{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-image-7.0.0-15-generic", "linux-main-modules-zfs-7.0.0-15-generic", "linux-modules-7.0.0-15-generic" ], "removed": [ "linux-image-7.0.0-14-generic", "linux-main-modules-zfs-7.0.0-14-generic", "linux-modules-7.0.0-14-generic" ], "diff": [ "base-files", "curl", "distro-info-data", "libcurl4t64", "libgnutls30t64", "libnghttp2-14", "linux-image-virtual", "openssh-client", "openssh-server", "openssh-sftp-server", "python3-distupgrade", "sed", "snapd", "ubuntu-release-upgrader-core", "xxd" ] } }, "diff": { "deb": [ { "name": "base-files", "from_version": { "source_package_name": "base-files", "source_package_version": "14ubuntu6", "version": "14ubuntu6" }, "to_version": { "source_package_name": "base-files", "source_package_version": "14ubuntu6.1", "version": "14ubuntu6.1" }, "cves": [], "launchpad_bugs_fixed": [ 2150561 ], "changes": [ { "cves": [], "log": [ "", " * /etc/os-release: Fix missing LTS in VERSION (LP: #2150561)", "" ], "package": "base-files", "version": "14ubuntu6.1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2150561 ], "author": "Oliver Reiche ", "date": "Fri, 24 Apr 2026 11:24:55 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "curl", "from_version": { "source_package_name": "curl", "source_package_version": "8.18.0-1ubuntu2", "version": "8.18.0-1ubuntu2" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.18.0-1ubuntu2.1", "version": "8.18.0-1ubuntu2.1" }, "cves": [ { "cve": "CVE-2026-4873", "url": "https://ubuntu.com/security/CVE-2026-4873", "cve_description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-5545", "url": "https://ubuntu.com/security/CVE-2026-5545", "cve_description": "libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1...", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-5773", "url": "https://ubuntu.com/security/CVE-2026-5773", "cve_description": "libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6253", "url": "https://ubuntu.com/security/CVE-2026-6253", "cve_description": "curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6276", "url": "https://ubuntu.com/security/CVE-2026-6276", "cve_description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6429", "url": "https://ubuntu.com/security/CVE-2026-6429", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-7168", "url": "https://ubuntu.com/security/CVE-2026-7168", "cve_description": "Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-4873", "url": "https://ubuntu.com/security/CVE-2026-4873", "cve_description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-5545", "url": "https://ubuntu.com/security/CVE-2026-5545", "cve_description": "libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1...", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-5773", "url": "https://ubuntu.com/security/CVE-2026-5773", "cve_description": "libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6253", "url": "https://ubuntu.com/security/CVE-2026-6253", "cve_description": "curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6276", "url": "https://ubuntu.com/security/CVE-2026-6276", "cve_description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6429", "url": "https://ubuntu.com/security/CVE-2026-6429", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-7168", "url": "https://ubuntu.com/security/CVE-2026-7168", "cve_description": "Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: connection reuse ignores TLS requirement", " - debian/patches/CVE-2026-4873.patch: do not reuse a non-tls starttls", " connection if new requires TLS in lib/url.c.", " - CVE-2026-4873", " * SECURITY UPDATE: wrong reuse of HTTP Negotiate connection", " - debian/patches/CVE-2026-5545.patch: improve connection reuse on", " negotiate in lib/url.c.", " - CVE-2026-5545", " * SECURITY UPDATE: wrong reuse of SMB connection", " - debian/patches/CVE-2026-5773.patch: disable connection reuse for", " SMB(S) in lib/smb.c.", " - CVE-2026-5773", " * SECURITY UPDATE: proxy credentials leak over redirect-to proxy", " - debian/patches/CVE-2026-6253-pre1.patch: chunked response, error code", " in lib/cf-h1-proxy.c, lib/cf-h2-proxy.c, tests/*.", " - debian/patches/CVE-2026-6253-pre2.patch: fix error code, remove SMB", " use in tests/data/test445.", " - debian/patches/CVE-2026-6253.patch: clear the proxy credentials as", " well on port or scheme change in lib/http.c, lib/transfer.*, tests/*.", " - CVE-2026-6253", " * SECURITY UPDATE: stale custom cookie host causes cookie leak", " - debian/patches/CVE-2026-6276.patch: move cookiehost to struct", " SingleRequest in lib/http.c, lib/request.c, lib/request.h, lib/url.c,", " lib/urldata.h, tests/*.", " - CVE-2026-6276", " * SECURITY UPDATE: netrc credential leak with reused proxy connection", " - debian/patches/CVE-2026-6429-pre1.patch: prevent secure schemes", " pushed over insecure connections in lib/http2.c.", " - debian/patches/CVE-2026-6429-pre2.patch: same origin tests in", " lib/http2.c, lib/urlapi-int.h, lib/urlapi.c.", " - debian/patches/CVE-2026-6429.patch: clear credentials better on", " redirect in lib/http.c, tests/*.", " - CVE-2026-6429", " * SECURITY UPDATE: cross-proxy Digest auth state leak", " - debian/patches/CVE-2026-7168.patch: clear proxy auth properties when", " switching in lib/setopt.c, lib/vauth/vauth.h, tests/*.", " - CVE-2026-7168", "" ], "package": "curl", "version": "8.18.0-1ubuntu2.1", "urgency": "medium", "distributions": "resolute-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 29 Apr 2026 07:35:43 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "distro-info-data", "from_version": { "source_package_name": "distro-info-data", "source_package_version": "0.68build1", "version": "0.68build1" }, "to_version": { "source_package_name": "distro-info-data", "source_package_version": "0.68ubuntu0.1", "version": "0.68ubuntu0.1" }, "cves": [], "launchpad_bugs_fixed": [ 2150234 ], "changes": [ { "cves": [], "log": [ "", " * Add Ubuntu 26.10 \"Stonking Stingray\" (LP: #2150234)", "" ], "package": "distro-info-data", "version": "0.68ubuntu0.1", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2150234 ], "author": "Oliver Reiche ", "date": "Tue, 28 Apr 2026 13:30:01 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libcurl4t64", "from_version": { "source_package_name": "curl", "source_package_version": "8.18.0-1ubuntu2", "version": "8.18.0-1ubuntu2" }, "to_version": { "source_package_name": "curl", "source_package_version": "8.18.0-1ubuntu2.1", "version": "8.18.0-1ubuntu2.1" }, "cves": [ { "cve": "CVE-2026-4873", "url": "https://ubuntu.com/security/CVE-2026-4873", "cve_description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-5545", "url": "https://ubuntu.com/security/CVE-2026-5545", "cve_description": "libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1...", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-5773", "url": "https://ubuntu.com/security/CVE-2026-5773", "cve_description": "libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6253", "url": "https://ubuntu.com/security/CVE-2026-6253", "cve_description": "curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6276", "url": "https://ubuntu.com/security/CVE-2026-6276", "cve_description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6429", "url": "https://ubuntu.com/security/CVE-2026-6429", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-7168", "url": "https://ubuntu.com/security/CVE-2026-7168", "cve_description": "Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-4873", "url": "https://ubuntu.com/security/CVE-2026-4873", "cve_description": "A vulnerability exists where a connection requiring TLS incorrectly reuses an existing unencrypted connection from the same connection pool. If an initial transfer is made in clear-text (via IMAP, SMTP, or POP3), a subsequent request to that same host bypasses the TLS requirement and instead transmit data unencrypted.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-5545", "url": "https://ubuntu.com/security/CVE-2026-5545", "cve_description": "libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTP(S) request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a request that was issued by an application could wrongfully reuse an existing connection to the same server that was authenticated using different credentials. An application that first uses Negotiate authentication to a server with `user1:password1` and then does another operation to the same server asking for any authentication method but for `user2:password2` (while the previous connection is still alive) - the second request gets confused and wrongly reuses the same connection and sends the new request over that connection thinking it uses a mix of user1's and user2's credentials when it is in fact still using the connection authenticated for user1...", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-5773", "url": "https://ubuntu.com/security/CVE-2026-5773", "cve_description": "libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the code, a network transfer operation that was requested by an application could wrongfully reuse an existing SMB connection to the same server that was using a different 'share' than the new subsequent transfer should. This could in unlucky situations lead to the download of the wrong file or the upload of a file to the wrong place. When this happens, the same credentials are used and the server name is the same.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6253", "url": "https://ubuntu.com/security/CVE-2026-6253", "cve_description": "curl might erroneously pass on credentials for a first proxy to a second proxy. This can happen when the following conditions are true: 1. curl is setup to use specific different proxies for different URL schemes 2. the first proxy needs credentials 3. the second proxy uses no credentials 4. while using the first proxy (using say `http://`), curl is asked to follow a redirect to a URL using another scheme (say `https://`), accessed using a second, different, proxy", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6276", "url": "https://ubuntu.com/security/CVE-2026-6276", "cve_description": "Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.", "cve_priority": "low", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-6429", "url": "https://ubuntu.com/security/CVE-2026-6429", "cve_description": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to host under certain circumstances.", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" }, { "cve": "CVE-2026-7168", "url": "https://ubuntu.com/security/CVE-2026-7168", "cve_description": "Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Proxy-Authorization:` header field meant for `proxyA`, to `proxyB`.", "cve_priority": "medium", "cve_public_date": "2026-05-13 13:01:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: connection reuse ignores TLS requirement", " - debian/patches/CVE-2026-4873.patch: do not reuse a non-tls starttls", " connection if new requires TLS in lib/url.c.", " - CVE-2026-4873", " * SECURITY UPDATE: wrong reuse of HTTP Negotiate connection", " - debian/patches/CVE-2026-5545.patch: improve connection reuse on", " negotiate in lib/url.c.", " - CVE-2026-5545", " * SECURITY UPDATE: wrong reuse of SMB connection", " - debian/patches/CVE-2026-5773.patch: disable connection reuse for", " SMB(S) in lib/smb.c.", " - CVE-2026-5773", " * SECURITY UPDATE: proxy credentials leak over redirect-to proxy", " - debian/patches/CVE-2026-6253-pre1.patch: chunked response, error code", " in lib/cf-h1-proxy.c, lib/cf-h2-proxy.c, tests/*.", " - debian/patches/CVE-2026-6253-pre2.patch: fix error code, remove SMB", " use in tests/data/test445.", " - debian/patches/CVE-2026-6253.patch: clear the proxy credentials as", " well on port or scheme change in lib/http.c, lib/transfer.*, tests/*.", " - CVE-2026-6253", " * SECURITY UPDATE: stale custom cookie host causes cookie leak", " - debian/patches/CVE-2026-6276.patch: move cookiehost to struct", " SingleRequest in lib/http.c, lib/request.c, lib/request.h, lib/url.c,", " lib/urldata.h, tests/*.", " - CVE-2026-6276", " * SECURITY UPDATE: netrc credential leak with reused proxy connection", " - debian/patches/CVE-2026-6429-pre1.patch: prevent secure schemes", " pushed over insecure connections in lib/http2.c.", " - debian/patches/CVE-2026-6429-pre2.patch: same origin tests in", " lib/http2.c, lib/urlapi-int.h, lib/urlapi.c.", " - debian/patches/CVE-2026-6429.patch: clear credentials better on", " redirect in lib/http.c, tests/*.", " - CVE-2026-6429", " * SECURITY UPDATE: cross-proxy Digest auth state leak", " - debian/patches/CVE-2026-7168.patch: clear proxy auth properties when", " switching in lib/setopt.c, lib/vauth/vauth.h, tests/*.", " - CVE-2026-7168", "" ], "package": "curl", "version": "8.18.0-1ubuntu2.1", "urgency": "medium", "distributions": "resolute-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Wed, 29 Apr 2026 07:35:43 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libgnutls30t64", "from_version": { "source_package_name": "gnutls28", "source_package_version": "3.8.12-2ubuntu1", "version": "3.8.12-2ubuntu1" }, "to_version": { "source_package_name": "gnutls28", "source_package_version": "3.8.12-2ubuntu1.1", "version": "3.8.12-2ubuntu1.1" }, "cves": [ { "cve": "CVE-2026-33846", "url": "https://ubuntu.com/security/CVE-2026-33846", "cve_description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "cve_priority": "medium", "cve_public_date": "2026-05-04 10:15:00 UTC" }, { "cve": "CVE-2026-42009", "url": "https://ubuntu.com/security/CVE-2026-42009", "cve_description": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.", "cve_priority": "medium", "cve_public_date": "2026-05-18 13:16:00 UTC" }, { "cve": "CVE-2026-33845", "url": "https://ubuntu.com/security/CVE-2026-33845", "cve_description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "cve_priority": "medium", "cve_public_date": "2026-04-30 18:16:00 UTC" }, { "cve": "CVE-2026-3832", "url": "https://ubuntu.com/security/CVE-2026-3832", "cve_description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "cve_priority": "medium", "cve_public_date": "2026-04-30 18:16:00 UTC" }, { "cve": "CVE-2026-3833", "url": "https://ubuntu.com/security/CVE-2026-3833", "cve_description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "cve_priority": "medium", "cve_public_date": "2026-04-30 18:16:00 UTC" }, { "cve": "CVE-2026-42011", "url": "https://ubuntu.com/security/CVE-2026-42011", "cve_description": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.", "cve_priority": "medium", "cve_public_date": "2026-05-07 15:16:00 UTC" }, { "cve": "CVE-2026-42010", "url": "https://ubuntu.com/security/CVE-2026-42010", "cve_description": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.", "cve_priority": "medium", "cve_public_date": "2026-05-07 12:16:00 UTC" }, { "cve": "CVE-2026-5260", "url": "https://ubuntu.com/security/CVE-2026-5260", "cve_description": "For a server using an RSA key backed by a PKCS#11 token, a client sending an extremely short premaster secret during an RSA key exchange could trigger a short heap overread.", "cve_priority": "medium", "cve_public_date": "2026-04-30" }, { "cve": "CVE-2026-42012", "url": "https://ubuntu.com/security/CVE-2026-42012", "cve_description": "Certificates containing URI or SRV Subject Alternative Names would fall back to checking DNS hostnames against Common Name, allowing potential misuse of such certificates beyond their original purpose.", "cve_priority": "medium", "cve_public_date": "2026-04-30" }, { "cve": "CVE-2026-42013", "url": "https://ubuntu.com/security/CVE-2026-42013", "cve_description": "Validation of certificates with oversized Subject Alternative Names would fall back to checking DNS hostnames against Common Name.", "cve_priority": "medium", "cve_public_date": "2026-04-30" }, { "cve": "CVE-2026-42014", "url": "https://ubuntu.com/security/CVE-2026-42014", "cve_description": "Changing the Security Officer PIN with gnutls_pkcs11_token_set_pin() with oldpin == NULL for a token lacking a protected authentication path led to a use-after-free.", "cve_priority": "medium", "cve_public_date": "2026-04-30" }, { "cve": "CVE-2026-42015", "url": "https://ubuntu.com/security/CVE-2026-42015", "cve_description": "Appending to a PKCS#12 bag that already contained 32 elements could write past the bag's internal array.", "cve_priority": "medium", "cve_public_date": "2026-04-30" }, { "cve": "CVE-2026-5419", "url": "https://ubuntu.com/security/CVE-2026-5419", "cve_description": "The PKCS#7 padding check performed during decryption was not constant-time, potentially leaking information about the padding bytes through timing differences.", "cve_priority": "medium", "cve_public_date": "2026-04-30" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-33846", "url": "https://ubuntu.com/security/CVE-2026-33846", "cve_description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "cve_priority": "medium", "cve_public_date": "2026-05-04 10:15:00 UTC" }, { "cve": "CVE-2026-42009", "url": "https://ubuntu.com/security/CVE-2026-42009", "cve_description": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.", "cve_priority": "medium", "cve_public_date": "2026-05-18 13:16:00 UTC" }, { "cve": "CVE-2026-33845", "url": "https://ubuntu.com/security/CVE-2026-33845", "cve_description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "cve_priority": "medium", "cve_public_date": "2026-04-30 18:16:00 UTC" }, { "cve": "CVE-2026-3832", "url": "https://ubuntu.com/security/CVE-2026-3832", "cve_description": "A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust.", "cve_priority": "medium", "cve_public_date": "2026-04-30 18:16:00 UTC" }, { "cve": "CVE-2026-3833", "url": "https://ubuntu.com/security/CVE-2026-3833", "cve_description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "cve_priority": "medium", "cve_public_date": "2026-04-30 18:16:00 UTC" }, { "cve": "CVE-2026-42011", "url": "https://ubuntu.com/security/CVE-2026-42011", "cve_description": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.", "cve_priority": "medium", "cve_public_date": "2026-05-07 15:16:00 UTC" }, { "cve": "CVE-2026-42010", "url": "https://ubuntu.com/security/CVE-2026-42010", "cve_description": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.", "cve_priority": "medium", "cve_public_date": "2026-05-07 12:16:00 UTC" }, { "cve": "CVE-2026-5260", "url": "https://ubuntu.com/security/CVE-2026-5260", "cve_description": "For a server using an RSA key backed by a PKCS#11 token, a client sending an extremely short premaster secret during an RSA key exchange could trigger a short heap overread.", "cve_priority": "medium", "cve_public_date": "2026-04-30" }, { "cve": "CVE-2026-42012", "url": "https://ubuntu.com/security/CVE-2026-42012", "cve_description": "Certificates containing URI or SRV Subject Alternative Names would fall back to checking DNS hostnames against Common Name, allowing potential misuse of such certificates beyond their original purpose.", "cve_priority": "medium", "cve_public_date": "2026-04-30" }, { "cve": "CVE-2026-42013", "url": "https://ubuntu.com/security/CVE-2026-42013", "cve_description": "Validation of certificates with oversized Subject Alternative Names would fall back to checking DNS hostnames against Common Name.", "cve_priority": "medium", "cve_public_date": "2026-04-30" }, { "cve": "CVE-2026-42014", "url": "https://ubuntu.com/security/CVE-2026-42014", "cve_description": "Changing the Security Officer PIN with gnutls_pkcs11_token_set_pin() with oldpin == NULL for a token lacking a protected authentication path led to a use-after-free.", "cve_priority": "medium", "cve_public_date": "2026-04-30" }, { "cve": "CVE-2026-42015", "url": "https://ubuntu.com/security/CVE-2026-42015", "cve_description": "Appending to a PKCS#12 bag that already contained 32 elements could write past the bag's internal array.", "cve_priority": "medium", "cve_public_date": "2026-04-30" }, { "cve": "CVE-2026-5419", "url": "https://ubuntu.com/security/CVE-2026-5419", "cve_description": "The PKCS#7 padding check performed during decryption was not constant-time, potentially leaking information about the padding bytes through timing differences.", "cve_priority": "medium", "cve_public_date": "2026-04-30" } ], "log": [ "", " * SECURITY UPDATE: buffer overflow in DTLS handshake fragment reassembly", " - debian/patches/CVE-2026-33846-pre1.patch: buffers: shorten", " merge_handshake_packet using recv_buf in lib/buffers.c.", " - debian/patches/CVE-2026-33846.patch: buffers: add more checks to DTLS", " reassembly in lib/buffers.c.", " - CVE-2026-33846", " * SECURITY UPDATE: DTLS packets sequence number ordering issue", " - debian/patches/CVE-2026-42009-pre1.patch: buffers: match DTLS datagrams by", " sequence number in lib/buffers.c.", " - debian/patches/CVE-2026-42009-1.patch: lib/buffers: ensure packets have", " differing sequence numbers in lib/buffers.c.", " - debian/patches/CVE-2026-42009-2.patch: buffers: fix handshake_compare when", " sequence numbers match in lib/buffers.c.", " - CVE-2026-42009", " * SECURITY UPDATE: OOB read via malformed fragments with zero length and", " non-zero offset", " - debian/patches/CVE-2026-33845-pre1.patch: buffers: rename a variable in", " parse_handshake_header in lib/buffers.c.", " - debian/patches/CVE-2026-33845.patch: buffers: switch from end_offset over", " to frag_length in lib/buffers.c, lib/gnutls_int.h.", " - debian/patches/CVE-2026-33845-2.patch: buffers: simplify and tighten", " parse_handshake_header checks in lib/buffers.c.", " - CVE-2026-33845", " * SECURITY UPDATE: malformed OCSP response issue", " - debian/patches/CVE-2026-3832.patch: cert-session: fix multi-entry OCSP", " revocation bypass in lib/cert-session.c.", " - CVE-2026-3832", " * SECURITY UPDATE: policy bypass via x509 case-sensitive comparisons", " - debian/patches/CVE-2026-3833.patch: x509/name-constraints: compare domain", " names case-insensitive in lib/x509/name_constraints.c.", " - CVE-2026-3833", " * SECURITY UPDATE: permitted name constrains were incorrectly ignored", " - debian/patches/CVE-2026-42011.patch: x509/name_constraints: fix", " intersecting empty constraints in lib/x509/name_constraints.c.", " - CVE-2026-42011", " * SECURITY UPDATE: ", " - debian/patches/CVE-2026-42010.patch: lib/auth/rsa_psk: fix binary PSK", " identity lookup in lib/auth/rsa_psk.c.", " - CVE-2026-42010", " * SECURITY UPDATE: incorrect username parsing with NUL characters", " - debian/patches/CVE-2026-5260-1.patch: lib/auth/rsa: check that ciphertext", " matches the modulus size in lib/auth/rsa.c, lib/auth/rsa_psk.c.", " - debian/patches/CVE-2026-5260-2.patch: lib/pkcs11_privkey: guard against", " overreading on short ciphertexts in lib/pkcs11_privkey.c.", " - CVE-2026-5260", " * SECURITY UPDATE: ", " - debian/patches/CVE-2026-42012-pre1.patch: x509/hostname-verify: refactor", " and simplify CN fallback logic in lib/x509/hostname-verify.c.", " - debian/patches/CVE-2026-42012-pre2.patch: x509: add bare-bones awareness", " of SRV virtual SAN in lib/includes/gnutls/gnutls.h.in, lib/x509/common.h,", " lib/x509/name_constraints.c, lib/x509/output.c, lib/x509/virt-san.c,", " lib/x509/x509.c.", " - debian/patches/CVE-2026-42012.patch: x509/hostname-verify: make URI/SRV", " SAN preclude CN fallback in lib/x509/hostname-verify.c.", " - CVE-2026-42012", " * SECURITY UPDATE: incorrect URI or SRV Subject Alternative Names checking", " - debian/patches/CVE-2026-42013-pre1.patch: x509/email-verify: call", " fallback DN fallback in lib/x509/email-verify.c.", " - debian/patches/CVE-2026-42013.patch: x509: prevent fallback on oversized", " SAN in lib/x509/email-verify.c, lib/x509/hostname-verify.c.", " - CVE-2026-42013", " * SECURITY UPDATE: UaF when changing the Security Officer PIN", " - debian/patches/CVE-2026-42014.patch: pkcs11_write: fix UAF and leak in", " gnutls_pkcs11_token_set_pin in lib/pkcs11_write.c.", " - CVE-2026-42014", " * SECURITY UPDATE: buffer overflow when appending to a PKCS#12 bag", " - debian/patches/CVE-2026-42015.patch: x509/pkcs12_bag: fix off-by-one in", " bag element bounds check in lib/x509/pkcs12_bag.c.", " - CVE-2026-42015", " * SECURITY UPDATE: non constant-time PKCS#7 padding check", " - debian/patches/CVE-2026-5419.patch: gnutls_cipher_decrypt3: make PKCS#7", " unpadding branch free in lib/crypto-api.c, lib/libgnutls.map,", " tests/Makefile.am, tests/pkcs7-pad.c.", " - debian/patches/CVE-2026-5419-2.patch: _gnutls_pkcs7_unpad: add missing", " declaration in lib/crypto-api.c.", " - CVE-2026-5419", "" ], "package": "gnutls28", "version": "3.8.12-2ubuntu1.1", "urgency": "medium", "distributions": "resolute-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 08 May 2026 10:11:31 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libnghttp2-14", "from_version": { "source_package_name": "nghttp2", "source_package_version": "1.68.0-2", "version": "1.68.0-2" }, "to_version": { "source_package_name": "nghttp2", "source_package_version": "1.68.0-2ubuntu0.1", "version": "1.68.0-2ubuntu0.1" }, "cves": [ { "cve": "CVE-2026-27135", "url": "https://ubuntu.com/security/CVE-2026-27135", "cve_description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", "cve_priority": "medium", "cve_public_date": "2026-03-18 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-27135", "url": "https://ubuntu.com/security/CVE-2026-27135", "cve_description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", "cve_priority": "medium", "cve_public_date": "2026-03-18 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service through assertion failure.", " - debian/patches/CVE-2026-27135.patch: Add iframe->state ==", " NGHTTP2_IB_IGN_ALL checks in lib/nghttp2_session.c.", " - CVE-2026-27135", "" ], "package": "nghttp2", "version": "1.68.0-2ubuntu0.1", "urgency": "medium", "distributions": "resolute-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Tue, 05 May 2026 15:08:54 -0230" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "7.0.0-15.15", "version": "7.0.0-15.15" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-15.15", "" ], "package": "linux-meta", "version": "7.0.0-15.15", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Paolo Pisati ", "date": "Wed, 22 Apr 2026 16:05:08 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssh-client", "from_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu3", "version": "1:10.2p1-2ubuntu3" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu3.2", "version": "1:10.2p1-2ubuntu3.2" }, "cves": [ { "cve": "CVE-2026-35385", "url": "https://ubuntu.com/security/CVE-2026-35385", "cve_description": "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35386", "url": "https://ubuntu.com/security/CVE-2026-35386", "cve_description": "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35387", "url": "https://ubuntu.com/security/CVE-2026-35387", "cve_description": "OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35388", "url": "https://ubuntu.com/security/CVE-2026-35388", "cve_description": "OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35414", "url": "https://ubuntu.com/security/CVE-2026-35414", "cve_description": "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.", "cve_priority": "medium", "cve_public_date": "2026-04-02 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-35385", "url": "https://ubuntu.com/security/CVE-2026-35385", "cve_description": "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35386", "url": "https://ubuntu.com/security/CVE-2026-35386", "cve_description": "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35387", "url": "https://ubuntu.com/security/CVE-2026-35387", "cve_description": "OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35388", "url": "https://ubuntu.com/security/CVE-2026-35388", "cve_description": "OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35414", "url": "https://ubuntu.com/security/CVE-2026-35414", "cve_description": "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.", "cve_priority": "medium", "cve_public_date": "2026-04-02 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: unexpected scp setuid and setgid", " - debian/patches/CVE-2026-35385.patch: clear setuid/setgid bits from", " downloaded files in scp.c.", " - CVE-2026-35385", " * SECURITY UPDATE: command execution via shell metacharacters in username", " - debian/patches/CVE-2026-35386-pre1.patch: apply validity rules on", " ProxyJump usernames and hostnames in readconf.c, readconf.h, ssh.c.", " - debian/patches/CVE-2026-35386.patch: move username check earlier in", " ssh.c.", " - debian/patches/CVE-2026-35386-2.patch: adapt to username validity", " check change in regress/percent.sh.", " - CVE-2026-35386", " * SECURITY UPDATE: use of unintended ECDSA algorithms", " - debian/patches/CVE-2026-35387_35414.patch: correctly match ECDSA", " signature algorithms against algorithm allowlists in", " auth2-hostbased.c, auth2-pubkey.c, sshconnect2.c.", " - CVE-2026-35387", " * SECURITY UPDATE: missing connection multiplexing confirmation", " - debian/patches/CVE-2026-35388.patch: add missing askpass check in", " mux.c.", " - CVE-2026-35388", " * SECURITY UPDATE: authorized_keys principals option mishandling", " - debian/patches/CVE-2026-35387_35414.patch: check for commas in", " auth2-pubkeyfile.c.", " - CVE-2026-35414", "" ], "package": "openssh", "version": "1:10.2p1-2ubuntu3.2", "urgency": "medium", "distributions": "resolute-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 27 Apr 2026 20:15:40 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssh-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu3", "version": "1:10.2p1-2ubuntu3" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu3.2", "version": "1:10.2p1-2ubuntu3.2" }, "cves": [ { "cve": "CVE-2026-35385", "url": "https://ubuntu.com/security/CVE-2026-35385", "cve_description": "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35386", "url": "https://ubuntu.com/security/CVE-2026-35386", "cve_description": "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35387", "url": "https://ubuntu.com/security/CVE-2026-35387", "cve_description": "OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35388", "url": "https://ubuntu.com/security/CVE-2026-35388", "cve_description": "OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35414", "url": "https://ubuntu.com/security/CVE-2026-35414", "cve_description": "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.", "cve_priority": "medium", "cve_public_date": "2026-04-02 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-35385", "url": "https://ubuntu.com/security/CVE-2026-35385", "cve_description": "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35386", "url": "https://ubuntu.com/security/CVE-2026-35386", "cve_description": "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35387", "url": "https://ubuntu.com/security/CVE-2026-35387", "cve_description": "OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35388", "url": "https://ubuntu.com/security/CVE-2026-35388", "cve_description": "OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35414", "url": "https://ubuntu.com/security/CVE-2026-35414", "cve_description": "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.", "cve_priority": "medium", "cve_public_date": "2026-04-02 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: unexpected scp setuid and setgid", " - debian/patches/CVE-2026-35385.patch: clear setuid/setgid bits from", " downloaded files in scp.c.", " - CVE-2026-35385", " * SECURITY UPDATE: command execution via shell metacharacters in username", " - debian/patches/CVE-2026-35386-pre1.patch: apply validity rules on", " ProxyJump usernames and hostnames in readconf.c, readconf.h, ssh.c.", " - debian/patches/CVE-2026-35386.patch: move username check earlier in", " ssh.c.", " - debian/patches/CVE-2026-35386-2.patch: adapt to username validity", " check change in regress/percent.sh.", " - CVE-2026-35386", " * SECURITY UPDATE: use of unintended ECDSA algorithms", " - debian/patches/CVE-2026-35387_35414.patch: correctly match ECDSA", " signature algorithms against algorithm allowlists in", " auth2-hostbased.c, auth2-pubkey.c, sshconnect2.c.", " - CVE-2026-35387", " * SECURITY UPDATE: missing connection multiplexing confirmation", " - debian/patches/CVE-2026-35388.patch: add missing askpass check in", " mux.c.", " - CVE-2026-35388", " * SECURITY UPDATE: authorized_keys principals option mishandling", " - debian/patches/CVE-2026-35387_35414.patch: check for commas in", " auth2-pubkeyfile.c.", " - CVE-2026-35414", "" ], "package": "openssh", "version": "1:10.2p1-2ubuntu3.2", "urgency": "medium", "distributions": "resolute-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 27 Apr 2026 20:15:40 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "openssh-sftp-server", "from_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu3", "version": "1:10.2p1-2ubuntu3" }, "to_version": { "source_package_name": "openssh", "source_package_version": "1:10.2p1-2ubuntu3.2", "version": "1:10.2p1-2ubuntu3.2" }, "cves": [ { "cve": "CVE-2026-35385", "url": "https://ubuntu.com/security/CVE-2026-35385", "cve_description": "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35386", "url": "https://ubuntu.com/security/CVE-2026-35386", "cve_description": "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35387", "url": "https://ubuntu.com/security/CVE-2026-35387", "cve_description": "OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35388", "url": "https://ubuntu.com/security/CVE-2026-35388", "cve_description": "OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35414", "url": "https://ubuntu.com/security/CVE-2026-35414", "cve_description": "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.", "cve_priority": "medium", "cve_public_date": "2026-04-02 18:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-35385", "url": "https://ubuntu.com/security/CVE-2026-35385", "cve_description": "In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35386", "url": "https://ubuntu.com/security/CVE-2026-35386", "cve_description": "In OpenSSH before 10.3, command execution can occur via shell metacharacters in a username within a command line. This requires a scenario where the username on the command line is untrusted, and also requires a non-default configurations of % in ssh_config.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35387", "url": "https://ubuntu.com/security/CVE-2026-35387", "cve_description": "OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35388", "url": "https://ubuntu.com/security/CVE-2026-35388", "cve_description": "OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions.", "cve_priority": "medium", "cve_public_date": "2026-04-02 17:16:00 UTC" }, { "cve": "CVE-2026-35414", "url": "https://ubuntu.com/security/CVE-2026-35414", "cve_description": "OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters.", "cve_priority": "medium", "cve_public_date": "2026-04-02 18:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: unexpected scp setuid and setgid", " - debian/patches/CVE-2026-35385.patch: clear setuid/setgid bits from", " downloaded files in scp.c.", " - CVE-2026-35385", " * SECURITY UPDATE: command execution via shell metacharacters in username", " - debian/patches/CVE-2026-35386-pre1.patch: apply validity rules on", " ProxyJump usernames and hostnames in readconf.c, readconf.h, ssh.c.", " - debian/patches/CVE-2026-35386.patch: move username check earlier in", " ssh.c.", " - debian/patches/CVE-2026-35386-2.patch: adapt to username validity", " check change in regress/percent.sh.", " - CVE-2026-35386", " * SECURITY UPDATE: use of unintended ECDSA algorithms", " - debian/patches/CVE-2026-35387_35414.patch: correctly match ECDSA", " signature algorithms against algorithm allowlists in", " auth2-hostbased.c, auth2-pubkey.c, sshconnect2.c.", " - CVE-2026-35387", " * SECURITY UPDATE: missing connection multiplexing confirmation", " - debian/patches/CVE-2026-35388.patch: add missing askpass check in", " mux.c.", " - CVE-2026-35388", " * SECURITY UPDATE: authorized_keys principals option mishandling", " - debian/patches/CVE-2026-35387_35414.patch: check for commas in", " auth2-pubkeyfile.c.", " - CVE-2026-35414", "" ], "package": "openssh", "version": "1:10.2p1-2ubuntu3.2", "urgency": "medium", "distributions": "resolute-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Mon, 27 Apr 2026 20:15:40 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-distupgrade", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.16", "version": "1:26.04.16" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.18", "version": "1:26.04.18" }, "cves": [], "launchpad_bugs_fixed": [ 2147517, 2147101 ], "changes": [ { "cves": [], "log": [ "", " * test: make arm64 specific data where needed", " * test: only run test_arm64_ports_rewrite on arm64", " * Run pre-build.sh: updating mirrors.", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.18", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Wed, 22 Apr 2026 13:29:32 -0400" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * DistUpgrade: do not call GLib.markup_escape_text with None (LP: #2147517)", " * Run pre-build.sh: updating mirrors.", "", " [ Utkarsh Gupta ]", " * DistUpgradeController: migrate arm64 sources from ports to archive on", " upgrade. (LP: #2147101)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.17", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147517, 2147101 ], "author": "Nick Rosbrook ", "date": "Tue, 21 Apr 2026 09:27:14 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "sed", "from_version": { "source_package_name": "sed", "source_package_version": "4.9-2build3", "version": "4.9-2build3" }, "to_version": { "source_package_name": "sed", "source_package_version": "4.9-2ubuntu1", "version": "4.9-2ubuntu1" }, "cves": [ { "cve": "CVE-2026-5958", "url": "https://ubuntu.com/security/CVE-2026-5958", "cve_description": "When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original symlink path (not the resolved one) to read the file. Between these two calls there is a race window. If an attacker atomically replaces the symlink with a different target during that window, sed will: read content from the new (attacker-chosen) symlink target and write the processed result to the path recorded in step 1. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the sed process. This issue was fixed in version 4.10.", "cve_priority": "medium", "cve_public_date": "2026-04-20 12:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-5958", "url": "https://ubuntu.com/security/CVE-2026-5958", "cve_description": "When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original symlink path (not the resolved one) to read the file. Between these two calls there is a race window. If an attacker atomically replaces the symlink with a different target during that window, sed will: read content from the new (attacker-chosen) symlink target and write the processed result to the path recorded in step 1. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the sed process. This issue was fixed in version 4.10.", "cve_priority": "medium", "cve_public_date": "2026-04-20 12:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: TOCTOU race in sed -i --follow-symlinks", " - debian/patches/CVE-2026-5958.patch: open the already-resolved path", " instead of re-traversing the symlink in sed/execute.c.", " - CVE-2026-5958", "" ], "package": "sed", "version": "4.9-2ubuntu1", "urgency": "medium", "distributions": "resolute-security", "launchpad_bugs_fixed": [], "author": "Marc Deslauriers ", "date": "Fri, 17 Apr 2026 13:58:43 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.74.1+ubuntu26.04.4", "version": "2.74.1+ubuntu26.04.4" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.75.2+ubuntu26.04.2", "version": "2.75.2+ubuntu26.04.2" }, "cves": [ { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2143882, 2142130, 2137543, 2142655, 2139664, 2139065, 2002697, 2141461, 2138268, 2138629, 2141328, 2139611, 2139300, 2139099, 2141607, 2138629, 2116949, 2068493, 2134364, 2132084, 2127189, 1851490, 2121853, 2127214, 2127244, 2127766 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release, LP: #2143882", " - Interfaces: network-setup-*| allow running python binaries from", " the base on UC26+", " - Cross-distro: modify SELinux policy to allow mounting on", " /var/snap//", " - Fix potential task deadlock by considering all tasks in a lane", " that might be waiting for a reboot when processing delayed", " security backend effects", "" ], "package": "snapd", "version": "2.75.2+ubuntu26.04.2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2143882 ], "author": "Katie May ", "date": "Mon, 30 Mar 2026 17:06:36 +0200" }, { "cves": [ { "cve": "CVE-2026-3888", "url": "https://ubuntu.com/security/CVE-2026-3888", "cve_description": "Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.", "cve_priority": "high", "cve_public_date": "2026-03-17 14:16:00 UTC" } ], "log": [ "", " - FDE: limit number of boot check log entries", " - Allow a logged in user to refresh private snaps during a refresh", " with multiple snaps", " - Use precise prune pattern for tmpfiles (CVE-2026-3888)", "" ], "package": "snapd", "version": "2.75.1+ubuntu26.04.2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Katie May ", "date": "Wed, 18 Mar 2026 09:59:01 +0100" }, { "cves": [], "log": [ "", " - FDE: run early boot check only once per boot", " - FDE: update secboot to revision 77bc2457cc76", " - FDE: add degraded state for status API", " - FDE: prevent resealing tasks from running together", " - FDE: enable using keyslot tokens to store protected keys for UC26+", " - FDE: early commit kcmdline config transaction in update-gadget-", " cmdline to mitigate possible race condition", " - FDE: ensure extra snapd kcmdline fragments are applied", " - FDE: remove old secboot activation API calls", " - LP: #2142130 update apparmor parser to 4.1.7", " - LP: #2137543 disable translations in formatted output for snapctl", " services", " - LP: #2142655 improve snap size reporting precision in snap info", " output", " - LP: #2139664 snap-confine: remove race condition triggered by hat", " profile", " - LP: #2139065 skip 70-snap.*.rules when building dracut initramfs", " - LP: #2002697 error early on removal without purge if home is in", " NFS mount", " - LP: #2141461 Intefaces: allow snap-update-ns to read", " /proc/pid/auxv", " - LP: #2138268 Interfaces: kerberos-tickets| new interface allow", " access to kerberos tickets stored in /tmp", " - Interfaces: block-devices| allow Xen block devices", " - Interfaces: u2f-devices| add Tokey 3 FIDO", " - Interfaces: devlxd| new interface allowing acccess to LXD devlxd", " socket and APIs", " - Interfaces: browser-support| allow reading pressure stall info", " information", " - Interfaces: network-setup-control| allow additional netplan files", " access", " - Interfaces: desktop| allow access kvantum, lxqt, and gtk4", " configuration files", " - Interfaces: system-observe| allow fdinfo access for GPU monitoring", " - Interfaces: ubuntu-pro-control| allow access to Ubuntu Advantage", " client configuration", " - Prompting: add API endpoint to ask whether application should have", " access", " - Prompting: add support for audio-record prompting via API endpoint", " - Prompting: store snap name instead of apparmor label in requests", " - Prompting: respond with 503 to API requests when prompting", " subsystem is shutting down", " - Prompting: generalize prompting subsystem to support requests from", " outside AppArmor", " - Confdb: unset data for missing paths in set request", " - Confdb: return 400 for API requests with missing filter", " constraints", " - Confdb: return 400 for API requests with unmatched filter", " constraints", " - Confdb: support typed constraints in confdb filtering", " - Confdb: fixed unmarshalling transaction with placeholder path in", " deltas", " - Confdb: refresh confdb-schema assertions during manual refresh", " - Remote device management (experimental): add skeleton device", " management manager", " - Remote device management (experimental): add message exchange loop", " - Components: add snap component command, include component summary", " in snap info output", " - Components: enforce validation sets when installing components", " - Configuration: add system.motd configuration option to customize", " message of the day (motd)", " - packaging: remove dependencies libbrotli1, libfreetype6, and", " libpng16-16 from snap", " - snap-bootstrap: use libblkid for disk information to speed up boot", " - snap-confine: improve data handling error", " - snap-confine: use ld cache from the app base for core26+", " - snap: add riscv ISA detection for snaps", " - squashfs: reduce memory footprint of single file extraction", " - Add experimental snap delta format", " - Enable early download of seed snaps during refresh", " - Enable parallel downloads of essential snaps during refresh", " - Disallow removing components required by validation sets", " - Make snap prepare-image fail on --validation=ignore if model has", " enforced validation-sets", " - Fix correctly handling interrupted snap downloads", " - Fix handling of store throttling for refresh-app-awareness", " monitored snaps", " - Stop removed \"endure\" services on refresh", " - Install by default from the initramfs for UC26+, removing the need", " for a reboot after installation", " - Keep minidebuginfo in snapd snap", " - Make snap-specific systemd cgroup mandatory for snaps using core26", " and later, improve messaging for failure scenarios", " - Preserve stale connections of broken snaps", " - Remove enforce-validation-sets need for network", " - Opportunistic discarding of mount namespace when updating slot", " providers", " - Support for delaying updates of snap mount namespaces when", " refreshing slot providers", " - Use application CommonID as default source for desktop ID", "" ], "package": "snapd", "version": "2.75+ubuntu26.04.2", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2142130, 2137543, 2142655, 2139664, 2139065, 2002697, 2141461, 2138268 ], "author": "Katie May ", "date": "Mon, 09 Mar 2026 17:10:13 +0100" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2138629", " - FDE: measure DeployedMode and AuditMode variables if they appear", " as disabled in the event log to avoid a potential reseal-failure", " boot loop", " - LP: #2141328 FDE: reuse preinstall check context during install to", " account for user-ignored errors", " - LP: #2139611 FDE: fix db updates by allowing multiple payloads", " - LP: #2139300 snap-confine: add CAP_SYS_RESOURCE to allow raising", " memory lock limit when required", " - LP: #2139099 snap-confine: bump the max element count of the BPF", " map used to store IDs of allowed/matched devices to 1000", " - LP: #2141607 Desktop: revert change that caused user daemons", " declaring the desktop plug to implicitly depend on graphical-", " session.target", " - Interfaces: Added pidfd_open and memfd_secret to seccomp template", " - Interfaces: camera | add locking permission for /dev/video", "" ], "package": "snapd", "version": "2.74.1", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2138629, 2141328, 2139611, 2139300, 2139099, 2141607 ], "author": "Ernest Lotter ", "date": "Thu, 12 Feb 2026 21:27:23 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2138629", " - FDE: use new activation API from secboot", " - FDE: use activation API also with non keydata keys", " - FDE: ignore internal recovery key expiration during install", " - FDE: support adding/removing PINs post-installation", " - FDE: support changing PINs post-installation", " - FDE: support adding a recovery key post-installation", " - FDE: provide activation status via new endpoint v2/system-", " info/storage-encrypted", " - FDE: support sealing and resealing using the preinstall check", " result", " - FDE: disable passphrase support during install", " - FDE: add keyboard configuration helpers", " - FDE: lazily inject keyboard layout configuration in kernel cmdline", " - FDE: enable pin tries and limits PIN entry attempts to 3", " - FDE: extend secureboot endpoint to accept DB, KEK, and PK", " - FDE: simplify /v2/system-volumes keyslots handling by allowing", " name-only entries, implicitly expanding to all system containers", " - FDE: support extra non-system key slot names to support agents", " such as Landscape to set dedicated recovery keys", " - FDE: initialize fde state after device state", " - FDE: use device node to find the storage container and keys", " - FDE: provide user visible name for disk based on ID_MODEL", " - FDE: update secboot in snapd with latest additions and fixes", " - core-initrd: add systemd service for setting plymouth keyboard", " layout and X11 keyboard layouts", " - core-initrd: set plymouth cleartext toggle option", " - core-initrd: fix plymouth missing font issue", " - core-initrd: update dependency from libteec1 to libteec2", " - core-initrd: add new dlopened libs", " - LP: #2116949 Preseeding: add support for preseeding of hybrid", " systems via the installer API$", " - Preseeding: check whether a path is a mountpoint before remounting", " - Confdb: support tagging paths as secret in storage schemas", " - Confdb: support filtering on placeholder sub-keys", " - Confdb: support filtering in API and confdbstate", " - Confdb: support field filtering on reads", " - Confdb: support \"parameters\" stanza and check filters against them", " - Confdb: add support for '--with' contraints", " - Confdb: parsing fixes and error handling improvements", " - Assertions: restrict serials to new format in confdb-control", " - Assertions: add verify signature function", " - Remote device management: modify request-message assertion to", " expose its time constraints for remote device management", " - Remote device management: support polling of store messages", " - Remote device management: add signing of response messages with", " device key", " - Prompting: enable notify protocol v5 and test prompt restoration", " after snapd restart", " - snap: change malformed '--channel=' warning to error", " - snap: add 'snap report-issue' command to get the available contact", " details for the specified snap", " - snap: add 'snap version --verbose' flag to include information on", " snap binaries origin", " - snap: create the XDG_RUNTIME_DIR folder", " - LP: #2068493 snap: add support for 'snap refresh --tracking'", " - snapctl: add '--tracking' flag to 'snapctl refresh'", " - Reexec: include the info filepath in the version compare debug log", " - Reexec: add support for forcing reexec into and older snapd snap", " by setting SNAP_REEXEC=force in the environment", " - snap-confine: correct error message related to snap-confine group", " policy validation", " - snap-confine: ensure we only mount existing directories", " - LP: #2134364 snap-confine: handle potential race when creating", " /tmp/snap-private-tmp when lacking systemd-tmpfiles support", " - snap-confine: filter plus characters from security tags", " - Desktop: use desktop file IDs as desktop IDs", " - Desktop: store the common ID in the desktop file", " - Desktop: allow graphical daemons to show icons in the dock", " - Desktop: change user daemons with desktop plug defined to depend", " on graphical-session.target", " - dm-verity for essential snaps: made change to prerequisite struct", " - Cross-distro: modify SELinux profile to allow connecting to squid", " proxy", " - Cross-distro: add support for migrating snap mount directory", " - Packaging: drop ubuntu-14.04 packaging", " - Packaging: drop ubuntu-{14.04,16.04} transitional binary packages", " - Packaging: remove desktop files and state lock file during snapd", " purge", " - Packaging: fix inhibition hint file being left behind on failed", " unlink-current-snap", " - Disallow timeouts < 1us in systemd units", " - Add snap-store to the user-daemons support overrides", " - Support for SuccessExitStatus= generation for systemd daemon", " - Make standby output more verbose", " - Add prepare-serial-request hook", " - Try to discard snap mount namespaces when no processes are running", " during snap updates", " - Improve handling of snap downloads cache by introducing periodic", " cleanup with more aggressive policy", " - Interfaces: mediatek-accel | create new interface", " - Interfaces: nvidia-video-driver-libs | create new interface", " - Interfaces: *-driver-libs | accept component paths", " - Interfaces: desktop-legacy, unity7 | remove workaround for slash", " filtering in ibus address", " - Interfaces: fwupd | allow writing reboot notification in /run", " - Interfaces: add 'install' coreutil to base AppArmor template", " - Interfaces: u2f-devices | add apparmor permissions to allow the", " use of the libfido2 library in snaps", " - Interfaces: u2f-devices | add support for Thetis security key", " - Interfaces: add AppArmor workaround for mmap MAP_HUGETLB", " - Interfaces: timeserver-control | manage per-link ntp settings via", " systemd-networkd", "" ], "package": "snapd", "version": "2.74", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2138629, 2116949, 2068493, 2134364 ], "author": "Ernest Lotter ", "date": "Tue, 20 Jan 2026 18:54:17 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2132084", " - FDE: do not save incomplete FDE state when resealing was skipped", " - FDE: warn of inconsistent primary or policy counter", " - Confdb: document confdb in snapctl help messages", " - Confdb: only confdb hooks wait if snaps are disabled", " - Confdb: relax confdb change conflict checks", " - Confdb: remove empty parent when removing last leaf", " - Confdb: support parsing field filters", " - Confdb: wrap confdb write values under \"values\" key", " - dm-verity for essential snaps: add new naming convention for", " verity files", " - dm-verity for essential snaps: add snap integrity discovery", " - dm-verity for essential snaps: fix verity salt calculation", " - Assertions: add hardware identity assertion", " - Assertions: add integrity stanza in snap resources revisions", " - Assertions: add request message assertion required for remote", " device management", " - Assertions: add response-message assertion for secure remote", " device management", " - Assertions: expose WithStackedBackstore in RODatabase", " - Packaging: cross-distro | install upstream NEWS file into relevant", " snapd package doc directory", " - Packaging: cross-distro | tweak how the blocks injecting", " $SNAP_MOUNT_DIR/bin are generated as required for openSUSE", " - Packaging: remove deprecated snap-gdb-shim and all references now", " that snap run --gdb is unsupported and replaced by --gdbserver", " - Preseed: call systemd-tmpfiles instead handle-writable-paths on", " uc26", " - Preseed: do not remove the /snap dir but rather all its contents", " during reset", " - snap-confine: attach name derived from security tag to BPF maps", " and programs", " - snap-confine: ensure permitted capabilities match expectation", " - snap-confine: fix cached snap-confine profile cleanup to report", " the correct error instead of masking backend setup failures", " - snap-confine: Improve validation of user controlled paths", " - snap-confine: tighten snap cgroup checks to ensure a snap cannot", " start another snap in the same cgroup, preventing incorrect", " device-filter installation", " - core-initrd: add 26.04 ubuntu-core-initramfs package", " - core-initrd: add missing order dependency for setting default", " system files", " - core-initrd: avoid scanning loop and mmc boot partitions as the", " boot disk won't be any of these", " - core-initrd: make cpio a Depends and remove from Build-Depends", " - core-initrd: start plymouth sooner and reload when gadget is", " available", " - Cross-distro: modify syscheck to account for differences in", " openSUSE 16.0+", " - Validation sets: use in-flight validation sets when calling", " 'snapctl install' from hook", " - Prompting: enable prompting for the camera interface", " - Prompting: remove polkit authentication when modifying/deleting", " prompting rules", " - LP: #2127189 Prompting: do not record notices for unchanged rules", " on snapd startup", " - AppArmor: add free and pidof to the template", " - AppArmor: adjust interfaces/profiles to cope with coreutils paths", " - Interfaces: add support for compatibility expressions", " - Interfaces: checkbox-support | complete overhaul", " - Interfaces: define vulkan-driver-libs, cuda-driver-libs, egl-", " driver-libs, gbm-driver-libs, opengl-driver-libs, and opengles-", " driver-libs", " - Interfaces: allow snaps on classic access to nvidia graphics", " libraries exported by *-driver-libs interfaces", " - Interfaces: fwupd | broaden access to /boot/efi/EFI", " - Interfaces: gsettings | set dconf-service as profile for", " ca.desrt.dconf.Writer", " - Interfaces: iscsi-initiator, dm-multipath, nvme-control | add new", " interfaces", " - Interfaces: opengl | grant read/write permission to /run/nvidia-", " persistenced/socket", " - interfaces: ros-snapd-support | add access to /v2/changes/", " - Interfaces: system-observe | read access to btrfs/ext4/zfs", " filesystem information", " - Interfaces: system-trace | allow /sys/kernel/tracing/** rw", " - Interfaces: usb-gadget | add support for ffs mounts in attributes", " - Add autocompletion to run command", " - Introduce option for disallowing auto-connection of a specific", " interface", " - Only log errors for user service operations performed as a part of", " snap removal", " - Patch snap names in service requests for parallel installed snaps", " - Simplify traits for eMMC special partitions", " - Strip apparmor_parser from debug symbols shrinking snapd size by", " ~3MB", " - Fix InstallPathMany skipping refresh control", " - Fix waiting for GDB helper to stop before attaching gdbserver", " - Protect the per-snap tmp directory against being reaped by age", " - Prevent disabling base snaps to ensure dependent snaps can be", " removed", " - Modify API endpoint /v2/logs to reject n <= 0 (except for special", " case -1 meaning all)", " - Avoid potential deadlock when task is injected after the change", " was aborted", " - Avoid race between store download stream and cache cleanup", " executing in parallel when invoked by snap download task", " - LP: #1851490 Use \"current\" instead of revision number for icons", " - LP: #2121853 Add snapctl version command", " - LP: #2127214 Ensure no more than one partition on disk can match a", " gadget partition", " - LP: #2127244 snap-confine: update AppArmor profile to allow", " read/write to journal as workaround for snap-confine fd", " inheritance prevented by newer AppArmor", " - LP: #2127766 Add new tracing mechanism with independently running", " strace and shim synchronization", "" ], "package": "snapd", "version": "2.73", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2132084, 2127189, 1851490, 2121853, 2127214, 2127244, 2127766 ], "author": "Ernest Lotter ", "date": "Fri, 21 Nov 2025 09:08:02 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "ubuntu-release-upgrader-core", "from_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.16", "version": "1:26.04.16" }, "to_version": { "source_package_name": "ubuntu-release-upgrader", "source_package_version": "1:26.04.18", "version": "1:26.04.18" }, "cves": [], "launchpad_bugs_fixed": [ 2147517, 2147101 ], "changes": [ { "cves": [], "log": [ "", " * test: make arm64 specific data where needed", " * test: only run test_arm64_ports_rewrite on arm64", " * Run pre-build.sh: updating mirrors.", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.18", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Wed, 22 Apr 2026 13:29:32 -0400" }, { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * DistUpgrade: do not call GLib.markup_escape_text with None (LP: #2147517)", " * Run pre-build.sh: updating mirrors.", "", " [ Utkarsh Gupta ]", " * DistUpgradeController: migrate arm64 sources from ports to archive on", " upgrade. (LP: #2147101)", "" ], "package": "ubuntu-release-upgrader", "version": "1:26.04.17", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2147517, 2147101 ], "author": "Nick Rosbrook ", "date": "Tue, 21 Apr 2026 09:27:14 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "xxd", "from_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu4", "version": "2:9.1.2141-1ubuntu4" }, "to_version": { "source_package_name": "vim", "source_package_version": "2:9.1.2141-1ubuntu4.1", "version": "2:9.1.2141-1ubuntu4.1" }, "cves": [ { "cve": "CVE-2026-35177", "url": "https://ubuntu.com/security/CVE-2026-35177", "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.", "cve_priority": "medium", "cve_public_date": "2026-04-06 18:16:00 UTC" }, { "cve": "CVE-2026-39881", "url": "https://ubuntu.com/security/CVE-2026-39881", "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.", "cve_priority": "medium", "cve_public_date": "2026-04-08 21:17:00 UTC" }, { "cve": "CVE-2026-41411", "url": "https://ubuntu.com/security/CVE-2026-41411", "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filename field contains backtick syntax (e.g., `command`), Vim executes the embedded command via the system shell with the full privileges of the running user.", "cve_priority": "medium", "cve_public_date": "2026-04-24 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2026-35177", "url": "https://ubuntu.com/security/CVE-2026-35177", "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, circumventing the previous fix for CVE-2025-53906. This vulnerability is fixed in 9.2.0280.", "cve_priority": "medium", "cve_public_date": "2026-04-06 18:16:00 UTC" }, { "cve": "CVE-2026-39881", "url": "https://ubuntu.com/security/CVE-2026-39881", "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0316, a command injection vulnerability in Vim's netbeans interface allows a malicious netbeans server to execute arbitrary Ex commands when Vim connects to it, via unsanitized strings in the defineAnnoType and specialKeys protocol messages. This vulnerability is fixed in 9.2.0316.", "cve_priority": "medium", "cve_public_date": "2026-04-08 21:17:00 UTC" }, { "cve": "CVE-2026-41411", "url": "https://ubuntu.com/security/CVE-2026-41411", "cve_description": "Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filename field contains backtick syntax (e.g., `command`), Vim executes the embedded command via the system shell with the full privileges of the running user.", "cve_priority": "medium", "cve_public_date": "2026-04-24 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Path Traversal in zip.vim", " - debian/patches/CVE-2026-35177.patch: Detect malicious zip files before", " writing in runtime/autoload/zip.vim", " - CVE-2026-35177", " * SECURITY UPDATE: Command Injection in netbeans", " - debian/patches/CVE-2026-39881.patch: Validate typename, fg, and bg", " before passing to coloncmd in src/netbeans.c", " - CVE-2026-39881", " * SECURITY UPDATE: Command injection via backtick expansion in tag files", " - debian/patches/CVE-2026-41411.patch: Disallow backticks before attempting", " to expand filenames", " - CVE-2026-41411", "" ], "package": "vim", "version": "2:9.1.2141-1ubuntu4.1", "urgency": "medium", "distributions": "resolute-security", "launchpad_bugs_fixed": [], "author": "Federico Quattrin ", "date": "Wed, 06 May 2026 13:49:47 -0300" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-image-7.0.0-15-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "7.0.0-14.14", "version": null }, "to_version": { "source_package_name": "linux-signed", "source_package_version": "7.0.0-15.15", "version": "7.0.0-15.15" }, "cves": [], "launchpad_bugs_fixed": [ 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-15.15", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "" ], "package": "linux-signed", "version": "7.0.0-15.15", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Wed, 22 Apr 2026 16:05:57 +0200" } ], "notes": "linux-image-7.0.0-15-generic version '7.0.0-15.15' (source package linux-signed version '7.0.0-15.15') was added. linux-image-7.0.0-15-generic version '7.0.0-15.15' has the same source package name, linux-signed, as removed package linux-image-7.0.0-14-generic. As such we can use the source package version of the removed package, '7.0.0-14.14', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-main-modules-zfs-7.0.0-15-generic", "from_version": { "source_package_name": "linux-main-signed", "source_package_version": "7.0.0-14.14+3", "version": null }, "to_version": { "source_package_name": "linux-main-signed", "source_package_version": "7.0.0-15.15+1", "version": "7.0.0-15.15+1" }, "cves": [], "launchpad_bugs_fixed": [ 1786013, 1786013 ], "changes": [ { "cves": [], "log": [ "", " * Main version: 7.0.0-14.14", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", "", " * Miscellaneous upstream changes", " - Cleanup d/package.config from LRM config options", " - lmm: cleanup and add copyright notice", " - lmm: Fix an issue for the in-series copy phase", " - lmm: Make off_series the default mechanism", " - lmm: Allow skipping specific DKMS for specific flavours at build time", " - lmm: move final artifacts from /ubuntu to /kernel", " - lmm: Fix DKMS build for chroot environments", " - lmm: Add synthetic dependency for LMM package, to stop early promotion", "" ], "package": "linux-main-signed", "version": "7.0.0-14.14", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Mon, 13 Apr 2026 11:36:59 +0200" }, { "cves": [], "log": [ "", " * Main version: 7.0.0-13.13", "", " * Packaging resync (LP: #1786013)", " - [Packaging] debian/tracking-bug -- resync from main package", " - [Packaging] debian/dkms-versions -- update from kernel-versions", " (main/d2026.04.07)", "" ], "package": "linux-main-signed", "version": "7.0.0-13.13", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 1786013 ], "author": "Paolo Pisati ", "date": "Wed, 08 Apr 2026 06:59:33 +0200" } ], "notes": "linux-main-modules-zfs-7.0.0-15-generic version '7.0.0-15.15+1' (source package linux-main-signed version '7.0.0-15.15+1') was added. linux-main-modules-zfs-7.0.0-15-generic version '7.0.0-15.15+1' has the same source package name, linux-main-signed, as removed package linux-main-modules-zfs-7.0.0-14-generic. As such we can use the source package version of the removed package, '7.0.0-14.14+3', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-7.0.0-15-generic", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "7.0.0-15.15", "version": "7.0.0-15.15" }, "cves": [], "launchpad_bugs_fixed": [ 2148866, 2149808, 2148718 ], "changes": [ { "cves": [], "log": [ "", " * resolute/linux: 7.0.0-15.15 -proposed tracker (LP: #2148866)", "", " * Qualcomm X1E: Speaker overdrive causes hardware protection shutdown", " (LP: #2149808)", " - SAUCE: ASoC: qcom: x1e80100: limit speaker volumes", "", " * intel-ipu7 / intel-ipu7-isys modules are shipped unsigned in latest", " Resolute kernels, breaking Secure Boot systems (LP: #2148718)", " - [packaging] add intel-ipu7 to signature inclusion list", "" ], "package": "linux", "version": "7.0.0-15.15", "urgency": "medium", "distributions": "resolute", "launchpad_bugs_fixed": [ 2148866, 2149808, 2148718 ], "author": "Paolo Pisati ", "date": "Wed, 22 Apr 2026 16:02:19 +0200" } ], "notes": "linux-modules-7.0.0-15-generic version '7.0.0-15.15' (source package linux version '7.0.0-15.15') was added. linux-modules-7.0.0-15-generic version '7.0.0-15.15' has the same source package name, linux, as removed package linux-modules-7.0.0-14-generic. As such we can use the source package version of the removed package, '7.0.0-14.14', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-image-7.0.0-14-generic", "from_version": { "source_package_name": "linux-signed", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-main-modules-zfs-7.0.0-14-generic", "from_version": { "source_package_name": "linux-main-signed", "source_package_version": "7.0.0-14.14+3", "version": "7.0.0-14.14+3" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-7.0.0-14-generic", "from_version": { "source_package_name": "linux", "source_package_version": "7.0.0-14.14", "version": "7.0.0-14.14" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 26.04 resolute image from release image serial 20260421 to 20260522", "from_series": "resolute", "to_series": "resolute", "from_serial": "20260421", "to_serial": "20260522", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }