{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "cloud-init", "cloud-init-base", "libpcre2-8-0:s390x", "libssl3t64:s390x", "openssl", "openssl-provider-legacy" ] } }, "diff": { "deb": [ { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "25.1.4-0ubuntu0~25.04.1", "version": "25.1.4-0ubuntu0~25.04.1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "25.2-0ubuntu1~25.04.1", "version": "25.2-0ubuntu1~25.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2120495 ], "changes": [ { "cves": [], "log": [ "", " * d/control: add Azure metapackage", " + New Azure binary package depending on cloud-init-base and", " python3-passlib.", " * d/cloud-init-base.preinst: avoid sed of /etc/fstab when absent", " * d/control: remove trailing whitespace", " * Upstream snapshot based on 25.2. (LP: #2120495).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/25.2/ChangeLog", "" ], "package": "cloud-init", "version": "25.2-0ubuntu1~25.04.1", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2120495 ], "author": "James Falcon ", "date": "Tue, 12 Aug 2025 17:09:23 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "cloud-init-base", "from_version": { "source_package_name": "cloud-init", "source_package_version": "25.1.4-0ubuntu0~25.04.1", "version": "25.1.4-0ubuntu0~25.04.1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "25.2-0ubuntu1~25.04.1", "version": "25.2-0ubuntu1~25.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2120495 ], "changes": [ { "cves": [], "log": [ "", " * d/control: add Azure metapackage", " + New Azure binary package depending on cloud-init-base and", " python3-passlib.", " * d/cloud-init-base.preinst: avoid sed of /etc/fstab when absent", " * d/control: remove trailing whitespace", " * Upstream snapshot based on 25.2. (LP: #2120495).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/25.2/ChangeLog", "" ], "package": "cloud-init", "version": "25.2-0ubuntu1~25.04.1", "urgency": "medium", "distributions": "plucky", "launchpad_bugs_fixed": [ 2120495 ], "author": "James Falcon ", "date": "Tue, 12 Aug 2025 17:09:23 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpcre2-8-0:s390x", "from_version": { "source_package_name": "pcre2", "source_package_version": "10.45-1", "version": "10.45-1" }, "to_version": { "source_package_name": "pcre2", "source_package_version": "10.45-1ubuntu0.1", "version": "10.45-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-58050", "url": "https://ubuntu.com/security/CVE-2025-58050", "cve_description": "The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.", "cve_priority": "medium", "cve_public_date": "2025-08-27 19:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-58050", "url": "https://ubuntu.com/security/CVE-2025-58050", "cve_description": "The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.", "cve_priority": "medium", "cve_public_date": "2025-08-27 19:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: heap overflow in scan substring", " - debian/patches/CVE-2025-58050.patch: restore buffer after an ACCEPT", " inside an scan substring block in src/pcre2_match.c,", " testdata/testinput2, testdata/testoutput2.", " - CVE-2025-58050", "" ], "package": "pcre2", "version": "10.45-1ubuntu0.1", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 12 Sep 2025 10:30:21 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libssl3t64:s390x", "from_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu3", "version": "3.4.1-1ubuntu3" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu4", "version": "3.4.1-1ubuntu4" }, "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Out-of-bounds read & write in RFC 3211 KEK Unwrap", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Timing side-channel in SM2 algorithm on 64 bit ARM", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Out-of-bounds read in HTTP client no_proxy handling", "cve_priority": "low", "cve_public_date": "2025-09-30" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Out-of-bounds read & write in RFC 3211 KEK Unwrap", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Timing side-channel in SM2 algorithm on 64 bit ARM", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Out-of-bounds read in HTTP client no_proxy handling", "cve_priority": "low", "cve_public_date": "2025-09-30" } ], "log": [ "", " * SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap", " - debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped", " key size in crypto/cms/cms_pwri.c.", " - CVE-2025-9230", " * SECURITY UPDATE: Timing side-channel in SM2 algorithm on 64 bit ARM", " - debian/patches/CVE-2025-9231-1.patch: use constant time modular", " inversion in crypto/ec/ecp_sm2p256.c.", " - debian/patches/CVE-2025-9231-2.patch: remove unused code in", " crypto/ec/ecp_sm2p256.c.", " - CVE-2025-9231", " * SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling", " - debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte", " in crypto/http/http_lib.c.", " - CVE-2025-9232", "" ], "package": "openssl", "version": "3.4.1-1ubuntu4", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 18 Sep 2025 07:07:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssl", "from_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu3", "version": "3.4.1-1ubuntu3" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu4", "version": "3.4.1-1ubuntu4" }, "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Out-of-bounds read & write in RFC 3211 KEK Unwrap", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Timing side-channel in SM2 algorithm on 64 bit ARM", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Out-of-bounds read in HTTP client no_proxy handling", "cve_priority": "low", "cve_public_date": "2025-09-30" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Out-of-bounds read & write in RFC 3211 KEK Unwrap", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Timing side-channel in SM2 algorithm on 64 bit ARM", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Out-of-bounds read in HTTP client no_proxy handling", "cve_priority": "low", "cve_public_date": "2025-09-30" } ], "log": [ "", " * SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap", " - debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped", " key size in crypto/cms/cms_pwri.c.", " - CVE-2025-9230", " * SECURITY UPDATE: Timing side-channel in SM2 algorithm on 64 bit ARM", " - debian/patches/CVE-2025-9231-1.patch: use constant time modular", " inversion in crypto/ec/ecp_sm2p256.c.", " - debian/patches/CVE-2025-9231-2.patch: remove unused code in", " crypto/ec/ecp_sm2p256.c.", " - CVE-2025-9231", " * SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling", " - debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte", " in crypto/http/http_lib.c.", " - CVE-2025-9232", "" ], "package": "openssl", "version": "3.4.1-1ubuntu4", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 18 Sep 2025 07:07:45 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssl-provider-legacy", "from_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu3", "version": "3.4.1-1ubuntu3" }, "to_version": { "source_package_name": "openssl", "source_package_version": "3.4.1-1ubuntu4", "version": "3.4.1-1ubuntu4" }, "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Out-of-bounds read & write in RFC 3211 KEK Unwrap", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Timing side-channel in SM2 algorithm on 64 bit ARM", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Out-of-bounds read in HTTP client no_proxy handling", "cve_priority": "low", "cve_public_date": "2025-09-30" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-9230", "url": "https://ubuntu.com/security/CVE-2025-9230", "cve_description": "Out-of-bounds read & write in RFC 3211 KEK Unwrap", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9231", "url": "https://ubuntu.com/security/CVE-2025-9231", "cve_description": "Timing side-channel in SM2 algorithm on 64 bit ARM", "cve_priority": "medium", "cve_public_date": "2025-09-30" }, { "cve": "CVE-2025-9232", "url": "https://ubuntu.com/security/CVE-2025-9232", "cve_description": "Out-of-bounds read in HTTP client no_proxy handling", "cve_priority": "low", "cve_public_date": "2025-09-30" } ], "log": [ "", " * SECURITY UPDATE: Out-of-bounds read & write in RFC 3211 KEK Unwrap", " - debian/patches/CVE-2025-9230.patch: fix incorrect check of unwrapped", " key size in crypto/cms/cms_pwri.c.", " - CVE-2025-9230", " * SECURITY UPDATE: Timing side-channel in SM2 algorithm on 64 bit ARM", " - debian/patches/CVE-2025-9231-1.patch: use constant time modular", " inversion in crypto/ec/ecp_sm2p256.c.", " - debian/patches/CVE-2025-9231-2.patch: remove unused code in", " crypto/ec/ecp_sm2p256.c.", " - CVE-2025-9231", " * SECURITY UPDATE: Out-of-bounds read in HTTP client no_proxy handling", " - debian/patches/CVE-2025-9232.patch: add missing terminating NUL byte", " in crypto/http/http_lib.c.", " - CVE-2025-9232", "" ], "package": "openssl", "version": "3.4.1-1ubuntu4", "urgency": "medium", "distributions": "plucky-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Thu, 18 Sep 2025 07:07:45 -0400" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.04 plucky image from release image serial 20250924 to 20250930", "from_series": "plucky", "to_series": "plucky", "from_serial": "20250924", "to_serial": "20250930", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }