⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.120
Server IP:
13.127.59.50
Server:
Linux ip-172-31-46-210 5.15.0-1033-aws #37~20.04.1-Ubuntu SMP Fri Mar 17 11:39:30 UTC 2023 x86_64
Server Software:
Apache/2.4.41 (Ubuntu)
PHP Version:
7.4.3-4ubuntu2.29
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
proc
/
self
/
root
/
snap
/
core24
/
1151
/
usr
/
share
/
doc
/
View File Name :
ChangeLog
29/07/2025, commit https://github.com/canonical/core-base/tree/e164b892c0535598c3712caa2ecdea0667dfdfc7 [ Changes in the core24 snap ] Alfonso Sánchez-Beato (11): snapcraft.yaml: set version from date tag if present .github/workflows/release.yaml: add release job .github/workflows/release.yaml: run rebuild base job each day .github/workflows/tests.yaml: fix runners filtering .github/workflows/release.yaml: fix typo static/secureboot-db.service: check mode by looking at modeenv static: check mode by looking at modeenv in several services tests: prepare for installation from initramfs .github/workflows: we do not need spread-arm anymore .github/workflows: add manual release job, remove old release one .github/workflows/release-manual: fix typo Philip Meulengracht (1): tools: aggregate old changelogs [ Changes in primed packages ] libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.39-0ubuntu8.4 to 2.39-0ubuntu8.5: glibc (2.39-0ubuntu8.5) noble-security; urgency=medium * SECURITY UPDATE: insecure power10 strcmp implementation - debian/patches/any/CVE-2025-5702.patch: remove power10 optimized strcmp. - CVE-2025-5702 * Moved other security patches to debian/patches/any. -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 09 Jul 2025 12:47:47 -0400 gpgv (built from gnupg2) updated from 2.4.4-2ubuntu17.2 to 2.4.4-2ubuntu17.3: gnupg2 (2.4.4-2ubuntu17.3) noble-security; urgency=medium * debian/patches/fix-key-validity-regression-due-to-CVE-2025- 30258.patch: - Fix a key validity regression following patches for CVE-2025-30258, causing trusted "certify-only" primary keys to be ignored when checking signature on user IDs and computing key validity. This regression makes imported keys signed by a trusted "certify-only" key have an unknown validity (LP: #2114775). -- dcpi <dcpi@u22vm> Thu, 26 Jun 2025 13:17:22 +0000 gnutls-bin, libgnutls-dane0t64:amd64, libgnutls30t64:amd64 (built from gnutls28) updated from 3.8.3-1.1ubuntu3.3 to 3.8.3-1.1ubuntu3.4: gnutls28 (3.8.3-1.1ubuntu3.4) noble-security; urgency=medium * SECURITY UPDATE: double-free via otherName in the SAN - debian/patches/CVE-2025-32988.patch: avoid double free when exporting othernames in SAN in lib/x509/extensions.c. - CVE-2025-32988 * SECURITY UPDATE: OOB read via malformed length field in SCT extension - debian/patches/CVE-2025-32989.patch: fix read buffer overrun in SCT timestamps in lib/x509/x509_ext.c. - CVE-2025-32989 * SECURITY UPDATE: heap write overflow in certtool via invalid template - debian/patches/CVE-2025-32990.patch: avoid 1-byte write buffer overrun when parsing template in src/certtool-cfg.c, tests/cert-tests/Makefile.am, tests/cert-tests/template-test.sh, tests/cert-tests/templates/template-too-many-othernames.tmpl. - CVE-2025-32990 * SECURITY UPDATE: NULL deref via missing PSK in TLS 1.3 handshake - debian/patches/CVE-2025-6395.patch: clear HSK_PSK_SELECTED when resetting binders in lib/handshake.c, lib/state.c, tests/Makefile.am, tests/tls13/hello_retry_request_psk.c. - CVE-2025-6395 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 11 Jul 2025 08:58:05 -0400 gzip (built from gzip) updated from 1.12-1ubuntu3 to 1.12-1ubuntu3.1: gzip (1.12-1ubuntu3.1) noble; urgency=medium * d/p/0001-maint-fix-s390-buffer-flushes.patch: align the behavior of dfltcc_inflate to do the same as gzip_inflate when it hits a premature EOF (LP: #2083700) -- Andreas Hasenack <andreas@canonical.com> Mon, 27 Jan 2025 13:56:44 -0300 iputils-ping (built from iputils) updated from 3:20240117-1build1 to 3:20240117-1ubuntu0.1: iputils (3:20240117-1ubuntu0.1) noble-security; urgency=medium * SECURITY UPDATE: DoS via crafted ICMP Echo Reply packet - debian/patches/CVE-2025-47268: fix signed 64-bit integer overflow in RTT calculation in iputils_common.h, ping/ping_common.c. - debian/patches/CVE-2025-48964.patch: fix moving average rtt calculation in iputils_common.h, ping/ping.h, ping/ping_common.c. - CVE-2025-47268 - CVE-2025-48964 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 24 Jul 2025 07:51:16 -0400 libpciaccess0:amd64 (built from libpciaccess) updated from 0.17-3build1 to 0.17-3ubuntu0.24.04.2: libpciaccess (0.17-3ubuntu0.24.04.2) noble; urgency=medium * Revert to 0.17-3build1 since the previous update appears to cause inability to log in to the desktop on some systems (LP: #2115574) -- Jeremy Bícha <jbicha@ubuntu.com> Mon, 30 Jun 2025 11:55:17 -0400 libpciaccess (0.17-3ubuntu0.24.04.1) noble; urgency=medium * AMD platform A + N config selected wrong primary GPU in Xorg (LP: #2111684) d/p/0001-linux_sysfs-Identify-boot_vga-by-acpi-companion-hid.patch -- Kai-Chuan Hsieh <kaichuan.hsieh@canonical.com> Tue, 03 Jun 2025 17:23:44 +0800 libnetplan1:amd64, netplan-generator, netplan.io, python3-netplan (built from netplan.io) updated from 1.1.2-2~ubuntu24.04.1 to 1.1.2-2~ubuntu24.04.2: netplan.io (1.1.2-2~ubuntu24.04.2) noble; urgency=medium * Add integration tests for `netplan try` - d/p/lp2083029/0007-tests-integration-netplan-try.patch * Fix networkd file permissions during `netplan try` restore (LP: #2083029) - d/p/lp2083029/0008-cli-ConfigManager-must-copy-file-ownership.patch * Prevent netplan-generate from running during `netplan try` (LP: #2083029) - d/p/lp2083029/0009-generate-Don-t-run-during-netplan-try.patch -- Wesley Hershberger <wesley.hershberger@canonical.com> Thu, 17 Apr 2025 10:46:08 -0500 openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:9.6p1-3ubuntu13.12 to 1:9.6p1-3ubuntu13.13: openssh (1:9.6p1-3ubuntu13.13) noble; urgency=medium * Explicitly listen on IPv4 by default, with socket-activated sshd (LP: #2080216) - d/systemd/ssh.socket: explicitly listen on ipv4 by default - d/t/sshd-socket-generator: update for new defaults and AddressFamily - sshd-socket-generator: handle new ssh.socket default settings -- Nick Rosbrook <enr0n@ubuntu.com> Mon, 09 Jun 2025 13:22:39 -0400 python3-urllib3 (built from python-urllib3) updated from 2.0.7-1ubuntu0.1 to 2.0.7-1ubuntu0.2: python-urllib3 (2.0.7-1ubuntu0.2) noble-security; urgency=medium * SECURITY UPDATE: Information disclosure through improperly disabled redirects. - debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries to Retry.from_int(retries, redirect=False) as well as set raise_on_redirect in ./src/urllib3/poolmanager.py. - CVE-2025-50181 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 23 Jun 2025 16:34:35 -0230 libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.6 to 3.12.3-1ubuntu0.7: python3.12 (3.12.3-1ubuntu0.7) noble-security; urgency=medium * SECURITY UPDATE: Arbitrary filesystem and metadata write through improper tar filtering. - debian/patches/CVE-202x-12718-4138-4x3x-4517.patch: Add ALLOW_MISSING in ./Lib/genericpath.py, ./Lib/ntpath.py, ./Lib/posixpath.py. Change filter to handle errors in ./Lib/ntpath.py, ./Lib/posixpath.py. Add checks and unfiltered to ./Lib/tarfile.py. Modify tests. - CVE-2024-12718 - CVE-2025-4138 - CVE-2025-4330 - CVE-2025-4435 - CVE-2025-4517 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 18 Jun 2025 15:29:45 -0230 libsqlite3-0:amd64 (built from sqlite3) updated from 3.45.1-1ubuntu2.3 to 3.45.1-1ubuntu2.4: sqlite3 (3.45.1-1ubuntu2.4) noble-security; urgency=medium * SECURITY UPDATE: Memory corruption via number of aggregate terms - debian/patches/CVE-2025-6965.patch: raise an error right away if the number of aggregate terms in a query exceeds the maximum number of columns in src/expr.c, src/sqliteInt.h. - CVE-2025-6965 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 18 Jul 2025 10:56:16 -0400 sudo (built from sudo) updated from 1.9.15p5-3ubuntu5 to 1.9.15p5-3ubuntu5.24.04.1: sudo (1.9.15p5-3ubuntu5.24.04.1) noble-security; urgency=medium * SECURITY UPDATE: Local Privilege Escalation via host option - debian/patches/CVE-2025-32462.patch: only allow specifying a host when listing privileges. - CVE-2025-32462 * SECURITY UPDATE: Local Privilege Escalation via chroot option - debian/patches/CVE-2025-32463.patch: remove user-selected root directory chroot option. - CVE-2025-32463 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 25 Jun 2025 08:42:53 -0400 libpam-systemd:amd64, libsystemd-shared:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-coredump, systemd-dev, systemd-resolved, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 255.4-1ubuntu8.8 to 255.4-1ubuntu8.10: systemd (255.4-1ubuntu8.10) noble; urgency=medium * Fix regression in networkctl caused by previous upload: A regression was introduced due to an incorrect manager reference being passed to manager_get_route_table_to_string() within route_append_json(), resulting in an error when executing the `networkctl --json=pretty` command. > networkctl --json=pretty Failed to get description: Message recipient disconnected from message bus without replying -- Chengen Du <chengen.du@canonical.com> Wed, 02 Jul 2025 10:04:32 -0400 systemd (255.4-1ubuntu8.9) noble; urgency=medium * Preserve IPv6 configurations when `KeepConfiguration=dhcp-on-stop` is set (LP: #2098183) - d/p/lp2098183/0001-network-use-json_variant_append_arrayb.patch - d/p/lp2098183/0002-json-add-new-dispatch-flag-JSON_ALLOW_EXTENSIONS.patch - d/p/lp2098183/0003-json-add-macro-for-automatically-defining-a-dispatch.patch - d/p/lp2098183/0004-json-introduce-json_dispatch_byte_array_iovec-and-js.patch - d/p/lp2098183/0005-json-introduce-json_dispatch_int8-and-json_dispatch_.patch - d/p/lp2098183/0006-json-extend-JsonDispatch-flags-with-nullable-and-ref.patch - d/p/lp2098183/0007-json-util-generalize-json_dispatch_ifindex.patch - d/p/lp2098183/0008-daemon-util-expose-notify_push_fd.patch - d/p/lp2098183/0009-network-json-add-missing-entries-for-route-propertie.patch - d/p/lp2098183/0010-network-introduce-network_config_source_from_string.patch - d/p/lp2098183/0011-network-expose-log_route_debug-and-log_address_debug.patch - d/p/lp2098183/0012-network-introduce-manager_serialize-deserialize.patch - d/p/lp2098183/0013-network-keep-all-dynamically-acquired-configurations.patch -- Chengen Du <chengen.du@canonical.com> Mon, 09 Jun 2025 13:44:06 -0400 bsdutils, fdisk, libblkid1:amd64, libfdisk1:amd64, libmount1:amd64, libsmartcols1:amd64, libuuid1:amd64, mount, rfkill, util-linux (built from util-linux) updated from 1:2.39.3-9ubuntu6.2 to 1:2.39.3-9ubuntu6.3: 18/06/2025, commit https://git.launchpad.net/snap-core24/tree/f9ca904d1e47c062780620e0060063d8a54646dd [ Changes in the core24 snap ] Alfonso Sánchez-Beato (1): .github,tests: do not rebuild base for each test [ Changes in primed packages ] libapt-pkg6.0t64:amd64 (built from apt) updated from 2.7.14build2 to 2.8.3: apt (2.8.3) noble; urgency=medium * Revert increased key size requirements from 2.8.0-2.8.2 (LP: #2073126) - Revert "Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment" - Revert "Only warn about <rsa2048 when upgrading from 2.7.x to 2.8.x" - Revert rsa1024 to warnings again This leaves the mechanisms in place and no longer warns about NIST curves. * Fix keeping back removals of obsolete packages; and return an error if ResolveByKeep() is unsuccessful (LP: #2078720) * Fix buffer overflow, stack overflow, exponential complexity in apt-ftparchive Contents generation (LP: #2083697) - ftparchive: Mystrdup: Add safety check and bump buffer size - ftparchive: contents: Avoid exponential complexity and overflows - test framework: Improve valgrind support - test: Check that apt-ftparchive handles deep paths - Workaround valgrind "invalid read" in ExtractTar::Go by moving large buffer from stack to heap. The large buffer triggered some bugs in valgrind stack clash protection handling. -- Julian Andres Klode <juliank@ubuntu.com> Tue, 22 Oct 2024 15:02:22 +0200 apt (2.8.2) noble; urgency=medium * Only install 00-temporary-rsa1024 for >=2.7.6 and improve comment (follow-up for LP: #2073126) -- Julian Andres Klode <juliank@ubuntu.com> Tue, 13 Aug 2024 16:47:13 +0200 apt (2.8.1) noble; urgency=medium * Only revoke weak RSA keys for now, add 'next' and 'future' levels (backported from 2.9.7) Note that the changes to warn about keys not matching the future level in the --audit level are not fully included, as the --audit feature has not yet been backported. (LP: #2073126) * Introduce further mitigation on upgrades from 2.7.x to allow these systems to continue using rsa1024 repositories with warnings until the 24.04.2 point release (LP: #2073126) -- Julian Andres Klode <juliank@ubuntu.com> Tue, 30 Jul 2024 17:12:00 +0900 apt (2.8.0) noble; urgency=medium [ Julian Andres Klode ] * Revert "Temporarily downgrade key assertions to "soon worthless"" We temporarily downgraded the errors to warnings to give the launchpad PPAs time to be fixed, but warnings are not safe: Untrusted keys could be hiding on your system, but just not used at the moment. Hence revert this so we get the errors we want. (LP: #2060721) * Branch off the stable 2.8.y branch for noble: - CI: Test in ubuntu:noble images for 2.8.y - debian/gbp.conf: Point at the 2.8.y branch [ David Kalnischkies ] * Test suite fixes: - Avoid subshell hiding failure report from testfilestats - Ignore umask of leftover diff_Index in failed pdiff test * Documentation translation fixes: - Fix and unfuzzy previous VCG/Graphviz URI change -- Julian Andres Klode <juliank@ubuntu.com> Tue, 16 Apr 2024 16:59:14 +0200 cloud-init (built from cloud-init) updated from 24.4.1-0ubuntu0~24.04.3 to 25.1.2-0ubuntu0~24.04.1: cloud-init (25.1.2-0ubuntu0~24.04.1) noble; urgency=medium * Upstream snapshot based on 25.1.2. (LP: #2104165). List of changes from upstream can be found at https://raw.githubusercontent.com/canonical/cloud-init/25.1.2/ChangeLog -- James Falcon <james.falcon@canonical.com> Mon, 19 May 2025 15:00:58 -0500 cloud-init (25.1.1-0ubuntu1~24.04.1) noble; urgency=medium * Drop cpicks which are now upstream: - cpick-d75840be-fix-retry-AWS-hotplug-for-async-IMDS-5995 - cpick-84806336-chore-Add-feature-flag-for-manual-network-waiting - d/p/cpick-c60771d8-test-pytestify-test_url_helper.py - d/p/cpick-8810a2dc-test-Remove-CiTestCase-from-test_url_helper.py - d/p/cpick-582f16c1-test-add-OauthUrlHelper-tests - d/p/cpick-9311e066-fix-Update-OauthUrlHelper-to-use-readurl-exception_cb * refresh patches - d/p/deprecation-version-boundary.patch - d/p/grub-dpkg-support.patch - d/p/no-nocloud-network.patch - d/p/no-single-process.patch * sort hunks within all patches (--sort on quilt refresh) * Upstream snapshot based on 25.1.1. List of changes from upstream can be found at https://raw.githubusercontent.com/canonical/cloud-init/25.1.1/ChangeLog -- Chad Smith <chad.smith@canonical.com> Tue, 25 Mar 2025 11:02:28 -0600 libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.20.1-6ubuntu2.5 to 1.20.1-6ubuntu2.6: krb5 (1.20.1-6ubuntu2.6) noble-security; urgency=medium * SECURITY UPDATE: Use of weak cryptographic hash. - debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options. Disallow usage of des3 and rc4 unless allowed in the config. Replace warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage of deprecated enctypes in ./src/kdc/kdc_util.c. - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c. - CVE-2025-3576 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 15 May 2025 10:09:20 +0200 openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:9.6p1-3ubuntu13.11 to 1:9.6p1-3ubuntu13.12: openssh (1:9.6p1-3ubuntu13.12) noble; urgency=medium * d/p/sshd-socket-generator.patch: add note to sshd_config Explain that a systemctl daemon-reload is needed for changes to Port et al to take effect. (LP: #2069041) -- Nick Rosbrook <enr0n@ubuntu.com> Tue, 29 Apr 2025 10:57:04 -0400 libpam-modules-bin, libpam-modules:amd64, libpam-runtime, libpam0g:amd64 (built from pam) updated from 1.5.3-5ubuntu5.1 to 1.5.3-5ubuntu5.4: pam (1.5.3-5ubuntu5.4) noble-security; urgency=medium * SECURITY UPDATE: privilege escalation via pam_namespace - debian/patches/pam_namespace_170.patch: sync pam_namespace module to version 1.7.0. - debian/patches/pam_namespace_post170-*.patch: add post-1.7.0 changes from upstream git tree. - debian/patches/pam_namespace_revert_abi.patch: revert ABI change to prevent unintended issues in running daemons. - debian/patches/CVE-2025-6020-1.patch: fix potential privilege escalation. - debian/patches/CVE-2025-6020-2.patch: add flags to indicate path safety. - debian/patches/CVE-2025-6020-3.patch: secure_opendir: do not look at the group ownership. - debian/patches/pam_namespace_o_directory.patch: removed, included in patch cluster above. - CVE-2025-6020 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 12 Jun 2025 10:45:28 -0400 pam (1.5.3-5ubuntu5.2) noble; urgency=medium * d/p/031_pam_include: fix loading from /usr/lib/pam.d (LP: #2087827) -- Simon Chopin <schopin@ubuntu.com> Mon, 26 May 2025 16:34:46 +0200 libpython3.12-minimal:amd64, libpython3.12-stdlib:amd64, python3.12, python3.12-minimal (built from python3.12) updated from 3.12.3-1ubuntu0.5 to 3.12.3-1ubuntu0.6: python3.12 (3.12.3-1ubuntu0.6) noble-security; urgency=medium * SECURITY UPDATE: incorrect address list folding - debian/patches/CVE-2025-1795-2.patch: fix AttributeError in the email module in Lib/email/_header_value_parser.py, Lib/test/test_email/test__header_value_parser.py. - CVE-2025-1795 * SECURITY UPDATE: DoS via bytes.decode with unicode_escape - debian/patches/CVE-2025-4516.patch: fix use-after-free in the unicode-escape decoder with an error handler in Include/cpython/bytesobject.h, Include/cpython/unicodeobject.h, Lib/test/test_codeccallbacks.py, Lib/test/test_codecs.py, Objects/bytesobject.c, Objects/unicodeobject.c, Parser/string_parser.c. - CVE-2025-4516 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 26 May 2025 14:50:19 -0400 python3-requests (built from requests) updated from 2.31.0+dfsg-1ubuntu1 to 2.31.0+dfsg-1ubuntu1.1: requests (2.31.0+dfsg-1ubuntu1.1) noble-security; urgency=medium * SECURITY UPDATE: Information Leak - debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc lookup instead of netloc - CVE-2024-47081 * Skip Test - skip-failing-zip-test.patch: Skip failing zip test -- Bruce Cable <bruce.cable@canonical.com> Thu, 12 Jun 2025 11:19:32 +1000 python3-pkg-resources (built from setuptools) updated from 68.1.2-2ubuntu1.1 to 68.1.2-2ubuntu1.2: setuptools (68.1.2-2ubuntu1.2) noble-security; urgency=medium * SECURITY UPDATE: path traversal vulnerability - debian/patches/CVE-2025-47273-pre1.patch: Extract _resolve_download_filename with test. - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name resolves relative to the tmpdir. - CVE-2025-47273 -- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 28 May 2025 19:00:32 +0200 libpam-systemd:amd64, libsystemd-shared:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-coredump, systemd-dev, systemd-resolved, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 255.4-1ubuntu8.6 to 255.4-1ubuntu8.8: systemd (255.4-1ubuntu8.8) noble-security; urgency=medium * SECURITY UPDATE: race condition in systemd-coredump - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of _META_MANDATORY_MAX. - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core pattern. - debian/patches/CVE_2025_4598_3.patch: coredump: also stop forwarding non-dumpable processes. - debian/patches/CVE_2025_4598_4.patch: coredump: get rid of a bogus assertion. - CVE-2025-4598 * this update does not include the changes from 255.4-1ubuntu8.7 as included in noble-proposed -- Octavio Galland <octavio.galland@canonical.com> Wed, 04 Jun 2025 09:24:15 -0300 tzdata (built from tzdata) updated from 2025b-0ubuntu0.24.04 to 2025b-0ubuntu0.24.04.1: tzdata (2025b-0ubuntu0.24.04.1) noble; urgency=medium * Update the ICU timezone data to 2025b (LP: #2107950) * Add autopkgtest test case for ICU timezone data 2025b -- Benjamin Drung <bdrung@ubuntu.com> Tue, 22 Apr 2025 12:11:08 +0200