{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "libpam-systemd", "libsystemd-shared", "libsystemd0", "libudev1", "systemd", "systemd-resolved", "systemd-sysv", "udev" ] } }, "diff": { "deb": [ { "name": "libpam-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.1", "version": "257.9-0ubuntu2.1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.3", "version": "257.9-0ubuntu2.3" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "257.9-0ubuntu2.3", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:49:08 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd-shared", "from_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.1", "version": "257.9-0ubuntu2.1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.3", "version": "257.9-0ubuntu2.3" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "257.9-0ubuntu2.3", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:49:08 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd0", "from_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.1", "version": "257.9-0ubuntu2.1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.3", "version": "257.9-0ubuntu2.3" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "257.9-0ubuntu2.3", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:49:08 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libudev1", "from_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.1", "version": "257.9-0ubuntu2.1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.3", "version": "257.9-0ubuntu2.3" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "257.9-0ubuntu2.3", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:49:08 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.1", "version": "257.9-0ubuntu2.1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.3", "version": "257.9-0ubuntu2.3" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "257.9-0ubuntu2.3", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:49:08 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-resolved", "from_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.1", "version": "257.9-0ubuntu2.1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.3", "version": "257.9-0ubuntu2.3" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "257.9-0ubuntu2.3", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:49:08 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-sysv", "from_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.1", "version": "257.9-0ubuntu2.1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.3", "version": "257.9-0ubuntu2.3" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "257.9-0ubuntu2.3", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:49:08 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "udev", "from_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.1", "version": "257.9-0ubuntu2.1" }, "to_version": { "source_package_name": "systemd", "source_package_version": "257.9-0ubuntu2.3", "version": "257.9-0ubuntu2.3" }, "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-29111", "url": "https://ubuntu.com/security/CVE-2026-29111", "cve_description": "Local unprivileged user can trigger an assert in systemd", "cve_priority": "medium", "cve_public_date": "2026-03-23 20:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local unprivileged user can trigger an assert in systemd", " - d/p/CVE-2026-29111-1.patch: path-util: add flavour of path_startswith() that leaves", " a leading slash in place", " - d/p/CVE-2026-29111-2.patch: path-util: invert PATH_STARTSWITH_ACCEPT_DOT_DOT flag", " - d/p/CVE-2026-29111-3.patch: core/cgroup: avoid one unnecessary strjoina()", " - d/p/CVE-2026-29111-4.patch: core: validate input cgroup path more prudently", " * SECURITY UPDATE: Local root execution via malicious hardware devices", " - d/p/udev-check-for-invalid-chars-in-various-fields-received-f.patch", " - d/p/udev-fix-review-mixup.patch", " - No CVE number", "" ], "package": "systemd", "version": "257.9-0ubuntu2.3", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 13 Mar 2026 12:49:08 -0400" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.10 questing image from release image serial 20260320 to 20260324", "from_series": "questing", "to_series": "questing", "from_serial": "20260320", "to_serial": "20260324", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }