata (built from tzdata) updated from 2025b-0ubuntu0.24.04 to 2025b-0ubuntu0.24.04.1: tzdata (2025b-0ubuntu0.24.04.1) noble; urgency=medium * Update the ICU timezone data to 2025b (LP: #2107950) * Add autopkgtest test case for ICU timezone data 2025b -- Benjamin Drung <bdrung@ubuntu.com> Tue, 22 Apr 2025 12:11:08 +0200