{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "apport", "apt", "initramfs-tools", "initramfs-tools-bin", "initramfs-tools-core", "krb5-locales", "libapt-pkg6.0", "libc-bin", "libc6", "libgssapi-krb5-2", "libk5crypto3", "libkrb5-3", "libkrb5support0", "python3-apport", "python3-pkg-resources", "python3-problem-report", "python3-setuptools", "tzdata" ] } }, "diff": { "deb": [ { "name": "apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.27", "version": "2.20.11-0ubuntu27.27" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.28", "version": "2.20.11-0ubuntu27.28" }, "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition can result in confidential information leakage", "cve_priority": "medium", "cve_public_date": "2025-05-29" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition can result in confidential information leakage", "cve_priority": "medium", "cve_public_date": "2025-05-29" } ], "log": [ "", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " - data/apport: Do not change report group to report owners primary group.", " - data/apport: Do not override options.pid.", " - data/apport: Open /proc/ as early as possible.", " - data/fileutils.py: Respect proc_pid_fd in get_core_path.", " - test/test_fileutils.py: Respect proc_pid_fd in get_core_path.", " - data/apport: Use opened /proc/ everywhere.", " - data/apport: Do consistency check before forwarding crashes.", " - data/apport: Require --dump-mode to be specified.", " - data/apport: Determine report owner by dump_mode.", " - test/test_signal_crashes.py: Determine report owner by dump_mode.", " - data/apport: Do not forward crash for dump_mode == 2.", " - data/apport: Support pidfd (%F) parameter from kernel.", " - etc/init.d/apport: Support pidfd (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.20.11-0ubuntu27.28", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Thu, 22 May 2025 17:30:20 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "apt", "from_version": { "source_package_name": "apt", "source_package_version": "2.0.10", "version": "2.0.10" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.0.11", "version": "2.0.11" }, "cves": [], "launchpad_bugs_fixed": [ 2083697 ], "changes": [ { "cves": [], "log": [ "", " * Fix buffer overflow, stack overflow, exponential complexity in", " apt-ftparchive Contents generation (LP: #2083697)", " - ftparchive: Mystrdup: Add safety check and bump buffer size", " - ftparchive: contents: Avoid exponential complexity and overflows", " - test framework: Improve valgrind support", " - test: Check that apt-ftparchive handles deep paths", " - increase valgrind cleanliness to make the tests pass:", " - pkgcachegen: Use placement new to construct header", " - acquire: Disable gcc optimization of strcmp() reading too far into", " struct dirent's d_name buffer.", "" ], "package": "apt", "version": "2.0.11", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2083697 ], "author": "Julian Andres Klode ", "date": "Tue, 22 Oct 2024 15:27:19 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "initramfs-tools", "from_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.7", "version": "0.136ubuntu6.7" }, "to_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.8", "version": "0.136ubuntu6.8" }, "cves": [], "launchpad_bugs_fixed": [ 2056187 ], "changes": [ { "cves": [], "log": [ "", " * Fix configuring BOOTIF when using iSCSI (LP: #2056187)", " * Port the net autopkgtest to the common test framework. This drops", " depending on downloading a cloud image from the Internet and reduces", " the execution time from 3:19 min down to 0:57 min. Also backport", " autopkgtest improvements from version 0.142ubuntu23 to run the", " test on all architectures and to check more results from qemu-net.", "" ], "package": "initramfs-tools", "version": "0.136ubuntu6.8", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2056187 ], "author": "Benjamin Drung ", "date": "Tue, 19 Mar 2024 13:12:51 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "initramfs-tools-bin", "from_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.7", "version": "0.136ubuntu6.7" }, "to_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.8", "version": "0.136ubuntu6.8" }, "cves": [], "launchpad_bugs_fixed": [ 2056187 ], "changes": [ { "cves": [], "log": [ "", " * Fix configuring BOOTIF when using iSCSI (LP: #2056187)", " * Port the net autopkgtest to the common test framework. This drops", " depending on downloading a cloud image from the Internet and reduces", " the execution time from 3:19 min down to 0:57 min. Also backport", " autopkgtest improvements from version 0.142ubuntu23 to run the", " test on all architectures and to check more results from qemu-net.", "" ], "package": "initramfs-tools", "version": "0.136ubuntu6.8", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2056187 ], "author": "Benjamin Drung ", "date": "Tue, 19 Mar 2024 13:12:51 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "initramfs-tools-core", "from_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.7", "version": "0.136ubuntu6.7" }, "to_version": { "source_package_name": "initramfs-tools", "source_package_version": "0.136ubuntu6.8", "version": "0.136ubuntu6.8" }, "cves": [], "launchpad_bugs_fixed": [ 2056187 ], "changes": [ { "cves": [], "log": [ "", " * Fix configuring BOOTIF when using iSCSI (LP: #2056187)", " * Port the net autopkgtest to the common test framework. This drops", " depending on downloading a cloud image from the Internet and reduces", " the execution time from 3:19 min down to 0:57 min. Also backport", " autopkgtest improvements from version 0.142ubuntu23 to run the", " test on all architectures and to check more results from qemu-net.", "" ], "package": "initramfs-tools", "version": "0.136ubuntu6.8", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2056187 ], "author": "Benjamin Drung ", "date": "Tue, 19 Mar 2024 13:12:51 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "krb5-locales", "from_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.9", "version": "1.17-6ubuntu4.9" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.11", "version": "1.17-6ubuntu4.11" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.17-6ubuntu4.11", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 