⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.77
Server IP:
13.127.59.50
Server:
Linux ip-172-31-46-210 5.15.0-1033-aws #37~20.04.1-Ubuntu SMP Fri Mar 17 11:39:30 UTC 2023 x86_64
Server Software:
Apache/2.4.41 (Ubuntu)
PHP Version:
7.4.3-4ubuntu2.29
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
snap
/
core22
/
current
/
usr
/
share
/
doc
/
View File Name :
ChangeLog
28/05/2025, commit https://git.launchpad.net/snap-core22/tree/7c3b8a59559a1d01f35830501a6ef478213ae767 [ Changes in the core22 snap ] No detected changes for the core22 snap [ Changes in primed packages ] distro-info-data (built from distro-info-data) updated from 0.52ubuntu0.8 to 0.52ubuntu0.9: distro-info-data (0.52ubuntu0.9) jammy; urgency=medium * Add Ubuntu 25.10 "Questing Quokka" (LP: #2107391) * Add Debian 15 "Duke" -- Benjamin Drung <bdrung@ubuntu.com> Wed, 23 Apr 2025 12:00:31 +0200 libglib2.0-0:amd64 (built from glib2.0) updated from 2.72.4-0ubuntu2.4 to 2.72.4-0ubuntu2.5: glib2.0 (2.72.4-0ubuntu2.5) jammy-security; urgency=medium * SECURITY UPDATE: Integer Overflow - debian/patches/CVE-2025-4373-1.patch: carefully handle gssize in glib/gstring.c. - debian/patches/CVE-2025-4373-2.patch: make len_unsigned unsigned in glib/gstring.c - CVE-2025-4373 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Mon, 12 May 2025 05:34:39 -0300 libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.35-0ubuntu3.9 to 2.35-0ubuntu3.10: glibc (2.35-0ubuntu3.10) jammy-security; urgency=medium * SECURITY UPDATE: privelege escalation issue - debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static - CVE-2025-4802 -- Nishit Majithia <nishit.majithia@canonical.com> Mon, 26 May 2025 12:55:00 +0530 libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.19.2-2ubuntu0.6 to 1.19.2-2ubuntu0.7: krb5 (1.19.2-2ubuntu0.7) jammy-security; urgency=medium * SECURITY UPDATE: Use of weak cryptographic hash. - debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options. Disallow usage of des3 and rc4 unless allowed in the config. Replace warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage of deprecated enctypes in ./src/kdc/kdc_util.c. - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c. - CVE-2025-3576 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 15 May 2025 12:06:20 +0200 opensc, opensc-pkcs11:amd64 (built from opensc) updated from 0.22.0-1ubuntu2 to 0.22.0-1ubuntu2.1+esm1: opensc (0.22.0-1ubuntu2.1+esm1) jammy-security; urgency=medium * SECURITY UPDATE: PIN Bypass - debian/patches/CVE-2023-40660-1.patch: Fixed PIN authentication bypass - debian/patches/CVE-2023-40660-2.patch: pkcs15init: Check login status before asking for a pin overflow during keygen - CVE-2023-40660 * SECURITY UPDATE: Compromised card operations - debian/patches/CVE-2023-40661-1.patch: pkcs15: Avoid buffer overflow when getting last update - debian/patches/CVE-2023-40661-2.patch: setcos: Avoid buffer underflow - debian/patches/CVE-2023-40661-3.patch: setcos: Avoid writing behind the path buffer end - debian/patches/CVE-2023-40661-4.patch: oberthur: Avoid buffer overflow - debian/patches/CVE-2023-40661-5-pre1.patch: pkcs15-pubkey: free DER value when parsing public key fails - debian/patches/CVE-2023-40661-5.patch: pkcs15-pubkey.c: Avoid double-free - debian/patches/CVE-2023-40661-6.patch: pkcs15-cflex: check path length to prevent underflow - debian/patches/CVE-2023-40661-7.patch: Check length of string before making copy - debian/patches/CVE-2023-40661-8.patch: Check array bounds - debian/patches/CVE-2023-40661-9.patch: sc_pkcs15init_rmdir: prevent out of bounds write - debian/patches/CVE-2023-40661-10.patch: epass2003: Avoid heap buffer overflow - debian/patches/CVE-2023-40661-11.patch: iasecc: Avoid another buffer overflow - debian/patches/CVE-2023-40661-12-pre1.patch: iassecc: Verify buffer lengths before use - debian/patches/CVE-2023-40661-12.patch: iasecc: Avoid buffer overflow with invalid data - debian/patches/CVE-2023-40661-13.patch: iasecc: Check length of data when parsing crt - debian/patches/CVE-2023-40661-14-pre1.patch: card-entersafe.c: Free modulus buffer in case of error - debian/patches/CVE-2023-40661-14.patch: entersafe: Avoid buffer - CVE-2023-40661 * SECURITY UPDATE: Information leak - debian/patches/CVE-2023-5992-1.patch: Reimplement removing of PKCS#1 v1.5 padding to be time constant - debian/patches/CVE-2023-5992-2.patch: Add unit tests for PKCS#1 v1.5 de-padding - debian/patches/CVE-2023-5992-3.patch: pkcs15-sec: Remove logging after PKCS#1 v1.5 depadding - debian/patches/CVE-2023-5992-4.patch: framework-pkcs15.c: Handle PKCS#1 v1.5 depadding constant-time - debian/patches/CVE-2023-5992-5.patch: mechanism: Handle PKCS#1 v1.5 depadding constant-time - debian/patches/CVE-2023-5992-6.patch: minidriver: Make CardRSADecrypt constant-time - debian/patches/CVE-2023-5992-7.patch: pkcs11-object: Remove return value logging - debian/patches/CVE-2023-5992-8.patch: misc: Compare return value constant-time - debian/patches/CVE-2023-5992-9.patch: unittests: Do not use uninitialized memory - debian/patches/CVE-2023-5992-10.patch: Fix constant-time comparison of negative values - CVE-2023-5992 * SECURITY UPDATE: Missing variable initialization - debian/patches/CVE-2024-45615-1.patch: Fix uninitialized values - debian/patches/CVE-2024-45615-2.patch: Initialize variables for tag and CLA - debian/patches/CVE-2024-45615-3.patch: Initialize OID length - debian/patches/CVE-2024-45615-4.patch: Initialize variables for tag and CLA - debian/patches/CVE-2024-45615-5.patch: Avoid using uninitialized memory - debian/patches/CVE-2024-45617-1.patch: Check return value when selecting AID - debian/patches/CVE-2024-45617-2.patch: Return error when response length is 0 - debian/patches/CVE-2024-45617-3.patch: Check number of read bytes - debian/patches/CVE-2024-45618-1.patch: Check return value of serial num conversion - debian/patches/CVE-2024-45618-2.patch: Report transport key error - CVE-2024-45615 - CVE-2024-45617 - CVE-2024-45618 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2023-2977.patch: pkcs15init: correct left length calculation to fix buffer overrun bug - debian/patches/CVE-2024-45616-1.patch: Fix uninitialized values - debian/patches/CVE-2024-45616-2.patch: Check length of APDU response - debian/patches/CVE-2024-45616-3.patch: Correctly calculate certificate length based on the resplen - debian/patches/CVE-2024-45616-4.patch: Check length of serial number - debian/patches/CVE-2024-45616-5.patch: Use actual length of reponse buffer - debian/patches/CVE-2024-45616-6.patch: Check length of response buffer in select - debian/patches/CVE-2024-45616-7.patch: Check APDU response length and ASN1 lengths - debian/patches/CVE-2024-45616-8.patch: Report invalid SW when reading object - debian/patches/CVE-2024-45616-9.patch: Avoid using uninitialized memory - debian/patches/CVE-2024-45616-10.patch: Check length of serial number - debian/patches/CVE-2024-45619-1.patch: Check number of read bytes for cert - debian/patches/CVE-2024-45619-2.patch: Check certificate length before accessing - debian/patches/CVE-2024-45619-3.patch: Check length of buffer for object - debian/patches/CVE-2024-45619-4.patch: Check length of generated key - debian/patches/CVE-2024-45619-5.patch: Properly check length of file list - debian/patches/CVE-2024-45619-6.patch: Check length of buffer before conversion - debian/patches/CVE-2024-45620-1.patch: Check length of file to be non-zero - debian/patches/CVE-2024-45620-2.patch: Check length of data before dereferencing - debian/patches/CVE-2024-45620-3.patch: Check length of data when parsing - debian/patches/CVE-2024-8443-1.patch: Avoid buffer overflow when writing fingerprint - debian/patches/CVE-2024-8443-2.patch: Do not accept non-matching key responses - CVE-2023-2977 - CVE-2024-45616 - CVE-2024-45619 - CVE-2024-45620 - CVE-2024-8443 -- John Breton <john.breton@canonical.com> Mon, 12 May 2025 14:47:51 +0200 opensc (0.22.0-1ubuntu2.1) jammy; urgency=medium * Include the openssl legacy provider in pkcs11-tool to support RIPEMD160 in openssl 3.0 in jammy. (LP: #2106434) - d/p/lp2106434-pkcs11-tool-load-legacy-provider-for-RIPEMD160.patch -- Wesley Hershberger <wesley.hershberger@canonical.com> Mon, 07 Apr 2025 11:00:03 -0500 libsqlite3-0:amd64 (built from sqlite3) updated from 3.37.2-2ubuntu0.3 to 3.37.2-2ubuntu0.4: sqlite3 (3.37.2-2ubuntu0.4) jammy-security; urgency=medium * SECURITY UPDATE: DoS via sqlite3_db_config arguments - debian/patches/CVE-2025-29088.patch: harden SQLITE_DBCONFIG_LOOKASIDE interface against misuse in src/main.c, src/sqlite.h.in. - CVE-2025-29088 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 29 Apr 2025 12:38:50 -0400 tzdata (built from tzdata) updated from 2025b-0ubuntu0.22.04 to 2025b-0ubuntu0.22.04.1: tzdata (2025b-0ubuntu0.22.04.1) jammy; urgency=medium * Update the ICU timezone data to 2025b (LP: #2107950) * Add autopkgtest test case for ICU timezone data 2025b -- Benjamin Drung <bdrung@ubuntu.com> Tue, 22 Apr 2025 12:15:59 +0200