{
"summary": {
"snap": {
"added": [],
"removed": [],
"diff": [
"snapd"
]
},
"deb": {
"added": [
"linux-headers-5.4.0-205",
"linux-headers-5.4.0-205-generic",
"linux-image-5.4.0-205-generic",
"linux-modules-5.4.0-205-generic"
],
"removed": [
"linux-headers-5.4.0-204",
"linux-headers-5.4.0-204-generic",
"linux-image-5.4.0-204-generic",
"linux-modules-5.4.0-204-generic"
],
"diff": [
"libpython3.8:s390x",
"libpython3.8-minimal:s390x",
"libpython3.8-stdlib:s390x",
"linux-headers-generic",
"linux-headers-virtual",
"linux-image-virtual",
"linux-virtual",
"python3.8",
"python3.8-minimal",
"rsync",
"vim",
"vim-common",
"vim-runtime",
"vim-tiny",
"xfsprogs",
"xxd"
]
}
},
"diff": {
"deb": [
{
"name": "libpython3.8:s390x",
"from_version": {
"source_package_name": "python3.8",
"source_package_version": "3.8.10-0ubuntu1~20.04.13",
"version": "3.8.10-0ubuntu1~20.04.13"
},
"to_version": {
"source_package_name": "python3.8",
"source_package_version": "3.8.10-0ubuntu1~20.04.14",
"version": "3.8.10-0ubuntu1~20.04.14"
},
"cves": [
{
"cve": "CVE-2024-11168",
"url": "https://ubuntu.com/security/CVE-2024-11168",
"cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.",
"cve_priority": "medium",
"cve_public_date": "2024-11-12 22:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-11168",
"url": "https://ubuntu.com/security/CVE-2024-11168",
"cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.",
"cve_priority": "medium",
"cve_public_date": "2024-11-12 22:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: incorrect validation of bracketed hosts",
" - debian/patches/CVE-2024-11168.patch: add checks to ensure that",
" bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in",
" Lib/urllib/parse.py, Lib/test/test_urlparse.py.",
" - CVE-2024-11168",
""
],
"package": "python3.8",
"version": "3.8.10-0ubuntu1~20.04.14",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Fri, 17 Jan 2025 09:40:23 -0500"
}
],
"notes": null
},
{
"name": "libpython3.8-minimal:s390x",
"from_version": {
"source_package_name": "python3.8",
"source_package_version": "3.8.10-0ubuntu1~20.04.13",
"version": "3.8.10-0ubuntu1~20.04.13"
},
"to_version": {
"source_package_name": "python3.8",
"source_package_version": "3.8.10-0ubuntu1~20.04.14",
"version": "3.8.10-0ubuntu1~20.04.14"
},
"cves": [
{
"cve": "CVE-2024-11168",
"url": "https://ubuntu.com/security/CVE-2024-11168",
"cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.",
"cve_priority": "medium",
"cve_public_date": "2024-11-12 22:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-11168",
"url": "https://ubuntu.com/security/CVE-2024-11168",
"cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.",
"cve_priority": "medium",
"cve_public_date": "2024-11-12 22:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: incorrect validation of bracketed hosts",
" - debian/patches/CVE-2024-11168.patch: add checks to ensure that",
" bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in",
" Lib/urllib/parse.py, Lib/test/test_urlparse.py.",
" - CVE-2024-11168",
""
],
"package": "python3.8",
"version": "3.8.10-0ubuntu1~20.04.14",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Fri, 17 Jan 2025 09:40:23 -0500"
}
],
"notes": null
},
{
"name": "libpython3.8-stdlib:s390x",
"from_version": {
"source_package_name": "python3.8",
"source_package_version": "3.8.10-0ubuntu1~20.04.13",
"version": "3.8.10-0ubuntu1~20.04.13"
},
"to_version": {
"source_package_name": "python3.8",
"source_package_version": "3.8.10-0ubuntu1~20.04.14",
"version": "3.8.10-0ubuntu1~20.04.14"
},
"cves": [
{
"cve": "CVE-2024-11168",
"url": "https://ubuntu.com/security/CVE-2024-11168",
"cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.",
"cve_priority": "medium",
"cve_public_date": "2024-11-12 22:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-11168",
"url": "https://ubuntu.com/security/CVE-2024-11168",
"cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.",
"cve_priority": "medium",
"cve_public_date": "2024-11-12 22:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: incorrect validation of bracketed hosts",
" - debian/patches/CVE-2024-11168.patch: add checks to ensure that",
" bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in",
" Lib/urllib/parse.py, Lib/test/test_urlparse.py.",
" - CVE-2024-11168",
""
],
"package": "python3.8",
"version": "3.8.10-0ubuntu1~20.04.14",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Fri, 17 Jan 2025 09:40:23 -0500"
}
],
"notes": null
},
{
"name": "linux-headers-generic",
"from_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.204.200",
"version": "5.4.0.204.200"
},
"to_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.205.201",
"version": "5.4.0.205.201"
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [],
"log": [
"",
" * Bump ABI 5.4.0-205",
""
],
"package": "linux-meta",
"version": "5.4.0.205.201",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:40:35 +0100"
}
],
"notes": null
},
{
"name": "linux-headers-virtual",
"from_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.204.200",
"version": "5.4.0.204.200"
},
"to_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.205.201",
"version": "5.4.0.205.201"
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [],
"log": [
"",
" * Bump ABI 5.4.0-205",
""
],
"package": "linux-meta",
"version": "5.4.0.205.201",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:40:35 +0100"
}
],
"notes": null
},
{
"name": "linux-image-virtual",
"from_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.204.200",
"version": "5.4.0.204.200"
},
"to_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.205.201",
"version": "5.4.0.205.201"
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [],
"log": [
"",
" * Bump ABI 5.4.0-205",
""
],
"package": "linux-meta",
"version": "5.4.0.205.201",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:40:35 +0100"
}
],
"notes": null
},
{
"name": "linux-virtual",
"from_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.204.200",
"version": "5.4.0.204.200"
},
"to_version": {
"source_package_name": "linux-meta",
"source_package_version": "5.4.0.205.201",
"version": "5.4.0.205.201"
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [],
"log": [
"",
" * Bump ABI 5.4.0-205",
""
],
"package": "linux-meta",
"version": "5.4.0.205.201",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:40:35 +0100"
}
],
"notes": null
},
{
"name": "python3.8",
"from_version": {
"source_package_name": "python3.8",
"source_package_version": "3.8.10-0ubuntu1~20.04.13",
"version": "3.8.10-0ubuntu1~20.04.13"
},
"to_version": {
"source_package_name": "python3.8",
"source_package_version": "3.8.10-0ubuntu1~20.04.14",
"version": "3.8.10-0ubuntu1~20.04.14"
},
"cves": [
{
"cve": "CVE-2024-11168",
"url": "https://ubuntu.com/security/CVE-2024-11168",
"cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.",
"cve_priority": "medium",
"cve_public_date": "2024-11-12 22:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-11168",
"url": "https://ubuntu.com/security/CVE-2024-11168",
"cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.",
"cve_priority": "medium",
"cve_public_date": "2024-11-12 22:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: incorrect validation of bracketed hosts",
" - debian/patches/CVE-2024-11168.patch: add checks to ensure that",
" bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in",
" Lib/urllib/parse.py, Lib/test/test_urlparse.py.",
" - CVE-2024-11168",
""
],
"package": "python3.8",
"version": "3.8.10-0ubuntu1~20.04.14",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Fri, 17 Jan 2025 09:40:23 -0500"
}
],
"notes": null
},
{
"name": "python3.8-minimal",
"from_version": {
"source_package_name": "python3.8",
"source_package_version": "3.8.10-0ubuntu1~20.04.13",
"version": "3.8.10-0ubuntu1~20.04.13"
},
"to_version": {
"source_package_name": "python3.8",
"source_package_version": "3.8.10-0ubuntu1~20.04.14",
"version": "3.8.10-0ubuntu1~20.04.14"
},
"cves": [
{
"cve": "CVE-2024-11168",
"url": "https://ubuntu.com/security/CVE-2024-11168",
"cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.",
"cve_priority": "medium",
"cve_public_date": "2024-11-12 22:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2024-11168",
"url": "https://ubuntu.com/security/CVE-2024-11168",
"cve_description": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.",
"cve_priority": "medium",
"cve_public_date": "2024-11-12 22:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: incorrect validation of bracketed hosts",
" - debian/patches/CVE-2024-11168.patch: add checks to ensure that",
" bracketed hosts found by urlsplit are of IPv6 or IPvFuture format in",
" Lib/urllib/parse.py, Lib/test/test_urlparse.py.",
" - CVE-2024-11168",
""
],
"package": "python3.8",
"version": "3.8.10-0ubuntu1~20.04.14",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [],
"author": "Marc Deslauriers <marc.deslauriers@ubuntu.com>",
"date": "Fri, 17 Jan 2025 09:40:23 -0500"
}
],
"notes": null
},
{
"name": "rsync",
"from_version": {
"source_package_name": "rsync",
"source_package_version": "3.1.3-8ubuntu0.7",
"version": "3.1.3-8ubuntu0.7"
},
"to_version": {
"source_package_name": "rsync",
"source_package_version": "3.1.3-8ubuntu0.9",
"version": "3.1.3-8ubuntu0.9"
},
"cves": [
{
"cve": "CVE-2024-12088",
"url": "https://ubuntu.com/security/CVE-2024-12088",
"cve_description": "A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.",
"cve_priority": "medium",
"cve_public_date": "2025-01-14 18:15:00 UTC"
},
{
"cve": "CVE-2024-12087",
"url": "https://ubuntu.com/security/CVE-2024-12087",
"cve_description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.",
"cve_priority": "medium",
"cve_public_date": "2025-01-14 18:15:00 UTC"
},
{
"cve": "CVE-2024-12086",
"url": "https://ubuntu.com/security/CVE-2024-12086",
"cve_description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.",
"cve_priority": "medium",
"cve_public_date": "2025-01-14 18:15:00 UTC"
},
{
"cve": "CVE-2024-12085",
"url": "https://ubuntu.com/security/CVE-2024-12085",
"cve_description": "A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.",
"cve_priority": "medium",
"cve_public_date": "2025-01-14 18:15:00 UTC"
},
{
"cve": "CVE-2024-12747",
"url": "https://ubuntu.com/security/CVE-2024-12747",
"cve_description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.",
"cve_priority": "medium",
"cve_public_date": "2025-01-14 18:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2095004
],
"changes": [
{
"cves": [],
"log": [
"",
" * SECURITY REGRESSION: flag collision (LP: #2095004)",
" - d/p/fix_flag_got_dir_flist_collision.patch: change the flag bit to 13",
""
],
"package": "rsync",
"version": "3.1.3-8ubuntu0.9",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [
2095004
],
"author": "Sudhakar Verma <sudhakar.verma@canonical.com>",
"date": "Thu, 16 Jan 2025 15:38:39 +0530"
},
{
"cves": [
{
"cve": "CVE-2024-12088",
"url": "https://ubuntu.com/security/CVE-2024-12088",
"cve_description": "A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.",
"cve_priority": "medium",
"cve_public_date": "2025-01-14 18:15:00 UTC"
},
{
"cve": "CVE-2024-12087",
"url": "https://ubuntu.com/security/CVE-2024-12087",
"cve_description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.",
"cve_priority": "medium",
"cve_public_date": "2025-01-14 18:15:00 UTC"
},
{
"cve": "CVE-2024-12086",
"url": "https://ubuntu.com/security/CVE-2024-12086",
"cve_description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.",
"cve_priority": "medium",
"cve_public_date": "2025-01-14 18:15:00 UTC"
},
{
"cve": "CVE-2024-12085",
"url": "https://ubuntu.com/security/CVE-2024-12085",
"cve_description": "A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.",
"cve_priority": "medium",
"cve_public_date": "2025-01-14 18:15:00 UTC"
},
{
"cve": "CVE-2024-12747",
"url": "https://ubuntu.com/security/CVE-2024-12747",
"cve_description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.",
"cve_priority": "medium",
"cve_public_date": "2025-01-14 18:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: safe links bypass vulnerability",
" - d/p/CVE-2024-12088/0001-make-safe-links-stricter.patch: reject",
" links where a \"../\" component is included in the destination",
" - CVE-2024-12088",
" * SECURITY UPDATE: arbitrary file write via symbolic links",
" - d/p/CVE-2024-12087/0001-Refuse-a-duplicate-dirlist.patch: refuse",
" malicious duplicate flist for dir",
" - d/p/CVE-2024-12087/0002-range-check-dir_ndx-before-use.patch: refuse",
" invalid dir_ndx",
" - CVE-2024-12087",
" * SECURITY UPDATE: arbitrary client file leak",
" - d/p/CVE-2024-12086/0001-refuse-fuzzy-options-when-fuzzy-not-selected.patch:",
" refuse fuzzy options when not selected",
" - d/p/CVE-2024-12086/0002-added-secure_relative_open.patch: safe",
" implementation to open a file relative to a base directory",
" - d/p/CVE-2024-12086/0003-receiver-use-secure_relative_open-for-basis-file.patch:",
" ensure secure file access for basis file",
" - d/p/CVE-2024-12086/0004-disallow-.-elements-in-relpath-for-secure_relative_o.patch:",
" disallow \"../\" in relative path",
" - CVE-2024-12086",
" * SECURITY UPDATE: information leak via uninitialized stack contents",
" - d/p/CVE-2024-12085/0001-prevent-information-leak-off-the-stack.patch:",
" prevent information leak by zeroing",
" - CVE-2024-12085",
" * SECURITY UPDATE: symlink race condition",
" - d/p/CVE-2024-12747/0001-fixed-symlink-race-condition-in-sender.patch:",
" do_open_checklinks to prevent symlink race",
" - CVE-2024-12747 ",
""
],
"package": "rsync",
"version": "3.1.3-8ubuntu0.8",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [],
"author": "Sudhakar Verma <sudhakar.verma@canonical.com>",
"date": "Tue, 17 Dec 2024 15:04:45 +0530"
}
],
"notes": null
},
{
"name": "vim",
"from_version": {
"source_package_name": "vim",
"source_package_version": "2:8.1.2269-1ubuntu5.29",
"version": "2:8.1.2269-1ubuntu5.29"
},
"to_version": {
"source_package_name": "vim",
"source_package_version": "2:8.1.2269-1ubuntu5.30",
"version": "2:8.1.2269-1ubuntu5.30"
},
"cves": [
{
"cve": "CVE-2025-22134",
"url": "https://ubuntu.com/security/CVE-2025-22134",
"cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"cve_priority": "medium",
"cve_public_date": "2025-01-13 21:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-22134",
"url": "https://ubuntu.com/security/CVE-2025-22134",
"cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"cve_priority": "medium",
"cve_public_date": "2025-01-13 21:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Heap-buffer-overflow when switching buffers.",
" - debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to",
" src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.",
" - CVE-2025-22134",
""
],
"package": "vim",
"version": "2:8.1.2269-1ubuntu5.30",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [],
"author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
"date": "Mon, 20 Jan 2025 10:26:30 -0330"
}
],
"notes": null
},
{
"name": "vim-common",
"from_version": {
"source_package_name": "vim",
"source_package_version": "2:8.1.2269-1ubuntu5.29",
"version": "2:8.1.2269-1ubuntu5.29"
},
"to_version": {
"source_package_name": "vim",
"source_package_version": "2:8.1.2269-1ubuntu5.30",
"version": "2:8.1.2269-1ubuntu5.30"
},
"cves": [
{
"cve": "CVE-2025-22134",
"url": "https://ubuntu.com/security/CVE-2025-22134",
"cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"cve_priority": "medium",
"cve_public_date": "2025-01-13 21:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-22134",
"url": "https://ubuntu.com/security/CVE-2025-22134",
"cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"cve_priority": "medium",
"cve_public_date": "2025-01-13 21:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Heap-buffer-overflow when switching buffers.",
" - debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to",
" src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.",
" - CVE-2025-22134",
""
],
"package": "vim",
"version": "2:8.1.2269-1ubuntu5.30",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [],
"author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
"date": "Mon, 20 Jan 2025 10:26:30 -0330"
}
],
"notes": null
},
{
"name": "vim-runtime",
"from_version": {
"source_package_name": "vim",
"source_package_version": "2:8.1.2269-1ubuntu5.29",
"version": "2:8.1.2269-1ubuntu5.29"
},
"to_version": {
"source_package_name": "vim",
"source_package_version": "2:8.1.2269-1ubuntu5.30",
"version": "2:8.1.2269-1ubuntu5.30"
},
"cves": [
{
"cve": "CVE-2025-22134",
"url": "https://ubuntu.com/security/CVE-2025-22134",
"cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"cve_priority": "medium",
"cve_public_date": "2025-01-13 21:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-22134",
"url": "https://ubuntu.com/security/CVE-2025-22134",
"cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"cve_priority": "medium",
"cve_public_date": "2025-01-13 21:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Heap-buffer-overflow when switching buffers.",
" - debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to",
" src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.",
" - CVE-2025-22134",
""
],
"package": "vim",
"version": "2:8.1.2269-1ubuntu5.30",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [],
"author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
"date": "Mon, 20 Jan 2025 10:26:30 -0330"
}
],
"notes": null
},
{
"name": "vim-tiny",
"from_version": {
"source_package_name": "vim",
"source_package_version": "2:8.1.2269-1ubuntu5.29",
"version": "2:8.1.2269-1ubuntu5.29"
},
"to_version": {
"source_package_name": "vim",
"source_package_version": "2:8.1.2269-1ubuntu5.30",
"version": "2:8.1.2269-1ubuntu5.30"
},
"cves": [
{
"cve": "CVE-2025-22134",
"url": "https://ubuntu.com/security/CVE-2025-22134",
"cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"cve_priority": "medium",
"cve_public_date": "2025-01-13 21:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-22134",
"url": "https://ubuntu.com/security/CVE-2025-22134",
"cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"cve_priority": "medium",
"cve_public_date": "2025-01-13 21:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Heap-buffer-overflow when switching buffers.",
" - debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to",
" src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.",
" - CVE-2025-22134",
""
],
"package": "vim",
"version": "2:8.1.2269-1ubuntu5.30",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [],
"author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
"date": "Mon, 20 Jan 2025 10:26:30 -0330"
}
],
"notes": null
},
{
"name": "xfsprogs",
"from_version": {
"source_package_name": "xfsprogs",
"source_package_version": "5.3.0-1ubuntu2",
"version": "5.3.0-1ubuntu2"
},
"to_version": {
"source_package_name": "xfsprogs",
"source_package_version": "5.3.0-1ubuntu2.1",
"version": "5.3.0-1ubuntu2.1"
},
"cves": [],
"launchpad_bugs_fixed": [
2081163
],
"changes": [
{
"cves": [],
"log": [
"",
" * Backport from upstream:",
" - fix fsck.xfs run by different shells when fsck.mode=force is set",
" (LP: #2081163).",
""
],
"package": "xfsprogs",
"version": "5.3.0-1ubuntu2.1",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [
2081163
],
"author": "Gerald Yang <gerald.yang@canonical.com>",
"date": "Thu, 17 Oct 2024 05:32:23 +0000"
}
],
"notes": null
},
{
"name": "xxd",
"from_version": {
"source_package_name": "vim",
"source_package_version": "2:8.1.2269-1ubuntu5.29",
"version": "2:8.1.2269-1ubuntu5.29"
},
"to_version": {
"source_package_name": "vim",
"source_package_version": "2:8.1.2269-1ubuntu5.30",
"version": "2:8.1.2269-1ubuntu5.30"
},
"cves": [
{
"cve": "CVE-2025-22134",
"url": "https://ubuntu.com/security/CVE-2025-22134",
"cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"cve_priority": "medium",
"cve_public_date": "2025-01-13 21:15:00 UTC"
}
],
"launchpad_bugs_fixed": [],
"changes": [
{
"cves": [
{
"cve": "CVE-2025-22134",
"url": "https://ubuntu.com/security/CVE-2025-22134",
"cve_description": "When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003",
"cve_priority": "medium",
"cve_public_date": "2025-01-13 21:15:00 UTC"
}
],
"log": [
"",
" * SECURITY UPDATE: Heap-buffer-overflow when switching buffers.",
" - debian/patches/CVE-2025-22134.patch: Add reset_VIsual_and_resel() to",
" src/arglist.c. Add ptrlen checks in src/misc1.c and src/ops.c.",
" - CVE-2025-22134",
""
],
"package": "vim",
"version": "2:8.1.2269-1ubuntu5.30",
"urgency": "medium",
"distributions": "focal-security",
"launchpad_bugs_fixed": [],
"author": "Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com>",
"date": "Mon, 20 Jan 2025 10:26:30 -0330"
}
],
"notes": null
}
],
"snap": [
{
"name": "snapd",
"from_version": {
"source_package_name": null,
"source_package_version": null,
"version": "23263"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": "23549"
}
}
]
},
"added": {
"deb": [
{
"name": "linux-headers-5.4.0-205",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-205.225",
"version": "5.4.0-205.225"
},
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2093621,
2078659
],
"changes": [
{
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * focal/linux: 5.4.0-205.225 -proposed tracker (LP: #2093621)",
"",
" * Hold IOPOLL locks when triggering io_uring's deferred work (LP: #2078659) //",
" CVE-2023-21400",
" - io_uring: remove extra check in __io_commit_cqring",
" - io_uring: dont kill fasync under completion_lock",
" - io_uring: ensure IOPOLL locks around deferred work",
"",
" * CVE-2024-40967",
" - iopoll: introduce read_poll_timeout macro",
" - iopoll: Introduce read_poll_timeout_atomic macro",
" - serial: imx: Introduce timeout when waiting on transmitter empty",
"",
" * CVE-2024-53164",
" - net: sched: fix ordering of qlen adjustment",
"",
" * CVE-2024-53141",
" - netfilter: ipset: add missing range check in bitmap_ip_uadt",
"",
" * CVE-2024-53103",
" - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer",
""
],
"package": "linux",
"version": "5.4.0-205.225",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [
2093621,
2078659
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:28:21 +0100"
}
],
"notes": "linux-headers-5.4.0-205 version '5.4.0-205.225' (source package linux version '5.4.0-205.225') was added. linux-headers-5.4.0-205 version '5.4.0-205.225' has the same source package name, linux, as removed package linux-headers-5.4.0-204. As such we can use the source package version of the removed package, '5.4.0-204.224', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
},
{
"name": "linux-headers-5.4.0-205-generic",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-205.225",
"version": "5.4.0-205.225"
},
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2093621,
2078659
],
"changes": [
{
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * focal/linux: 5.4.0-205.225 -proposed tracker (LP: #2093621)",
"",
" * Hold IOPOLL locks when triggering io_uring's deferred work (LP: #2078659) //",
" CVE-2023-21400",
" - io_uring: remove extra check in __io_commit_cqring",
" - io_uring: dont kill fasync under completion_lock",
" - io_uring: ensure IOPOLL locks around deferred work",
"",
" * CVE-2024-40967",
" - iopoll: introduce read_poll_timeout macro",
" - iopoll: Introduce read_poll_timeout_atomic macro",
" - serial: imx: Introduce timeout when waiting on transmitter empty",
"",
" * CVE-2024-53164",
" - net: sched: fix ordering of qlen adjustment",
"",
" * CVE-2024-53141",
" - netfilter: ipset: add missing range check in bitmap_ip_uadt",
"",
" * CVE-2024-53103",
" - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer",
""
],
"package": "linux",
"version": "5.4.0-205.225",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [
2093621,
2078659
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:28:21 +0100"
}
],
"notes": "linux-headers-5.4.0-205-generic version '5.4.0-205.225' (source package linux version '5.4.0-205.225') was added. linux-headers-5.4.0-205-generic version '5.4.0-205.225' has the same source package name, linux, as removed package linux-headers-5.4.0-204. As such we can use the source package version of the removed package, '5.4.0-204.224', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
},
{
"name": "linux-image-5.4.0-205-generic",
"from_version": {
"source_package_name": "linux-signed",
"source_package_version": "5.4.0-204.224",
"version": null
},
"to_version": {
"source_package_name": "linux-signed",
"source_package_version": "5.4.0-205.225",
"version": "5.4.0-205.225"
},
"cves": [],
"launchpad_bugs_fixed": [
1786013
],
"changes": [
{
"cves": [],
"log": [
"",
" * Main version: 5.4.0-205.225",
"",
" * Packaging resync (LP: #1786013)",
" - [Packaging] debian/tracking-bug -- resync from main package",
""
],
"package": "linux-signed",
"version": "5.4.0-205.225",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [
1786013
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:40:44 +0100"
}
],
"notes": "linux-image-5.4.0-205-generic version '5.4.0-205.225' (source package linux-signed version '5.4.0-205.225') was added. linux-image-5.4.0-205-generic version '5.4.0-205.225' has the same source package name, linux-signed, as removed package linux-image-5.4.0-204-generic. As such we can use the source package version of the removed package, '5.4.0-204.224', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
},
{
"name": "linux-modules-5.4.0-205-generic",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": null
},
"to_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-205.225",
"version": "5.4.0-205.225"
},
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"launchpad_bugs_fixed": [
2093621,
2078659
],
"changes": [
{
"cves": [
{
"cve": "CVE-2023-21400",
"url": "https://ubuntu.com/security/CVE-2023-21400",
"cve_description": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.",
"cve_priority": "high",
"cve_public_date": "2023-07-13 00:15:00 UTC"
},
{
"cve": "CVE-2024-40967",
"url": "https://ubuntu.com/security/CVE-2024-40967",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue.",
"cve_priority": "medium",
"cve_public_date": "2024-07-12 13:15:00 UTC"
},
{
"cve": "CVE-2024-53164",
"url": "https://ubuntu.com/security/CVE-2024-53164",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty.",
"cve_priority": "medium",
"cve_public_date": "2024-12-27 14:15:00 UTC"
},
{
"cve": "CVE-2024-53141",
"url": "https://ubuntu.com/security/CVE-2024-53141",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks.",
"cve_priority": "medium",
"cve_public_date": "2024-12-06 10:15:00 UTC"
},
{
"cve": "CVE-2024-53103",
"url": "https://ubuntu.com/security/CVE-2024-53103",
"cve_description": "In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL.",
"cve_priority": "high",
"cve_public_date": "2024-12-02 08:15:00 UTC"
}
],
"log": [
"",
" * focal/linux: 5.4.0-205.225 -proposed tracker (LP: #2093621)",
"",
" * Hold IOPOLL locks when triggering io_uring's deferred work (LP: #2078659) //",
" CVE-2023-21400",
" - io_uring: remove extra check in __io_commit_cqring",
" - io_uring: dont kill fasync under completion_lock",
" - io_uring: ensure IOPOLL locks around deferred work",
"",
" * CVE-2024-40967",
" - iopoll: introduce read_poll_timeout macro",
" - iopoll: Introduce read_poll_timeout_atomic macro",
" - serial: imx: Introduce timeout when waiting on transmitter empty",
"",
" * CVE-2024-53164",
" - net: sched: fix ordering of qlen adjustment",
"",
" * CVE-2024-53141",
" - netfilter: ipset: add missing range check in bitmap_ip_uadt",
"",
" * CVE-2024-53103",
" - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer",
""
],
"package": "linux",
"version": "5.4.0-205.225",
"urgency": "medium",
"distributions": "focal",
"launchpad_bugs_fixed": [
2093621,
2078659
],
"author": "Manuel Diewald <manuel.diewald@canonical.com>",
"date": "Fri, 10 Jan 2025 22:28:21 +0100"
}
],
"notes": "linux-modules-5.4.0-205-generic version '5.4.0-205.225' (source package linux version '5.4.0-205.225') was added. linux-modules-5.4.0-205-generic version '5.4.0-205.225' has the same source package name, linux, as removed package linux-headers-5.4.0-204. As such we can use the source package version of the removed package, '5.4.0-204.224', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package."
}
],
"snap": []
},
"removed": {
"deb": [
{
"name": "linux-headers-5.4.0-204",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": "5.4.0-204.224"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null
},
{
"name": "linux-headers-5.4.0-204-generic",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": "5.4.0-204.224"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null
},
{
"name": "linux-image-5.4.0-204-generic",
"from_version": {
"source_package_name": "linux-signed",
"source_package_version": "5.4.0-204.224",
"version": "5.4.0-204.224"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null
},
{
"name": "linux-modules-5.4.0-204-generic",
"from_version": {
"source_package_name": "linux",
"source_package_version": "5.4.0-204.224",
"version": "5.4.0-204.224"
},
"to_version": {
"source_package_name": null,
"source_package_version": null,
"version": null
},
"cves": [],
"launchpad_bugs_fixed": [],
"changes": [],
"notes": null
}
],
"snap": []
},
"notes": "Changelog diff for Ubuntu 20.04 focal image from release image serial 20250109 to 20250127",
"from_series": "focal",
"to_series": "focal",
"from_serial": "20250109",
"to_serial": "20250127",
"from_manifest_filename": "release_manifest.previous",
"to_manifest_filename": "manifest.current"
}