17:02:09 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libapt-pkg6.0", "from_version": { "source_package_name": "apt", "source_package_version": "2.0.10", "version": "2.0.10" }, "to_version": { "source_package_name": "apt", "source_package_version": "2.0.11", "version": "2.0.11" }, "cves": [], "launchpad_bugs_fixed": [ 2083697 ], "changes": [ { "cves": [], "log": [ "", " * Fix buffer overflow, stack overflow, exponential complexity in", " apt-ftparchive Contents generation (LP: #2083697)", " - ftparchive: Mystrdup: Add safety check and bump buffer size", " - ftparchive: contents: Avoid exponential complexity and overflows", " - test framework: Improve valgrind support", " - test: Check that apt-ftparchive handles deep paths", " - increase valgrind cleanliness to make the tests pass:", " - pkgcachegen: Use placement new to construct header", " - acquire: Disable gcc optimization of strcmp() reading too far into", " struct dirent's d_name buffer.", "" ], "package": "apt", "version": "2.0.11", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2083697 ], "author": "Julian Andres Klode ", "date": "Tue, 22 Oct 2024 15:27:19 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc-bin", "from_version": { "source_package_name": "glibc", "source_package_version": "2.31-0ubuntu9.17", "version": "2.31-0ubuntu9.17" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.31-0ubuntu9.18", "version": "2.31-0ubuntu9.18" }, "cves": [ { "cve": "CVE-2025-4802", "url": "https://ubuntu.com/security/CVE-2025-4802", "cve_description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "cve_priority": "medium", "cve_public_date": "2025-05-16 20:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4802", "url": "https://ubuntu.com/security/CVE-2025-4802", "cve_description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "cve_priority": "medium", "cve_public_date": "2025-05-16 20:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: privelege escalation issue", " - debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH", " and debug env var for setuid for static", " - CVE-2025-4802", "" ], "package": "glibc", "version": "2.31-0ubuntu9.18", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Nishit Majithia ", "date": "Mon, 26 May 2025 13:39:37 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libc6", "from_version": { "source_package_name": "glibc", "source_package_version": "2.31-0ubuntu9.17", "version": "2.31-0ubuntu9.17" }, "to_version": { "source_package_name": "glibc", "source_package_version": "2.31-0ubuntu9.18", "version": "2.31-0ubuntu9.18" }, "cves": [ { "cve": "CVE-2025-4802", "url": "https://ubuntu.com/security/CVE-2025-4802", "cve_description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "cve_priority": "medium", "cve_public_date": "2025-05-16 20:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-4802", "url": "https://ubuntu.com/security/CVE-2025-4802", "cve_description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "cve_priority": "medium", "cve_public_date": "2025-05-16 20:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: privelege escalation issue", " - debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH", " and debug env var for setuid for static", " - CVE-2025-4802", "" ], "package": "glibc", "version": "2.31-0ubuntu9.18", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Nishit Majithia ", "date": "Mon, 26 May 2025 13:39:37 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgssapi-krb5-2", "from_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.9", "version": "1.17-6ubuntu4.9" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.11", "version": "1.17-6ubuntu4.11" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.17-6ubuntu4.11", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 17:02:09 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libk5crypto3", "from_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.9", "version": "1.17-6ubuntu4.9" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.11", "version": "1.17-6ubuntu4.11" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.17-6ubuntu4.11", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 17:02:09 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libkrb5-3", "from_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.9", "version": "1.17-6ubuntu4.9" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.11", "version": "1.17-6ubuntu4.11" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.17-6ubuntu4.11", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 17:02:09 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libkrb5support0", "from_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.9", "version": "1.17-6ubuntu4.9" }, "to_version": { "source_package_name": "krb5", "source_package_version": "1.17-6ubuntu4.11", "version": "1.17-6ubuntu4.11" }, "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-3576", "url": "https://ubuntu.com/security/CVE-2025-3576", "cve_description": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "cve_priority": "medium", "cve_public_date": "2025-04-15 06:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Use of weak cryptographic hash.", " - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.", " Disallow usage of des3 and rc4 unless allowed in the config. Replace", " warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add", " allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage", " of deprecated enctypes in ./src/kdc/kdc_util.c.", " - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with", " ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.", " - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.", " - CVE-2025-3576", "" ], "package": "krb5", "version": "1.17-6ubuntu4.11", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Thu, 15 May 2025 17:02:09 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apport", "from_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.27", "version": "2.20.11-0ubuntu27.27" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.28", "version": "2.20.11-0ubuntu27.28" }, "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition can result in confidential information leakage", "cve_priority": "medium", "cve_public_date": "2025-05-29" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition can result in confidential information leakage", "cve_priority": "medium", "cve_public_date": "2025-05-29" } ], "log": [ "", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " - data/apport: Do not change report group to report owners primary group.", " - data/apport: Do not override options.pid.", " - data/apport: Open /proc/ as early as possible.", " - data/fileutils.py: Respect proc_pid_fd in get_core_path.", " - test/test_fileutils.py: Respect proc_pid_fd in get_core_path.", " - data/apport: Use opened /proc/ everywhere.", " - data/apport: Do consistency check before forwarding crashes.", " - data/apport: Require --dump-mode to be specified.", " - data/apport: Determine report owner by dump_mode.", " - test/test_signal_crashes.py: Determine report owner by dump_mode.", " - data/apport: Do not forward crash for dump_mode == 2.", " - data/apport: Support pidfd (%F) parameter from kernel.", " - etc/init.d/apport: Support pidfd (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.20.11-0ubuntu27.28", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Thu, 22 May 2025 17:30:20 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-pkg-resources", "from_version": { "source_package_name": "setuptools", "source_package_version": "45.2.0-1ubuntu0.2", "version": "45.2.0-1ubuntu0.2" }, "to_version": { "source_package_name": "setuptools", "source_package_version": "45.2.0-1ubuntu0.3", "version": "45.2.0-1ubuntu0.3" }, "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: path traversal vulnerability", " - debian/patches/CVE-2025-47273-pre1.patch: Extract", " _resolve_download_filename with test.", " - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name", " resolves relative to the tmpdir.", " - CVE-2025-47273", "" ], "package": "setuptools", "version": "45.2.0-1ubuntu0.3", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Fabian Toepfer ", "date": "Wed, 28 May 2025 19:14:28 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-problem-report", "from_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.27", "version": "2.20.11-0ubuntu27.27" }, "to_version": { "source_package_name": "apport", "source_package_version": "2.20.11-0ubuntu27.28", "version": "2.20.11-0ubuntu27.28" }, "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition can result in confidential information leakage", "cve_priority": "medium", "cve_public_date": "2025-05-29" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-5054", "url": "https://ubuntu.com/security/CVE-2025-5054", "cve_description": "Race condition can result in confidential information leakage", "cve_priority": "medium", "cve_public_date": "2025-05-29" } ], "log": [ "", " * SECURITY UPDATE: Race condition when forwarding core files to containers", " - data/apport: Do not change report group to report owners primary group.", " - data/apport: Do not override options.pid.", " - data/apport: Open /proc/ as early as possible.", " - data/fileutils.py: Respect proc_pid_fd in get_core_path.", " - test/test_fileutils.py: Respect proc_pid_fd in get_core_path.", " - data/apport: Use opened /proc/ everywhere.", " - data/apport: Do consistency check before forwarding crashes.", " - data/apport: Require --dump-mode to be specified.", " - data/apport: Determine report owner by dump_mode.", " - test/test_signal_crashes.py: Determine report owner by dump_mode.", " - data/apport: Do not forward crash for dump_mode == 2.", " - data/apport: Support pidfd (%F) parameter from kernel.", " - etc/init.d/apport: Support pidfd (%F) parameter from kernel.", " - CVE-2025-5054", "" ], "package": "apport", "version": "2.20.11-0ubuntu27.28", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Octavio Galland ", "date": "Thu, 22 May 2025 17:30:20 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-setuptools", "from_version": { "source_package_name": "setuptools", "source_package_version": "45.2.0-1ubuntu0.2", "version": "45.2.0-1ubuntu0.2" }, "to_version": { "source_package_name": "setuptools", "source_package_version": "45.2.0-1ubuntu0.3", "version": "45.2.0-1ubuntu0.3" }, "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-47273", "url": "https://ubuntu.com/security/CVE-2025-47273", "cve_description": "setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2025-05-17 16:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: path traversal vulnerability", " - debian/patches/CVE-2025-47273-pre1.patch: Extract", " _resolve_download_filename with test.", " - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name", " resolves relative to the tmpdir.", " - CVE-2025-47273", "" ], "package": "setuptools", "version": "45.2.0-1ubuntu0.3", "urgency": "medium", "distributions": "focal-security", "launchpad_bugs_fixed": [], "author": "Fabian Toepfer ", "date": "Wed, 28 May 2025 19:14:28 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "tzdata", "from_version": { "source_package_name": "tzdata", "source_package_version": "2025b-0ubuntu0.20.04", "version": "2025b-0ubuntu0.20.04" }, "to_version": { "source_package_name": "tzdata", "source_package_version": "2025b-0ubuntu0.20.04.1", "version": "2025b-0ubuntu0.20.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2107950 ], "changes": [ { "cves": [], "log": [ "", " * Update the ICU timezone data to 2025b (LP: #2107950)", " * Add autopkgtest test case for ICU timezone data 2025b", "" ], "package": "tzdata", "version": "2025b-0ubuntu0.20.04.1", "urgency": "medium", "distributions": "focal", "launchpad_bugs_fixed": [ 2107950 ], "author": "Benjamin Drung ", "date": "Tue, 22 Apr 2025 12:20:10 +0200" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 20.04 focal image from daily image serial 20250527 to 20250530", "from_series": "focal", "to_series": "focal", "from_serial": "20250527", "to_serial": "20250530", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }