{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-6.8.0-101", "linux-headers-6.8.0-101-generic", "linux-image-6.8.0-101-generic", "linux-modules-6.8.0-101-generic", "linux-tools-6.8.0-101", "linux-tools-6.8.0-101-generic" ], "removed": [ "linux-headers-6.8.0-100", "linux-headers-6.8.0-100-generic", "linux-image-6.8.0-100-generic", "linux-modules-6.8.0-100-generic", "linux-tools-6.8.0-100", "linux-tools-6.8.0-100-generic" ], "diff": [ "cloud-init", "curl", "gcc-14-base", "libcurl3t64-gnutls", "libcurl4t64", "libexpat1", "libgcc-s1", "libgnutls30t64", "libpng16-16t64", "libssh-4", "libstdc++6", "linux-headers-generic", "linux-headers-virtual", "linux-image-virtual", "linux-libc-dev", "linux-tools-common", "linux-virtual", "python3-software-properties", "software-properties-common", "systemd-hwe-hwdb", "u-boot-tools" ] } }, "diff": { "deb": [ { "name": "cloud-init", "from_version": { "source_package_name": "cloud-init", "source_package_version": "25.2-0ubuntu1~24.04.1", "version": "25.2-0ubuntu1~24.04.1" }, "to_version": { "source_package_name": "cloud-init", "source_package_version": "25.3-0ubuntu1~24.04.1", "version": "25.3-0ubuntu1~24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2131604 ], "changes": [ { "cves": [], "log": [ "", " * d/p/retain-setuptools.patch: avoid upstream switch to meson build backend.", " * refresh patches:", " - d/p/no-nocloud-network.patch", " - d/p/no-single-process.patch", " - d/p/grub-dpkg-support.patch", " * Upstream snapshot based on 25.3. (LP: #2131604).", " List of changes from upstream can be found at", " https://raw.githubusercontent.com/canonical/cloud-init/25.3/ChangeLog", "" ], "package": "cloud-init", "version": "25.3-0ubuntu1~24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2131604 ], "author": "Chad Smith ", "date": "Sat, 15 Nov 2025 11:02:56 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "curl", "from_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.6", "version": "8.5.0-2ubuntu10.6" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.7", "version": "8.5.0-2ubuntu10.7" }, "cves": [ { "cve": "CVE-2025-10148", "url": "https://ubuntu.com/security/CVE-2025-10148", "cve_description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cve_priority": "low", "cve_public_date": "2025-09-12 06:15:00 UTC" }, { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14819", "url": "https://ubuntu.com/security/CVE-2025-14819", "cve_description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-10148", "url": "https://ubuntu.com/security/CVE-2025-10148", "cve_description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cve_priority": "low", "cve_public_date": "2025-09-12 06:15:00 UTC" }, { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14819", "url": "https://ubuntu.com/security/CVE-2025-14819", "cve_description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: predictable websocket frame mask", " - debian/patches/CVE-2025-10148.patch: get a new mask for each", " new outgoing frame in lib/ws.c", " - CVE-2025-10148", " * SECURITY UPDATE: multi-threaded TSL options leak", " - debian/patches/CVE-2025-14017.patch: call ldap_init() before", " setting the options in lib/ldap.c", " - CVE-2025-14017", " * SECURITY UPDATE: bearer token leak on cross-protocol redirect", " - debian/patches/CVE-2025-14524.patch: if redirected,", " require permission to use bearer in lib/curl_sasl.c", " - CVE-2025-14524", " * SECURITY UPDATE: OpenSSL partial chain store policy bypass", " - debian/patches/CVE-2025-14819.patch: toggling", " CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache in", " lib/vtls/openssl.c.", " - CVE-2025-14819", " * SECURITY UPDATE: ssh known_hosts validation bypass", " - debian/patches/CVE-2025-15079.patch: set both knownhosts", " options to the same file in lib/vssh/libssh.c", " - CVE-2025-15079", " * SECURITY UPDATE: improper local ssh agent authentication", " - debian/patches/CVE-2025-15224.patch: require private key", " or user-agent for public key auth in lib/vssh/libssh.c", " - CVE-2025-15224", "" ], "package": "curl", "version": "8.5.0-2ubuntu10.7", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Elise Hlady ", "date": "Wed, 18 Feb 2026 10:57:28 -0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "gcc-14-base", "from_version": { "source_package_name": "gcc-14", "source_package_version": "14.2.0-4ubuntu2~24.04", "version": "14.2.0-4ubuntu2~24.04" }, "to_version": { "source_package_name": "gcc-14", "source_package_version": "14.2.0-4ubuntu2~24.04.1", "version": "14.2.0-4ubuntu2~24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2101084 ], "changes": [ { "cves": [], "log": [ "", " * d/p/pr118976.diff: Fix memory corruption when executing 256-bit", " Scalable Vector Extensions code on 128-bit CPUs (LP: #2101084).", "" ], "package": "gcc-14", "version": "14.2.0-4ubuntu2~24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2101084 ], "author": "Vladimir Petko ", "date": "Fri, 19 Dec 2025 10:36:50 +1300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcurl3t64-gnutls", "from_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.6", "version": "8.5.0-2ubuntu10.6" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.7", "version": "8.5.0-2ubuntu10.7" }, "cves": [ { "cve": "CVE-2025-10148", "url": "https://ubuntu.com/security/CVE-2025-10148", "cve_description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cve_priority": "low", "cve_public_date": "2025-09-12 06:15:00 UTC" }, { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14819", "url": "https://ubuntu.com/security/CVE-2025-14819", "cve_description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-10148", "url": "https://ubuntu.com/security/CVE-2025-10148", "cve_description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cve_priority": "low", "cve_public_date": "2025-09-12 06:15:00 UTC" }, { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14819", "url": "https://ubuntu.com/security/CVE-2025-14819", "cve_description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: predictable websocket frame mask", " - debian/patches/CVE-2025-10148.patch: get a new mask for each", " new outgoing frame in lib/ws.c", " - CVE-2025-10148", " * SECURITY UPDATE: multi-threaded TSL options leak", " - debian/patches/CVE-2025-14017.patch: call ldap_init() before", " setting the options in lib/ldap.c", " - CVE-2025-14017", " * SECURITY UPDATE: bearer token leak on cross-protocol redirect", " - debian/patches/CVE-2025-14524.patch: if redirected,", " require permission to use bearer in lib/curl_sasl.c", " - CVE-2025-14524", " * SECURITY UPDATE: OpenSSL partial chain store policy bypass", " - debian/patches/CVE-2025-14819.patch: toggling", " CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache in", " lib/vtls/openssl.c.", " - CVE-2025-14819", " * SECURITY UPDATE: ssh known_hosts validation bypass", " - debian/patches/CVE-2025-15079.patch: set both knownhosts", " options to the same file in lib/vssh/libssh.c", " - CVE-2025-15079", " * SECURITY UPDATE: improper local ssh agent authentication", " - debian/patches/CVE-2025-15224.patch: require private key", " or user-agent for public key auth in lib/vssh/libssh.c", " - CVE-2025-15224", "" ], "package": "curl", "version": "8.5.0-2ubuntu10.7", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Elise Hlady ", "date": "Wed, 18 Feb 2026 10:57:28 -0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcurl4t64", "from_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.6", "version": "8.5.0-2ubuntu10.6" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.5.0-2ubuntu10.7", "version": "8.5.0-2ubuntu10.7" }, "cves": [ { "cve": "CVE-2025-10148", "url": "https://ubuntu.com/security/CVE-2025-10148", "cve_description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cve_priority": "low", "cve_public_date": "2025-09-12 06:15:00 UTC" }, { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14819", "url": "https://ubuntu.com/security/CVE-2025-14819", "cve_description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-10148", "url": "https://ubuntu.com/security/CVE-2025-10148", "cve_description": "curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two communicating parties that could be interpreted by an involved proxy (configured or transparent) as genuine, real, HTTP traffic with content and thereby poison its cache. That cached poisoned content could then be served to all users of that proxy.", "cve_priority": "low", "cve_public_date": "2025-09-12 06:15:00 UTC" }, { "cve": "CVE-2025-14017", "url": "https://ubuntu.com/security/CVE-2025-14017", "cve_description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "cve_priority": "medium", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14524", "url": "https://ubuntu.com/security/CVE-2025-14524", "cve_description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-14819", "url": "https://ubuntu.com/security/CVE-2025-14819", "cve_description": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15079", "url": "https://ubuntu.com/security/CVE-2025-15079", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" }, { "cve": "CVE-2025-15224", "url": "https://ubuntu.com/security/CVE-2025-15224", "cve_description": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "cve_priority": "low", "cve_public_date": "2026-01-08 10:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: predictable websocket frame mask", " - debian/patches/CVE-2025-10148.patch: get a new mask for each", " new outgoing frame in lib/ws.c", " - CVE-2025-10148", " * SECURITY UPDATE: multi-threaded TSL options leak", " - debian/patches/CVE-2025-14017.patch: call ldap_init() before", " setting the options in lib/ldap.c", " - CVE-2025-14017", " * SECURITY UPDATE: bearer token leak on cross-protocol redirect", " - debian/patches/CVE-2025-14524.patch: if redirected,", " require permission to use bearer in lib/curl_sasl.c", " - CVE-2025-14524", " * SECURITY UPDATE: OpenSSL partial chain store policy bypass", " - debian/patches/CVE-2025-14819.patch: toggling", " CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache in", " lib/vtls/openssl.c.", " - CVE-2025-14819", " * SECURITY UPDATE: ssh known_hosts validation bypass", " - debian/patches/CVE-2025-15079.patch: set both knownhosts", " options to the same file in lib/vssh/libssh.c", " - CVE-2025-15079", " * SECURITY UPDATE: improper local ssh agent authentication", " - debian/patches/CVE-2025-15224.patch: require private key", " or user-agent for public key auth in lib/vssh/libssh.c", " - CVE-2025-15224", "" ], "package": "curl", "version": "8.5.0-2ubuntu10.7", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Elise Hlady ", "date": "Wed, 18 Feb 2026 10:57:28 -0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "libexpat1", "from_version": { "source_package_name": "expat", "source_package_version": "2.6.1-2ubuntu0.3", "version": "2.6.1-2ubuntu0.3" }, "to_version": { "source_package_name": "expat", "source_package_version": "2.6.1-2ubuntu0.4", "version": "2.6.1-2ubuntu0.4" }, "cves": [ { "cve": "CVE-2026-24515", "url": "https://ubuntu.com/security/CVE-2026-24515", "cve_description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cve_priority": "medium", "cve_public_date": "2026-01-23 08:16:00 UTC" }, { "cve": "CVE-2026-25210", "url": "https://ubuntu.com/security/CVE-2026-25210", "cve_description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", "cve_priority": "medium", "cve_public_date": "2026-01-30 07:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-24515", "url": "https://ubuntu.com/security/CVE-2026-24515", "cve_description": "In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.", "cve_priority": "medium", "cve_public_date": "2026-01-23 08:16:00 UTC" }, { "cve": "CVE-2026-25210", "url": "https://ubuntu.com/security/CVE-2026-25210", "cve_description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", "cve_priority": "medium", "cve_public_date": "2026-01-30 07:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: NULL pointer dereference", " - debian/patches/CVE-2026-24515.patch: updates", " XML_ExternalEntityParserCreate to copy unknown encoding handler user", " data in expat/lib/xmlparse.c.", " - CVE-2026-24515", " * SECURITY UPDATE: integer overflow", " - debian/patches/CVE-2026-25210*.patch: adds an integer overflow check for", " tag buffer reallocation in the doContent function of", " expat/lib/xmlparse.c.", " - CVE-2026-25210", "" ], "package": "expat", "version": "2.6.1-2ubuntu0.4", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Ian Constantin ", "date": "Wed, 04 Feb 2026 17:24:08 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgcc-s1", "from_version": { "source_package_name": "gcc-14", "source_package_version": "14.2.0-4ubuntu2~24.04", "version": "14.2.0-4ubuntu2~24.04" }, "to_version": { "source_package_name": "gcc-14", "source_package_version": "14.2.0-4ubuntu2~24.04.1", "version": "14.2.0-4ubuntu2~24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2101084 ], "changes": [ { "cves": [], "log": [ "", " * d/p/pr118976.diff: Fix memory corruption when executing 256-bit", " Scalable Vector Extensions code on 128-bit CPUs (LP: #2101084).", "" ], "package": "gcc-14", "version": "14.2.0-4ubuntu2~24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2101084 ], "author": "Vladimir Petko ", "date": "Fri, 19 Dec 2025 10:36:50 +1300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgnutls30t64", "from_version": { "source_package_name": "gnutls28", "source_package_version": "3.8.3-1.1ubuntu3.4", "version": "3.8.3-1.1ubuntu3.4" }, "to_version": { "source_package_name": "gnutls28", "source_package_version": "3.8.3-1.1ubuntu3.5", "version": "3.8.3-1.1ubuntu3.5" }, "cves": [ { "cve": "CVE-2025-14831", "url": "https://ubuntu.com/security/CVE-2025-14831", "cve_description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cve_priority": "medium", "cve_public_date": "2026-02-09 15:16:00 UTC" }, { "cve": "CVE-2025-9820", "url": "https://ubuntu.com/security/CVE-2025-9820", "cve_description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cve_priority": "low", "cve_public_date": "2026-01-26 20:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-14831", "url": "https://ubuntu.com/security/CVE-2025-14831", "cve_description": "A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).", "cve_priority": "medium", "cve_public_date": "2026-02-09 15:16:00 UTC" }, { "cve": "CVE-2025-9820", "url": "https://ubuntu.com/security/CVE-2025-9820", "cve_description": "A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.", "cve_priority": "low", "cve_public_date": "2026-01-26 20:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: DoS via malicious certificates", " - debian/patches/CVE-2025-14831-*.patch: rework processing algorithms", " to exhibit better performance characteristics in", " lib/x509/name_constraints.c, tests/name-constraints-ip.c.", " - CVE-2025-14831", " * SECURITY UPDATE: stack overflow via long token label", " - debian/patches/CVE-2025-9820.patch: avoid stack overwrite when", " initializing a token in lib/pkcs11_write.c, tests/Makefile.am,", " tests/pkcs11/long-label.c.", " - CVE-2025-9820", "" ], "package": "gnutls28", "version": "3.8.3-1.1ubuntu3.5", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Tue, 10 Feb 2026 11:09:12 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpng16-16t64", "from_version": { "source_package_name": "libpng1.6", "source_package_version": "1.6.43-5ubuntu0.4", "version": "1.6.43-5ubuntu0.4" }, "to_version": { "source_package_name": "libpng1.6", "source_package_version": "1.6.43-5ubuntu0.5", "version": "1.6.43-5ubuntu0.5" }, "cves": [ { "cve": "CVE-2026-25646", "url": "https://ubuntu.com/security/CVE-2026-25646", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.", "cve_priority": "medium", "cve_public_date": "2026-02-10 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-25646", "url": "https://ubuntu.com/security/CVE-2026-25646", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.", "cve_priority": "medium", "cve_public_date": "2026-02-10 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: OOB read in png_set_quantize()", " - debian/patches/CVE-2026-25646.patch: fix a heap buffer overflow in", " pngrtran.c.", " - CVE-2026-25646", "" ], "package": "libpng1.6", "version": "1.6.43-5ubuntu0.5", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Feb 2026 09:27:12 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libssh-4", "from_version": { "source_package_name": "libssh", "source_package_version": "0.10.6-2ubuntu0.2", "version": "0.10.6-2ubuntu0.2" }, "to_version": { "source_package_name": "libssh", "source_package_version": "0.10.6-2ubuntu0.3", "version": "0.10.6-2ubuntu0.3" }, "cves": [ { "cve": "CVE-2025-8277", "url": "https://ubuntu.com/security/CVE-2025-8277", "cve_description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "cve_priority": "low", "cve_public_date": "2025-09-09 12:15:00 UTC" }, { "cve": "CVE-2026-0964", "url": "https://ubuntu.com/security/CVE-2026-0964", "cve_description": "[Improper sanitation of paths received from SCP servers]", "cve_priority": "medium", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0965", "url": "https://ubuntu.com/security/CVE-2026-0965", "cve_description": "[Denial of Service via improper configuration file handling]", "cve_priority": "low", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0966", "url": "https://ubuntu.com/security/CVE-2026-0966", "cve_description": "[Buffer underflow in ssh_get_hexa() on invalid input]", "cve_priority": "low", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0967", "url": "https://ubuntu.com/security/CVE-2026-0967", "cve_description": "[Denial of Service via inefficient regular expression processing]", "cve_priority": "medium", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0968", "url": "https://ubuntu.com/security/CVE-2026-0968", "cve_description": "[Denial of Service due to malformed SFTP message]", "cve_priority": "medium", "cve_public_date": "2026-02-13" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-8277", "url": "https://ubuntu.com/security/CVE-2025-8277", "cve_description": "A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability.", "cve_priority": "low", "cve_public_date": "2025-09-09 12:15:00 UTC" }, { "cve": "CVE-2026-0964", "url": "https://ubuntu.com/security/CVE-2026-0964", "cve_description": "[Improper sanitation of paths received from SCP servers]", "cve_priority": "medium", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0965", "url": "https://ubuntu.com/security/CVE-2026-0965", "cve_description": "[Denial of Service via improper configuration file handling]", "cve_priority": "low", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0966", "url": "https://ubuntu.com/security/CVE-2026-0966", "cve_description": "[Buffer underflow in ssh_get_hexa() on invalid input]", "cve_priority": "low", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0967", "url": "https://ubuntu.com/security/CVE-2026-0967", "cve_description": "[Denial of Service via inefficient regular expression processing]", "cve_priority": "medium", "cve_public_date": "2026-02-13" }, { "cve": "CVE-2026-0968", "url": "https://ubuntu.com/security/CVE-2026-0968", "cve_description": "[Denial of Service due to malformed SFTP message]", "cve_priority": "medium", "cve_public_date": "2026-02-13" } ], "log": [ "", " * SECURITY UPDATE: memory leak in key exchange", " - debian/patches/CVE-2025-8277-1.patch: adjust packet filter to work", " when DH-GEX is guessed wrongly in src/packet.c.", " - debian/patches/CVE-2025-8277-2.patch: fix memory leak of unused", " ephemeral key pair after client's wrong KEX guess in src/dh_crypto.c,", " src/dh_key.c, src/ecdh_crypto.c, src/ecdh_gcrypt.c,", " src/ecdh_mbedcrypto.c.", " - debian/patches/CVE-2025-8277-3.patch: free previously allocated", " pubkeys in src/ecdh_crypto.c, src/ecdh_gcrypt.c.", " - debian/patches/CVE-2025-8277-4.patch: avoid leaking ecdh keys in", " src/ecdh_mbedcrypto.c, src/wrapper.c.", " - CVE-2025-8277", " * SECURITY UPDATE: Improper sanitation of paths received from SCP servers", " - debian/patches/CVE-2026-0964.patch: reject invalid paths received", " through scp in src/scp.c.", " - CVE-2026-0964", " * SECURITY UPDATE: DoS via improper configuration file handling", " - debian/patches/CVE-2026-0965.patch: do not attempt to read", " non-regular and too large configuration files in", " include/libssh/misc.h, include/libssh/priv.h, src/bind_config.c,", " src/config.c, src/dh-gex.c, src/known_hosts.c, src/knownhosts.c,", " src/misc.c, tests/unittests/torture_config.c.", " - CVE-2026-0965", " * SECURITY UPDATE: Buffer underflow in ssh_get_hexa() on invalid input", " - debian/patches/CVE-2026-0966-1.patch: avoid heap buffer underflow in", " ssh_get_hexa in src/misc.c.", " - debian/patches/CVE-2026-0966-2.patch: test coverage for ssh_get_hexa", " in tests/unittests/torture_misc.c.", " - debian/patches/CVE-2026-0966-3.patch: update guided tour to use", " SHA256 fingerprints in doc/guided_tour.dox.", " - CVE-2026-0966", " * SECURITY UPDATE: DoS via inefficient regular expression processing", " - debian/patches/CVE-2026-0967.patch: avoid recursive matching (ReDoS)", " in src/match.c, tests/unittests/torture_config.c.", " - CVE-2026-0967", " * SECURITY UPDATE: DoS due to malformed SFTP message", " - debian/patches/CVE-2026-0968-1.patch: sanitize input handling in", " sftp_parse_longname() in src/sftp.c.", " - debian/patches/CVE-2026-0968-2.patch: reproducer for invalid longname", " data in tests/unittests/CMakeLists.txt,", " tests/unittests/torture_unit_sftp.c.", " - CVE-2026-0968", "" ], "package": "libssh", "version": "0.10.6-2ubuntu0.3", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 13 Feb 2026 09:41:22 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "libstdc++6", "from_version": { "source_package_name": "gcc-14", "source_package_version": "14.2.0-4ubuntu2~24.04", "version": "14.2.0-4ubuntu2~24.04" }, "to_version": { "source_package_name": "gcc-14", "source_package_version": "14.2.0-4ubuntu2~24.04.1", "version": "14.2.0-4ubuntu2~24.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2101084 ], "changes": [ { "cves": [], "log": [ "", " * d/p/pr118976.diff: Fix memory corruption when executing 256-bit", " Scalable Vector Extensions code on 128-bit CPUs (LP: #2101084).", "" ], "package": "gcc-14", "version": "14.2.0-4ubuntu2~24.04.1", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2101084 ], "author": "Vladimir Petko ", "date": "Fri, 19 Dec 2025 10:36:50 +1300" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-generic", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-101.101", "" ], "package": "linux-meta", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 19:21:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-101.101", "" ], "package": "linux-meta", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 19:21:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-101.101", "" ], "package": "linux-meta", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 19:21:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-libc-dev", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2140964 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-101.101 -proposed tracker (LP: #2140964)", "", " * CVE-2025-37899", " - ksmbd: fix use-after-free in session logoff", "", " * CVE-2025-22037", " - ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous", " session", " - ksmbd: fix race condition between destroy_previous_session() and smb2", " operations()", " - ksmbd: fix null pointer dereference in alloc_preauth_hash()", "" ], "package": "linux", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2140964 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 18:52:19 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-common", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2140964 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-101.101 -proposed tracker (LP: #2140964)", "", " * CVE-2025-37899", " - ksmbd: fix use-after-free in session logoff", "", " * CVE-2025-22037", " - ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous", " session", " - ksmbd: fix race condition between destroy_previous_session() and smb2", " operations()", " - ksmbd: fix null pointer dereference in alloc_preauth_hash()", "" ], "package": "linux", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2140964 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 18:52:19 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-101.101", "" ], "package": "linux-meta", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 19:21:16 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-software-properties", "from_version": { "source_package_name": "software-properties", "source_package_version": "0.99.49.3", "version": "0.99.49.3" }, "to_version": { "source_package_name": "software-properties", "source_package_version": "0.99.49.4", "version": "0.99.49.4" }, "cves": [], "launchpad_bugs_fixed": [ 2131967 ], "changes": [ { "cves": [], "log": [ "", " * cloudarchive.py: Enable support for the Gazpacho Ubuntu Cloud Archive on 24.04", " (LP: #2131967). ", "" ], "package": "software-properties", "version": "0.99.49.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2131967 ], "author": "Myles Penner ", "date": "Mon, 05 Jan 2026 08:17:49 -0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "software-properties-common", "from_version": { "source_package_name": "software-properties", "source_package_version": "0.99.49.3", "version": "0.99.49.3" }, "to_version": { "source_package_name": "software-properties", "source_package_version": "0.99.49.4", "version": "0.99.49.4" }, "cves": [], "launchpad_bugs_fixed": [ 2131967 ], "changes": [ { "cves": [], "log": [ "", " * cloudarchive.py: Enable support for the Gazpacho Ubuntu Cloud Archive on 24.04", " (LP: #2131967). ", "" ], "package": "software-properties", "version": "0.99.49.4", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2131967 ], "author": "Myles Penner ", "date": "Mon, 05 Jan 2026 08:17:49 -0800" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-hwe-hwdb", "from_version": { "source_package_name": "systemd-hwe", "source_package_version": "255.1.6", "version": "255.1.6" }, "to_version": { "source_package_name": "systemd-hwe", "source_package_version": "255.1.7", "version": "255.1.7" }, "cves": [], "launchpad_bugs_fixed": [ 2138596 ], "changes": [ { "cves": [], "log": [ "", " * Add Mic mute key mapping for HP Eliteboard (LP: #2138596)", "" ], "package": "systemd-hwe", "version": "255.1.7", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2138596 ], "author": "Dirk Su ", "date": "Mon, 02 Feb 2026 09:19:05 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "u-boot-tools", "from_version": { "source_package_name": "u-boot", "source_package_version": "2025.10-0ubuntu0.24.04.1", "version": "2025.10-0ubuntu0.24.04.1" }, "to_version": { "source_package_name": "u-boot", "source_package_version": "2025.10-0ubuntu0.24.04.2", "version": "2025.10-0ubuntu0.24.04.2" }, "cves": [ { "cve": "CVE-2024-57254", "url": "https://ubuntu.com/security/CVE-2024-57254", "cve_description": "An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57255", "url": "https://ubuntu.com/security/CVE-2024-57255", "cve_description": "An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57256", "url": "https://ubuntu.com/security/CVE-2024-57256", "cve_description": "An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57257", "url": "https://ubuntu.com/security/CVE-2024-57257", "cve_description": "A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57258", "url": "https://ubuntu.com/security/CVE-2024-57258", "cve_description": "Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57259", "url": "https://ubuntu.com/security/CVE-2024-57259", "cve_description": "sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2024-57254", "url": "https://ubuntu.com/security/CVE-2024-57254", "cve_description": "An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57255", "url": "https://ubuntu.com/security/CVE-2024-57255", "cve_description": "An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57256", "url": "https://ubuntu.com/security/CVE-2024-57256", "cve_description": "An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57257", "url": "https://ubuntu.com/security/CVE-2024-57257", "cve_description": "A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57258", "url": "https://ubuntu.com/security/CVE-2024-57258", "cve_description": "Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" }, { "cve": "CVE-2024-57259", "url": "https://ubuntu.com/security/CVE-2024-57259", "cve_description": "sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.", "cve_priority": "medium", "cve_public_date": "2025-02-18 23:15:00 UTC" } ], "log": [ "", " * No-change rebuild into -security pocket.", " - CVE-2024-57254, CVE-2024-57255, CVE-2024-57256, CVE-2024-57257,", " CVE-2024-57258, CVE-2024-57259", "" ], "package": "u-boot", "version": "2025.10-0ubuntu0.24.04.2", "urgency": "medium", "distributions": "noble-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 11 Feb 2026 13:04:28 -0500" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-6.8.0-101", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2140964 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-101.101 -proposed tracker (LP: #2140964)", "", " * CVE-2025-37899", " - ksmbd: fix use-after-free in session logoff", "", " * CVE-2025-22037", " - ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous", " session", " - ksmbd: fix race condition between destroy_previous_session() and smb2", " operations()", " - ksmbd: fix null pointer dereference in alloc_preauth_hash()", "" ], "package": "linux", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2140964 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 18:52:19 +0100" } ], "notes": "linux-headers-6.8.0-101 version '6.8.0-101.101' (source package linux version '6.8.0-101.101') was added. linux-headers-6.8.0-101 version '6.8.0-101.101' has the same source package name, linux, as removed package linux-headers-6.8.0-100. As such we can use the source package version of the removed package, '6.8.0-100.100', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-headers-6.8.0-101-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2140964 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-101.101 -proposed tracker (LP: #2140964)", "", " * CVE-2025-37899", " - ksmbd: fix use-after-free in session logoff", "", " * CVE-2025-22037", " - ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous", " session", " - ksmbd: fix race condition between destroy_previous_session() and smb2", " operations()", " - ksmbd: fix null pointer dereference in alloc_preauth_hash()", "" ], "package": "linux", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2140964 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 18:52:19 +0100" } ], "notes": "linux-headers-6.8.0-101-generic version '6.8.0-101.101' (source package linux version '6.8.0-101.101') was added. linux-headers-6.8.0-101-generic version '6.8.0-101.101' has the same source package name, linux, as removed package linux-headers-6.8.0-100. As such we can use the source package version of the removed package, '6.8.0-100.100', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-image-6.8.0-101-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.8.0-100.100", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.8.0-101.101", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 1786013 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 19:21:46 +0100" } ], "notes": "linux-image-6.8.0-101-generic version '6.8.0-101.101' (source package linux-signed version '6.8.0-101.101') was added. linux-image-6.8.0-101-generic version '6.8.0-101.101' has the same source package name, linux-signed, as removed package linux-image-6.8.0-100-generic. As such we can use the source package version of the removed package, '6.8.0-100.100', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-6.8.0-101-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2140964 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-101.101 -proposed tracker (LP: #2140964)", "", " * CVE-2025-37899", " - ksmbd: fix use-after-free in session logoff", "", " * CVE-2025-22037", " - ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous", " session", " - ksmbd: fix race condition between destroy_previous_session() and smb2", " operations()", " - ksmbd: fix null pointer dereference in alloc_preauth_hash()", "" ], "package": "linux", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2140964 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 18:52:19 +0100" } ], "notes": "linux-modules-6.8.0-101-generic version '6.8.0-101.101' (source package linux version '6.8.0-101.101') was added. linux-modules-6.8.0-101-generic version '6.8.0-101.101' has the same source package name, linux, as removed package linux-headers-6.8.0-100. As such we can use the source package version of the removed package, '6.8.0-100.100', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-tools-6.8.0-101", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2140964 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-101.101 -proposed tracker (LP: #2140964)", "", " * CVE-2025-37899", " - ksmbd: fix use-after-free in session logoff", "", " * CVE-2025-22037", " - ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous", " session", " - ksmbd: fix race condition between destroy_previous_session() and smb2", " operations()", " - ksmbd: fix null pointer dereference in alloc_preauth_hash()", "" ], "package": "linux", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2140964 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 18:52:19 +0100" } ], "notes": "linux-tools-6.8.0-101 version '6.8.0-101.101' (source package linux version '6.8.0-101.101') was added. linux-tools-6.8.0-101 version '6.8.0-101.101' has the same source package name, linux, as removed package linux-headers-6.8.0-100. As such we can use the source package version of the removed package, '6.8.0-100.100', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-tools-6.8.0-101-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.8.0-101.101", "version": "6.8.0-101.101" }, "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2140964 ], "changes": [ { "cves": [ { "cve": "CVE-2025-37899", "url": "https://ubuntu.com/security/CVE-2025-37899", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess->user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for that connection could be in the smb2_sess_setup function which makes use of sess->user.", "cve_priority": "high", "cve_public_date": "2025-05-20 16:15:00 UTC" }, { "cve": "CVE-2025-22037", "url": "https://ubuntu.com/security/CVE-2025-22037", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in alloc_preauth_hash() The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn->preauth_info is not allocated. This patch add KSMBD_SESS_NEED_SETUP status of connection to ignore session setup request if smb2 negotiate phase is not complete.", "cve_priority": "medium", "cve_public_date": "2025-04-16 15:15:00 UTC" } ], "log": [ "", " * noble/linux: 6.8.0-101.101 -proposed tracker (LP: #2140964)", "", " * CVE-2025-37899", " - ksmbd: fix use-after-free in session logoff", "", " * CVE-2025-22037", " - ksmbd: mark SMB2_SESSION_EXPIRED to session when destroying previous", " session", " - ksmbd: fix race condition between destroy_previous_session() and smb2", " operations()", " - ksmbd: fix null pointer dereference in alloc_preauth_hash()", "" ], "package": "linux", "version": "6.8.0-101.101", "urgency": "medium", "distributions": "noble", "launchpad_bugs_fixed": [ 2140964 ], "author": "Manuel Diewald ", "date": "Fri, 06 Feb 2026 18:52:19 +0100" } ], "notes": "linux-tools-6.8.0-101-generic version '6.8.0-101.101' (source package linux version '6.8.0-101.101') was added. linux-tools-6.8.0-101-generic version '6.8.0-101.101' has the same source package name, linux, as removed package linux-headers-6.8.0-100. As such we can use the source package version of the removed package, '6.8.0-100.100', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-6.8.0-100", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-6.8.0-100-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-6.8.0-100-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-6.8.0-100-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-6.8.0-100", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-6.8.0-100-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.8.0-100.100", "version": "6.8.0-100.100" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 24.04 noble image from release image serial 20260209 to 20260225", "from_series": "noble", "to_series": "noble", "from_serial": "20260209", "to_serial": "20260225", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }