{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "coreutils", "snapd", "xxd" ] } }, "diff": { "deb": [ { "name": "coreutils", "from_version": { "source_package_name": "coreutils", "source_package_version": "8.32-4.1ubuntu1.2", "version": "8.32-4.1ubuntu1.2" }, "to_version": { "source_package_name": "coreutils", "source_package_version": "8.32-4.1ubuntu1.3", "version": "8.32-4.1ubuntu1.3" }, "cves": [], "launchpad_bugs_fixed": [ 2137373 ], "changes": [ { "cves": [], "log": [ "", " * Fix slow performance of 'du' on large directories (>= 10K files)", " on Lustre filesystems by skipping inode sorting. The default", " behaviour of sorting dirents by inode numbers negatively impacts", " performance on Lustre because it interferes with Lustre's ability", " to prefetch file metadata via statahead. (LP: #2137373)", " - d/p/lp2137373-skip-dirent-inode-sorting-for-lustre.patch", "" ], "package": "coreutils", "version": "8.32-4.1ubuntu1.3", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2137373 ], "author": "Munir Siddiqui ", "date": "Fri, 23 Jan 2026 15:51:17 +0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.73+ubuntu22.04", "version": "2.73+ubuntu22.04" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.73+ubuntu22.04.1", "version": "2.73+ubuntu22.04.1" }, "cves": [ { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd in Ubuntu on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is enabled to automatically clean up this directory.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:00:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd in Ubuntu on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is enabled to automatically clean up this directory.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:00:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Local privilege escalation", " - debian/patches/CVE-2026-3888.patch: more precise prune pattern for", " tmpfiles.", " - CVE-2026-3888", "" ], "package": "snapd", "version": "2.73+ubuntu22.04.1", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Eduardo Barretto ", "date": "Thu, 12 Mar 2026 12:30:27 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "xxd", "from_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.24", "version": "2:8.2.3995-1ubuntu2.24" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:8.2.3995-1ubuntu2.26", "version": "2:8.2.3995-1ubuntu2.26" }, "cves": [ { "cve": "CVE-2026-26269", "url": "https://ubuntu.com/security/CVE-2026-26269", "cve_description": "Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.", "cve_priority": "low", "cve_public_date": "2026-02-13 20:17:00 UTC" }, { "cve": "CVE-2026-28420", "url": "https://ubuntu.com/security/CVE-2026-28420", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28422", "url": "https://ubuntu.com/security/CVE-2026-28422", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-25749", "url": "https://ubuntu.com/security/CVE-2026-25749", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.", "cve_priority": "low", "cve_public_date": "2026-02-06 23:15:00 UTC" }, { "cve": "CVE-2026-28417", "url": "https://ubuntu.com/security/CVE-2026-28417", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28418", "url": "https://ubuntu.com/security/CVE-2026-28418", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28419", "url": "https://ubuntu.com/security/CVE-2026-28419", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28421", "url": "https://ubuntu.com/security/CVE-2026-28421", "cve_description": "Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-26269", "url": "https://ubuntu.com/security/CVE-2026-26269", "cve_description": "Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim builds that enable and use the NetBeans feature. The Stack buffer overflow exists in special_keys() (in src/netbeans.c). The while (*tok) loop writes two bytes per iteration into a 64-byte stack buffer (keybuf) with no bounds check. A malicious NetBeans server can overflow keybuf with a single specialKeys command. The issue has been fixed as of Vim patch v9.1.2148.", "cve_priority": "low", "cve_public_date": "2026-02-13 20:17:00 UTC" }, { "cve": "CVE-2026-28420", "url": "https://ubuntu.com/security/CVE-2026-28420", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combining characters from Unicode supplementary planes. Version 9.2.0076 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28422", "url": "https://ubuntu.com/security/CVE-2026-28422", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-25749", "url": "https://ubuntu.com/security/CVE-2026-25749", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the get_tagfname() function in src/tag.c. When processing help file tags, Vim copies the user-controlled 'helpfile' option value into a fixed-size heap buffer of MAXPATHL + 1 bytes (typically 4097 bytes) using an unsafe STRCPY() operation without any bounds checking. This issue has been patched in version 9.1.2132.", "cve_priority": "low", "cve_public_date": "2026-02-06 23:15:00 UTC" }, { "cve": "CVE-2026-28417", "url": "https://ubuntu.com/security/CVE-2026-28417", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0073, an OS command injection vulnerability exists in the `netrw` standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the `scp://` protocol handler), an attacker can execute arbitrary shell commands with the privileges of the Vim process. Version 9.2.0073 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28418", "url": "https://ubuntu.com/security/CVE-2026-28418", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file, Vim can be tricked into reading up to 7 bytes beyond the allocated memory boundary. Version 9.2.0074 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28419", "url": "https://ubuntu.com/security/CVE-2026-28419", "cve_description": "Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding the allocated buffer. Version 9.2.0075 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" }, { "cve": "CVE-2026-28421", "url": "https://ubuntu.com/security/CVE-2026-28421", "cve_description": "Vim is an open source, command line text editor. Versions prior to 9.2.0077 have a heap-buffer-overflow and a segmentation fault (SEGV) exist in Vim's swap file recovery logic. Both are caused by unvalidated fields read from crafted pointer blocks within a swap file. Version 9.2.0077 fixes the issue.", "cve_priority": "medium", "cve_public_date": "2026-02-27 22:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Buffer Overflow", " - debian/patches/CVE-2026-26269.patch: Limit writing to max KEYBUFLEN", " bytes to prevent writing out of bounds.", " - debian/patches/CVE-2026-28420.patch: Use VTERM_MAX_CHARS_PER_CELL * 4", " for ga_grow() to ensure sufficient space. Add a boundary check to the", " character loop to prevent index out-of-bounds access.", " - debian/patches/CVE-2026-28422.patch: Update the size check to account", " for the byte length of the fill character (using MB_CHAR2LEN).", " - debian/patches/CVE-2026-25749.patch: Limit strncpy to the length", " of the buffer (MAXPATHL)", " - CVE-2026-26269", " - CVE-2026-28420", " - CVE-2026-28422", " - CVE-2026-25749", " * SECURITY UPDATE: Command Injection", " - debian/patches/CVE-2026-28417.patch: Implement stricter RFC1123", " hostname and IP validation. Use shellescape() for the provided", " hostname and port.", " - CVE-2026-28417", " * SECURITY UPDATE: Out of Bounds Read", " - debian/patches/CVE-2026-28418.patch: Check for end of buffer", " and return early.", " - CVE-2026-28418", " * SECURITY UPDATE: Buffer Underflow", " - debian/patches/CVE-2026-28419.patch: Add a check to ensure the", " delimiter (p_7f) is not at the start of the buffer (lbuf) before", " attempting to isolate the tag name.", " - CVE-2026-28419", " * SECURITY UPDATE: Denial of Service", " - debian/patches/CVE-2026-28421.patch: Add bounds checks on", " pe_page_count and pe_bnum against mf_blocknr_max before descending", " into the block tree, and validate pe_old_lnum >= 1 and", " pe_line_count > 0 before calling readfile().", " - CVE-2026-28421", "" ], "package": "vim", "version": "2:8.2.3995-1ubuntu2.26", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Bruce Cable ", "date": "Wed, 11 Mar 2026 10:44:44 +1100" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20260313 to 20260316", "from_series": "jammy", "to_series": "jammy", "from_serial": "20260313", "to_serial": "20260316", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }