{ "summary": { "snap": { "added": [], "removed": [], "diff": [ "core20", "lxd" ] }, "deb": { "added": [ "linux-headers-5.15.0-171", "linux-headers-5.15.0-171-generic-lpae", "linux-image-5.15.0-171-generic-lpae", "linux-modules-5.15.0-171-generic-lpae" ], "removed": [ "linux-headers-5.15.0-170", "linux-headers-5.15.0-170-generic-lpae", "linux-image-5.15.0-170-generic-lpae", "linux-modules-5.15.0-170-generic-lpae" ], "diff": [ "curl", "gcc-12-base:armhf", "git", "git-man", "libcurl3-gnutls:armhf", "libcurl4:armhf", "libgcc-s1:armhf", "libssh-4:armhf", "libstdc++6:armhf", "linux-generic-lpae", "linux-headers-generic-lpae", "linux-image-generic-lpae", "u-boot-tools" ] } }, "diff": { "deb": [ { "name": "curl", "from_version": { "source_package_name": "curl", "source_package_version": "7.81.0-1ubuntu1.21", "version": "7.81.0-1ubuntu1.21" }, "to_version": { "source_package_name": "curl", "source_package_version": "7.81.0-1ubuntu1.22", "version": "7.81.0-1ubuntu1.22" }, "cves": [ { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: multi-threaded TSL options leak", " - debian/patches/CVE-2025-14017.patch: call ldap_init() before", " setting the options in lib/ldap.c", " - CVE-2025-14017", " * SECURITY UPDATE: bearer token leak on cross-protocol redirect", " - debian/patches/CVE-2025-14524.patch: if redirected,", " require permission to use bearer in lib/curl_sasl.c", " - CVE-2025-14524", " * SECURITY UPDATE: ssh known_hosts validation bypass", " - debian/patches/CVE-2025-15079.patch: set both knownhosts", " options to the same file in lib/vssh/libssh.c", " - CVE-2025-15079", " * SECURITY UPDATE: improper local ssh agent authentication", " - debian/patches/CVE-2025-15224.patch: require private key", " or user-agent for public key auth in lib/vssh/libssh.c", " - CVE-2025-15224", "" ], "package": "curl", "version": "7.81.0-1ubuntu1.22", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Elise Hlady ", "date": "Wed, 18 Feb 2026 13:33:48 -0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "gcc-12-base:armhf", "from_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.2", "version": "12.3.0-1ubuntu1~22.04.2" }, "to_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.3", "version": "12.3.0-1ubuntu1~22.04.3" }, "cves": [], "launchpad_bugs_fixed": [ 2101084 ], "changes": [ { "cves": [], "log": [ "", " * d/p/pr118976.diff: Fix memory corruption when executing 256-bit", " Scalable Vector Extensions code on 128-bit CPUs (LP: #2101084).", "" ], "package": "gcc-12", "version": "12.3.0-1ubuntu1~22.04.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2101084 ], "author": "Vladimir Petko ", "date": "Sat, 20 Dec 2025 10:52:06 +1300" } ], "notes": null, "is_version_downgrade": false }, { "name": "git", "from_version": { "source_package_name": "git", "source_package_version": "1:2.34.1-1ubuntu1.15", "version": "1:2.34.1-1ubuntu1.15" }, "to_version": { "source_package_name": "git", "source_package_version": "1:2.34.1-1ubuntu1.16", "version": "1:2.34.1-1ubuntu1.16" }, "cves": [ { "cve": "CVE-2022-24765", "url": "https://ubuntu.com/security/CVE-2022-24765", "cve_description": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.", "cve_priority": "medium", "cve_public_date": "2022-04-12 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2142239 ], "changes": [ { "cves": [ { "cve": "CVE-2022-24765", "url": "https://ubuntu.com/security/CVE-2022-24765", "cve_description": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.", "cve_priority": "medium", "cve_public_date": "2022-04-12 18:15:00 UTC" } ], "log": [ "", " * SECURITY REGRESSION: Broken safe.directory access from CVE-2022-24765", " (LP: #2142239)", " - debian/patches/CVE-2022-24765-fix1.patch: Add protected_config,", " read_protected_config, and git_protected_config in config.c, config.h.", " Add upload_pack_protected_config in upload-pack.c. Modify test in", " t/t5544-pack-objects-hook.sh.", " - debian/patches/CVE-2022-24765-fix2.patch: Replace read_very_early_config", " with git_protected_config in setup.c.", "" ], "package": "git", "version": "1:2.34.1-1ubuntu1.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2142239 ], "author": "Hlib Korzhynskyy ", "date": "Thu, 19 Feb 2026 15:15:50 -0330" } ], "notes": null, "is_version_downgrade": false }, { "name": "git-man", "from_version": { "source_package_name": "git", "source_package_version": "1:2.34.1-1ubuntu1.15", "version": "1:2.34.1-1ubuntu1.15" }, "to_version": { "source_package_name": "git", "source_package_version": "1:2.34.1-1ubuntu1.16", "version": "1:2.34.1-1ubuntu1.16" }, "cves": [ { "cve": "CVE-2022-24765", "url": "https://ubuntu.com/security/CVE-2022-24765", "cve_description": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.", "cve_priority": "medium", "cve_public_date": "2022-04-12 18:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2142239 ], "changes": [ { "cves": [ { "cve": "CVE-2022-24765", "url": "https://ubuntu.com/security/CVE-2022-24765", "cve_description": "Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`.", "cve_priority": "medium", "cve_public_date": "2022-04-12 18:15:00 UTC" } ], "log": [ "", " * SECURITY REGRESSION: Broken safe.directory access from CVE-2022-24765", " (LP: #2142239)", " - debian/patches/CVE-2022-24765-fix1.patch: Add protected_config,", " read_protected_config, and git_protected_config in config.c, config.h.", " Add upload_pack_protected_config in upload-pack.c. Modify test in", " t/t5544-pack-objects-hook.sh.", " - debian/patches/CVE-2022-24765-fix2.patch: Replace read_very_early_config", " with git_protected_config in setup.c.", "" ], "package": "git", "version": "1:2.34.1-1ubuntu1.16", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [ 2142239 ], "author": "Hlib Korzhynskyy ", "date": "Thu, 19 Feb 2026 15:15:50 -0330" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcurl3-gnutls:armhf", "from_version": { "source_package_name": "curl", "source_package_version": "7.81.0-1ubuntu1.21", "version": "7.81.0-1ubuntu1.21" }, "to_version": { "source_package_name": "curl", "source_package_version": "7.81.0-1ubuntu1.22", "version": "7.81.0-1ubuntu1.22" }, "cves": [ { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: multi-threaded TSL options leak", " - debian/patches/CVE-2025-14017.patch: call ldap_init() before", " setting the options in lib/ldap.c", " - CVE-2025-14017", " * SECURITY UPDATE: bearer token leak on cross-protocol redirect", " - debian/patches/CVE-2025-14524.patch: if redirected,", " require permission to use bearer in lib/curl_sasl.c", " - CVE-2025-14524", " * SECURITY UPDATE: ssh known_hosts validation bypass", " - debian/patches/CVE-2025-15079.patch: set both knownhosts", " options to the same file in lib/vssh/libssh.c", " - CVE-2025-15079", " * SECURITY UPDATE: improper local ssh agent authentication", " - debian/patches/CVE-2025-15224.patch: require private key", " or user-agent for public key auth in lib/vssh/libssh.c", " - CVE-2025-15224", "" ], "package": "curl", "version": "7.81.0-1ubuntu1.22", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Elise Hlady ", "date": "Wed, 18 Feb 2026 13:33:48 -0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcurl4:armhf", "from_version": { "source_package_name": "curl", "source_package_version": "7.81.0-1ubuntu1.21", "version": "7.81.0-1ubuntu1.21" }, "to_version": { "source_package_name": "curl", "source_package_version": "7.81.0-1ubuntu1.22", "version": "7.81.0-1ubuntu1.22" }, "cves": [ { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: multi-threaded TSL options leak", " - debian/patches/CVE-2025-14017.patch: call ldap_init() before", " setting the options in lib/ldap.c", " - CVE-2025-14017", " * SECURITY UPDATE: bearer token leak on cross-protocol redirect", " - debian/patches/CVE-2025-14524.patch: if redirected,", " require permission to use bearer in lib/curl_sasl.c", " - CVE-2025-14524", " * SECURITY UPDATE: ssh known_hosts validation bypass", " - debian/patches/CVE-2025-15079.patch: set both knownhosts", " options to the same file in lib/vssh/libssh.c", " - CVE-2025-15079", " * SECURITY UPDATE: improper local ssh agent authentication", " - debian/patches/CVE-2025-15224.patch: require private key", " or user-agent for public key auth in lib/vssh/libssh.c", " - CVE-2025-15224", "" ], "package": "curl", "version": "7.81.0-1ubuntu1.22", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Elise Hlady ", "date": "Wed, 18 Feb 2026 13:33:48 -0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgcc-s1:armhf", "from_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.2", "version": "12.3.0-1ubuntu1~22.04.2" }, "to_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.3", "version": "12.3.0-1ubuntu1~22.04.3" }, "cves": [], "launchpad_bugs_fixed": [ 2101084 ], "changes": [ { "cves": [], "log": [ "", " * d/p/pr118976.diff: Fix memory corruption when executing 256-bit", " Scalable Vector Extensions code on 128-bit CPUs (LP: #2101084).", "" ], "package": "gcc-12", "version": "12.3.0-1ubuntu1~22.04.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2101084 ], "author": "Vladimir Petko ", "date": "Sat, 20 Dec 2025 10:52:06 +1300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libssh-4:armhf", "from_version": { "source_package_name": "libssh", "source_package_version": "0.9.6-2ubuntu0.22.04.5", "version": "0.9.6-2ubuntu0.22.04.5" }, "to_version": { "source_package_name": "libssh", "source_package_version": "0.9.6-2ubuntu0.22.04.6", "version": "0.9.6-2ubuntu0.22.04.6" }, "cves": [ { "cve": "CVE-2025-8277", "url": "https://ubuntu.com/security/CVE-2025-8277", "cve_description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "cve_priority": "low", "cve_public_date": "2025-09-09 12:15:00 UTC" }, { "cve": "CVE-2026-0964", "url": "https://ubuntu.com/security/CVE-2026-0964", "cve_description": "[Improper sanitation of paths received from SCP servers]", "cve_priority": "medium", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0965", "url": "https://ubuntu.com/security/CVE-2026-0965", "cve_description": "[Denial of Service via improper configuration file handling]", "cve_priority": "low", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0966", "url": "https://ubuntu.com/security/CVE-2026-0966", "cve_description": "[Buffer underflow in ssh_get_hexa() on invalid input]", "cve_priority": "low", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0967", "url": "https://ubuntu.com/security/CVE-2026-0967", "cve_description": "[Denial of Service via inefficient regular expression processing]", "cve_priority": "medium", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0968", "url": "https://ubuntu.com/security/CVE-2026-0968", "cve_description": "[Denial of Service due to malformed SFTP message]", "cve_priority": "medium", "cve_public_date": "2026-02-13" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-8277", "url": "https://ubuntu.com/security/CVE-2025-8277", "cve_description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "cve_priority": "low", "cve_public_date": "2025-09-09 12:15:00 UTC" }, { "cve": "CVE-2026-0964", "url": "https://ubuntu.com/security/CVE-2026-0964", "cve_description": "[Improper sanitation of paths received from SCP servers]", "cve_priority": "medium", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0965", "url": "https://ubuntu.com/security/CVE-2026-0965", "cve_description": "[Denial of Service via improper configuration file handling]", "cve_priority": "low", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0966", "url": "https://ubuntu.com/security/CVE-2026-0966", "cve_description": "[Buffer underflow in ssh_get_hexa() on invalid input]", "cve_priority": "low", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0967", "url": "https://ubuntu.com/security/CVE-2026-0967", "cve_description": "[Denial of Service via inefficient regular expression processing]", "cve_priority": "medium", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0968", "url": "https://ubuntu.com/security/CVE-2026-0968", "cve_description": "[Denial of Service due to malformed SFTP message]", "cve_priority": "medium", "cve_public_date": "2026-02-13" } ], "log": [ "", " * SECURITY UPDATE: memory leak in key exchange", " - debian/patches/CVE-2025-8277-1.patch: adjust packet filter to work", " when DH-GEX is guessed wrongly in src/packet.c.", " - debian/patches/CVE-2025-8277-2.patch: fix memory leak of unused", " ephemeral key pair after client's wrong KEX guess in src/dh_crypto.c,", " src/dh_key.c, src/ecdh_crypto.c, src/ecdh_gcrypt.c,", " src/ecdh_mbedcrypto.c.", " - debian/patches/CVE-2025-8277-3.patch: free previously allocated", " pubkeys in src/ecdh_crypto.c, src/ecdh_gcrypt.c.", " - debian/patches/CVE-2025-8277-4.patch: avoid leaking ecdh keys in", " src/ecdh_mbedcrypto.c, src/wrapper.c.", " - CVE-2025-8277", " * SECURITY UPDATE: Improper sanitation of paths received from SCP servers", " - debian/patches/CVE-2026-0964.patch: reject invalid paths received", " through scp in src/scp.c.", " - CVE-2026-0964", " * SECURITY UPDATE: DoS via improper configuration file handling", " - debian/patches/CVE-2026-0965.patch: do not attempt to read", " non-regular and too large configuration files in", " include/libssh/misc.h, include/libssh/priv.h, src/bind_config.c,", " src/config.c, src/dh-gex.c, src/known_hosts.c, src/knownhosts.c,", " src/misc.c, tests/unittests/torture_config.c.", " - CVE-2026-0965", " * SECURITY UPDATE: Buffer underflow in ssh_get_hexa() on invalid input", " - debian/patches/CVE-2026-0966-1.patch: avoid heap buffer underflow in", " ssh_get_hexa in src/misc.c.", " - debian/patches/CVE-2026-0966-2.patch: test coverage for ssh_get_hexa", " in tests/unittests/torture_misc.c.", " - debian/patches/CVE-2026-0966-3.patch: update guided tour to use", " SHA256 fingerprints in doc/guided_tour.dox.", " - CVE-2026-0966", " * SECURITY UPDATE: DoS via inefficient regular expression processing", " - debian/patches/CVE-2026-0967.patch: avoid recursive matching (ReDoS)", " in src/match.c, tests/unittests/torture_config.c.", " - CVE-2026-0967", " * SECURITY UPDATE: DoS due to malformed SFTP message", " - debian/patches/CVE-2026-0968-1.patch: sanitize input handling in", " sftp_parse_longname() in src/sftp.c.", " - debian/patches/CVE-2026-0968-2.patch: reproducer for invalid longname", " data in tests/unittests/CMakeLists.txt,", " tests/unittests/torture_unit_sftp.c.", " - CVE-2026-0968", "" ], "package": "libssh", "version": "0.9.6-2ubuntu0.22.04.6", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Feb 2026 10:22:49 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libstdc++6:armhf", "from_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.2", "version": "12.3.0-1ubuntu1~22.04.2" }, "to_version": { "source_package_name": "gcc-12", "source_package_version": "12.3.0-1ubuntu1~22.04.3", "version": "12.3.0-1ubuntu1~22.04.3" }, "cves": [], "launchpad_bugs_fixed": [ 2101084 ], "changes": [ { "cves": [], "log": [ "", " * d/p/pr118976.diff: Fix memory corruption when executing 256-bit", " Scalable Vector Extensions code on 128-bit CPUs (LP: #2101084).", "" ], "package": "gcc-12", "version": "12.3.0-1ubuntu1~22.04.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2101084 ], "author": "Vladimir Petko ", "date": "Sat, 20 Dec 2025 10:52:06 +1300" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-generic-lpae", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.170.159", "version": "5.15.0.170.159" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.171.160", "version": "5.15.0.171.160" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-171", "" ], "package": "linux-meta", "version": "5.15.0.171.160", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 20:13:01 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-generic-lpae", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.170.159", "version": "5.15.0.170.159" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.171.160", "version": "5.15.0.171.160" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-171", "" ], "package": "linux-meta", "version": "5.15.0.171.160", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 20:13:01 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-generic-lpae", "from_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.170.159", "version": "5.15.0.170.159" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "5.15.0.171.160", "version": "5.15.0.171.160" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Bump ABI 5.15.0-171", "" ], "package": "linux-meta", "version": "5.15.0.171.160", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 20:13:01 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "u-boot-tools", "from_version": { "source_package_name": "u-boot", "source_package_version": "2022.01+dfsg-2ubuntu2.6", "version": "2022.01+dfsg-2ubuntu2.6" }, "to_version": { "source_package_name": "u-boot", "source_package_version": "2022.01+dfsg-2ubuntu2.7", "version": "2022.01+dfsg-2ubuntu2.7" }, "cves": [ { "cve": "CVE-2024-57254", "url": "https://ubuntu.com/security/CVE-2024-57254", "cve_description": "An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57255", "url": "https://ubuntu.com/security/CVE-2024-57255", "cve_description": "An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57256", "url": "https://ubuntu.com/security/CVE-2024-57256", "cve_description": "An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57257", "url": "https://ubuntu.com/security/CVE-2024-57257", "cve_description": "A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57258", "url": "https://ubuntu.com/security/CVE-2024-57258", "cve_description": "Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57259", "url": "https://ubuntu.com/security/CVE-2024-57259", "cve_description": "sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-57254", "url": "https://ubuntu.com/security/CVE-2024-57254", "cve_description": "An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57255", "url": "https://ubuntu.com/security/CVE-2024-57255", "cve_description": "An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57256", "url": "https://ubuntu.com/security/CVE-2024-57256", "cve_description": "An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57257", "url": "https://ubuntu.com/security/CVE-2024-57257", "cve_description": "A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57258", "url": "https://ubuntu.com/security/CVE-2024-57258", "cve_description": "Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57259", "url": "https://ubuntu.com/security/CVE-2024-57259", "cve_description": "sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Integer overflow in sqfs_inode_size", " - debian/patches/CVE-2024-57254.patch: check for overflow in", " fs/squashfs/sqfs_inode.c.", " - CVE-2024-57254", " * SECURITY UPDATE: Integer overflow in sqfs_resolve_symlink", " - debian/patches/CVE-2024-57255.patch: check for overflow in", " fs/squashfs/sqfs.c.", " - CVE-2024-57255", " * SECURITY UPDATE: Integer overflow in ext4fs_read_symlink", " - debian/patches/CVE-2024-57256.patch: check for overflow in", " fs/ext4/ext4_common.c.", " - CVE-2024-57256", " * SECURITY UPDATE: Stack consumption issue in sqfs_size", " - debian/patches/CVE-2024-57257.patch: limit nesting levels in", " fs/squashfs/sqfs.c.", " - CVE-2024-57257", " * SECURITY UPDATE: Integer overflows in memory allocation", " - debian/patches/CVE-2024-57258-1.patch: fix ptrdiff_t in", " arch/x86/include/asm/posix_types.h.", " - debian/patches/CVE-2024-57258-2.patch: fix overflow check in", " common/dlmalloc.c.", " - debian/patches/CVE-2024-57258-3.patch: make sure that the new break", " is within mem_malloc_start and mem_malloc_end before making progress", " in common/dlmalloc.c.", " - CVE-2024-57258", " * SECURITY UPDATE: Heap memory corruption in sqfs_search_dir", " - debian/patches/CVE-2024-57259.patch: fix off-by-one in", " fs/squashfs/sqfs.c.", " - CVE-2024-57259", "" ], "package": "u-boot", "version": "2022.01+dfsg-2ubuntu2.7", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Feb 2026 13:08:14 -0500" } ], "notes": null, "is_version_downgrade": false } ], "snap": [ { "name": "core20", "from_version": { "source_package_name": null, "source_package_version": null, "version": "2689" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": "2718" } }, { "name": "lxd", "from_version": { "source_package_name": null, "source_package_version": null, "version": "36926" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": "37979" } } ] }, "added": { "deb": [ { "name": "linux-headers-5.15.0-171", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-170.180", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.15.0-171.181", "version": "5.15.0-171.181" }, "cves": [ { "cve": "CVE-2022-49267", "url": "https://ubuntu.com/security/CVE-2022-49267", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.", "cve_priority": "medium", "cve_public_date": "2025-02-26 07:01:00 UTC" }, { "cve": "CVE-2025-21780", "url": "https://ubuntu.com/security/CVE-2025-21780", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table().", "cve_priority": "high", "cve_public_date": "2025-02-27 03:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2140905 ], "changes": [ { "cves": [ { "cve": "CVE-2022-49267", "url": "https://ubuntu.com/security/CVE-2022-49267", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.", "cve_priority": "medium", "cve_public_date": "2025-02-26 07:01:00 UTC" }, { "cve": "CVE-2025-21780", "url": "https://ubuntu.com/security/CVE-2025-21780", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table().", "cve_priority": "high", "cve_public_date": "2025-02-27 03:15:00 UTC" } ], "log": [ "", " * jammy/linux: 5.15.0-171.181 -proposed tracker (LP: #2140905)", "", " * CVE-2022-49267", " - mmc: core: use sysfs_emit() instead of sprintf()", "", " * CVE-2025-21780", " - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()", "" ], "package": "linux", "version": "5.15.0-171.181", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2140905 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 21:15:39 +0100" } ], "notes": "linux-headers-5.15.0-171 version '5.15.0-171.181' (source package linux version '5.15.0-171.181') was added. linux-headers-5.15.0-171 version '5.15.0-171.181' has the same source package name, linux, as removed package linux-headers-5.15.0-170. As such we can use the source package version of the removed package, '5.15.0-170.180', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-headers-5.15.0-171-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-170.180", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.15.0-171.181", "version": "5.15.0-171.181" }, "cves": [ { "cve": "CVE-2022-49267", "url": "https://ubuntu.com/security/CVE-2022-49267", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.", "cve_priority": "medium", "cve_public_date": "2025-02-26 07:01:00 UTC" }, { "cve": "CVE-2025-21780", "url": "https://ubuntu.com/security/CVE-2025-21780", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table().", "cve_priority": "high", "cve_public_date": "2025-02-27 03:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2140905 ], "changes": [ { "cves": [ { "cve": "CVE-2022-49267", "url": "https://ubuntu.com/security/CVE-2022-49267", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.", "cve_priority": "medium", "cve_public_date": "2025-02-26 07:01:00 UTC" }, { "cve": "CVE-2025-21780", "url": "https://ubuntu.com/security/CVE-2025-21780", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table().", "cve_priority": "high", "cve_public_date": "2025-02-27 03:15:00 UTC" } ], "log": [ "", " * jammy/linux: 5.15.0-171.181 -proposed tracker (LP: #2140905)", "", " * CVE-2022-49267", " - mmc: core: use sysfs_emit() instead of sprintf()", "", " * CVE-2025-21780", " - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()", "" ], "package": "linux", "version": "5.15.0-171.181", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2140905 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 21:15:39 +0100" } ], "notes": "linux-headers-5.15.0-171-generic-lpae version '5.15.0-171.181' (source package linux version '5.15.0-171.181') was added. linux-headers-5.15.0-171-generic-lpae version '5.15.0-171.181' has the same source package name, linux, as removed package linux-headers-5.15.0-170. As such we can use the source package version of the removed package, '5.15.0-170.180', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-image-5.15.0-171-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-170.180", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.15.0-171.181", "version": "5.15.0-171.181" }, "cves": [ { "cve": "CVE-2022-49267", "url": "https://ubuntu.com/security/CVE-2022-49267", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.", "cve_priority": "medium", "cve_public_date": "2025-02-26 07:01:00 UTC" }, { "cve": "CVE-2025-21780", "url": "https://ubuntu.com/security/CVE-2025-21780", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table().", "cve_priority": "high", "cve_public_date": "2025-02-27 03:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2140905 ], "changes": [ { "cves": [ { "cve": "CVE-2022-49267", "url": "https://ubuntu.com/security/CVE-2022-49267", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.", "cve_priority": "medium", "cve_public_date": "2025-02-26 07:01:00 UTC" }, { "cve": "CVE-2025-21780", "url": "https://ubuntu.com/security/CVE-2025-21780", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table().", "cve_priority": "high", "cve_public_date": "2025-02-27 03:15:00 UTC" } ], "log": [ "", " * jammy/linux: 5.15.0-171.181 -proposed tracker (LP: #2140905)", "", " * CVE-2022-49267", " - mmc: core: use sysfs_emit() instead of sprintf()", "", " * CVE-2025-21780", " - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()", "" ], "package": "linux", "version": "5.15.0-171.181", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2140905 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 21:15:39 +0100" } ], "notes": "linux-image-5.15.0-171-generic-lpae version '5.15.0-171.181' (source package linux version '5.15.0-171.181') was added. linux-image-5.15.0-171-generic-lpae version '5.15.0-171.181' has the same source package name, linux, as removed package linux-headers-5.15.0-170. As such we can use the source package version of the removed package, '5.15.0-170.180', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-5.15.0-171-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-170.180", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "5.15.0-171.181", "version": "5.15.0-171.181" }, "cves": [ { "cve": "CVE-2022-49267", "url": "https://ubuntu.com/security/CVE-2022-49267", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.", "cve_priority": "medium", "cve_public_date": "2025-02-26 07:01:00 UTC" }, { "cve": "CVE-2025-21780", "url": "https://ubuntu.com/security/CVE-2025-21780", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table().", "cve_priority": "high", "cve_public_date": "2025-02-27 03:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2140905 ], "changes": [ { "cves": [ { "cve": "CVE-2022-49267", "url": "https://ubuntu.com/security/CVE-2022-49267", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool.", "cve_priority": "medium", "cve_public_date": "2025-02-26 07:01:00 UTC" }, { "cve": "CVE-2025-21780", "url": "https://ubuntu.com/security/CVE-2025-21780", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set_pp_table().", "cve_priority": "high", "cve_public_date": "2025-02-27 03:15:00 UTC" } ], "log": [ "", " * jammy/linux: 5.15.0-171.181 -proposed tracker (LP: #2140905)", "", " * CVE-2022-49267", " - mmc: core: use sysfs_emit() instead of sprintf()", "", " * CVE-2025-21780", " - drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()", "" ], "package": "linux", "version": "5.15.0-171.181", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2140905 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 21:15:39 +0100" } ], "notes": "linux-modules-5.15.0-171-generic-lpae version '5.15.0-171.181' (source package linux version '5.15.0-171.181') was added. linux-modules-5.15.0-171-generic-lpae version '5.15.0-171.181' has the same source package name, linux, as removed package linux-headers-5.15.0-170. As such we can use the source package version of the removed package, '5.15.0-170.180', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-5.15.0-170", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-170.180", "version": "5.15.0-170.180" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-5.15.0-170-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-170.180", "version": "5.15.0-170.180" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-5.15.0-170-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-170.180", "version": "5.15.0-170.180" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-5.15.0-170-generic-lpae", "from_version": { "source_package_name": "linux", "source_package_version": "5.15.0-170.180", "version": "5.15.0-170.180" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20260218 to 20260227", "from_series": "jammy", "to_series": "jammy", "from_serial": "20260218", "to_serial": "20260227", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }