Current File : //snap/core18/current/usr/share/doc/ChangeLog
23/05/2025, commit https://git.launchpad.net/snap-core18/tree/74bb5585b7c696c20e4e7ca7faff13d2be218d8b
[ Changes in the core18 snap ]
Alfonso Sánchez-Beato (5):
hooks: purge packages before creating list of included packages
hook-tests: remove packages purged in previous change
tools/generate-changelog.py: fix some flake8 warnings
tools/generate-changelog.py: ESM is not in changelogs.ubuntu.com
Makefile: copy ESM sources to the chroot
Philip Meulengracht (1):
SECURITY.md: add security documentation for the core18 snap
[ Changes in primed packages ]
apparmor, libapparmor1:amd64 (built from apparmor) updated from 2.12-4ubuntu5.3 to 2.12-4ubuntu5.3+esm1:
apparmor (2.12-4ubuntu5.3+esm1) bionic; urgency=medium
[ Pedro Principeza ]
* debian/patches/parser-fix-parser-failing-to-handle-errors-when-
setting-up-work.patch: Fix parser failing to handle errors when
setting up work (LP: #1815294)
[ Steve Beattie ]
* d/p/u/parser-fix-handling-of-failed-symlink-traversal.patch: report
failure when a symlnk fails to resolve, also don't short circuit
processing a directory when a symlink fails to resolve
* d/p/u/parser-convert_error_tests_to_python_and_add_tests.patch:
update error/warning tests to their modern python form and add tests
that cover the parser failing to set an error code when passed files
that do not exist (LP: #1815294)
-- Pedro Principeza <pedro.principeza@canonical.com> Tue, 13 Jun 2023 14:19:14 +0000
libdns-export1100, libisc-export169:amd64 (built from bind9) updated from 1:9.11.3+dfsg-1ubuntu1.18 to 1:9.11.3+dfsg-1ubuntu1.19+esm4:
bind9 (1:9.11.3+dfsg-1ubuntu1.19+esm4) bionic-security; urgency=medium
* SECURITY UPDATE: BIND's database will be slow if a very large number of
- debian/patches/CVE-2024-1737-*.patch: fixes adding limits to the number
of RRs in RRSets in configure, lib/dns/rbtdb.c, lib/dns/rdataslab.c.
- CVE-2024-1737
* SECURITY UPDATE: SIG(0) can be used to exhaust CPU resources
- debian/patches/CVE-2024-1975.patch: fixes in bin/named/client.c,
bin/tests/system/tsiggss/authsock.pl,
bin/tests/system/tsiggss/clean.sh,
bin/tests/system/tsiggss/tests.sh,
bin/tests/system/upforwd/tests.sh,
lib/dns/message.c.
- CVE-2024-1975
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Mon, 29 Jul 2024 07:39:23 -0300
bind9 (1:9.11.3+dfsg-1ubuntu1.19+esm3) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via DNSSEC KeyTrap
- debian/patches/CVE-2023-50387-50868.patch: improve the validation
process to avoid excessive CPU consumption.
- CVE-2023-50387
* SECURITY UPDATE: DoS via Closest Encloser Proof
- debian/patches/CVE-2023-50387-50868.patch: improve the validation
process to avoid excessive CPU consumption.
- CVE-2023-50868
* debian/libdns1100.symbols: add symbols for the new function
dst_key_fromdns_ex().
-- Allen Huang <allen.huang@canonical.com> Tue, 02 Apr 2024 13:06:07 +0100
bind9 (1:9.11.3+dfsg-1ubuntu1.19+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via recusive packet parsing
- debian/patches/CVE-2023-3341.patch: add a max depth check to
lib/isccc/include/isccc/result.h, lib/isccc/result.c, lib/isccc/cc.c.
- CVE-2023-3341
-- Ian Constantin <ian.constantin@canonical.com> Tue, 03 Oct 2023 10:15:19 +0300
bind9 (1:9.11.3+dfsg-1ubuntu1.19+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: excessive memory consumption when processing RRsets
queries with named resolvers
- debian/patches/CVE-2023-2828.patch: improve the overmem cleaning process
to prevent the cache going over the configured limit.
- CVE-2023-2828
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Wed, 12 Jul 2023 11:36:16 -0300
bind9 (1:9.11.3+dfsg-1ubuntu1.19) bionic; urgency=medium
* d/bind9.service: restart the bind9 service on failure.
(LP: #2006054)
-- Athos Ribeiro <athos.ribeiro@canonical.com> Fri, 03 Mar 2023 12:42:18 -0300
python3-configobj (built from configobj) updated from 5.0.6-2 to 5.0.6-2ubuntu0.18.04.1~esm1:
configobj (5.0.6-2ubuntu0.18.04.1~esm1) bionic-security; urgency=medium
* SECURITY UPDATE: ReDoS
- debian/patches/CVE-2023-26112.patch: updates regex that can cause
catastrophic backtracking when a match fails in validate.py and adds a
test in tests/test_validate_errors.py.
- CVE-2023-26112
-- Ian Constantin <ian.constantin@canonical.com> Fri, 20 Sep 2024 15:03:01 +0300
libelf1:amd64 (built from elfutils) updated from 0.170-0.4ubuntu0.1 to 0.170-0.4ubuntu0.1+esm1:
elfutils (0.170-0.4ubuntu0.1+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: infinite loop via a crafted file
- debian/patches/CVE-2021-33294.patch: fix bounds checks and replace
asserts with errors in src/readelf.c.
- CVE-2021-33294
* SECURITY UPDATE: heap-based buffer overwrite and reachable assertion
- debian/patches/CVE-2020-21047.patch: fix bounds checks and replace
asserts with errors in libcpu/i386_data.h and libcpu/i386_disasm.c.
- CVE-2020-21047
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Mon, 28 Aug 2023 14:25:32 -0300
libexpat1:amd64 (built from expat) updated from 2.2.5-3ubuntu0.9 to 2.2.5-3ubuntu0.9+esm2:
expat (2.2.5-3ubuntu0.9+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: denial-of-service via XML_ResumeParser
- debian/patches/CVE-2024-50602-1.patch: Make function XML_StopParser of
lib/xmlparse.c refuse to stop/suspend an unstarted parser
- debian/patches/CVE-2024-50602-2.patch: Add XML_PARSING case to parser
state in function XML_StopParser of lib/xmlparse.c
- debian/patches/CVE-2024-50602-3.patch: Add tests for CVE-2024-50602 to
tests/runtests.c
- CVE-2024-50602
-- Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com> Sun, 01 Dec 2024 22:48:28 -0500
expat (2.2.5-3ubuntu0.9+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: invalid input length
- CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of
expat/lib/xmlparse.c to identify and error out if a negative length is
provided.
- CVE-2024-45490
* SECURITY UPDATE: integer overflow
- CVE-2024-45491.patch: adds a check to the dtdCopy function of
expat/lib/xmlparse.c to detect and prevent an integer overflow.
- CVE-2024-45491
* SECURITY UPDATE: integer overflow
- CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of
expat/lib/xmlparse.c to detect and prevent an integer overflow.
- CVE-2024-45492
-- Ian Constantin <ian.constantin@canonical.com> Tue, 10 Sep 2024 13:17:48 +0300
gdbserver (built from gdb) updated from 8.1.1-0ubuntu1 to 8.1.1-0ubuntu1+esm1:
gdb (8.1.1-0ubuntu1+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: stack buffer overflow
- debian/patches/CVE-2023-39128.patch: Avoid buffer overflow in
ada_decode
- CVE-2023-39128
* SECURITY UPDATE: use after free
- debian/patches/CVE-2023-39129-1.patch: Verify COFF symbol
stringtab offset
- debian/patches/CVE-2023-39129-2.patch: Fix gdb/coffread.c build on
32bit architectures
- debian/patches/CVE-2023-39129-3.patch: Use hex_string in
gdb/coffread.c instead of PRIxPTR
- CVE-2023-39129
* SECURITY UPDATE: heap buffer overflow
- debian/patches/CVE-2023-39130.patch: gdb: warn unused result for
bfd IO functions
- CVE-2023-39130
-- Bruce Cable <bruce.cable@canonical.com> Thu, 13 Jun 2024 13:15:46 +1000
libglib2.0-0:amd64 (built from glib2.0) updated from 2.56.4-0ubuntu0.18.04.9 to 2.56.4-0ubuntu0.18.04.9+esm4:
glib2.0 (2.56.4-0ubuntu0.18.04.9+esm4) bionic-security; urgency=medium
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2024-52533.patch: fix a single byte buffer
overflow in connect messages in gio/gsocks4aproxy.c.
- CVE-2024-52533
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Thu, 14 Nov 2024 05:50:53 -0300
glib2.0 (2.56.4-0ubuntu0.18.04.9+esm3) bionic-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: multiple GVariant security issues
- debian/patches/gvariant-security-*.patch: backported upstream fixes
for GVariant normalization issues.
- CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643,
CVE-2023-32665
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Thu, 05 Oct 2023 15:13:43 -0300
libc-bin, libc6:amd64, libc6:i386, multiarch-support (built from glibc) updated from 2.27-3ubuntu1.6 to 2.27-3ubuntu1.6+esm4:
glibc (2.27-3ubuntu1.6+esm4) bionic-security; urgency=medium
* SECURITY UPDATE: Buffer overflow in the assert function.
- debian/patches/any/CVE-2025-0395.patch: Change total to ALIGN_UP
calculation and include libc-pointer-arith.h in assert/assert.c and
sysdeps/posix/libc_fatal.c.
- CVE-2025-0395
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 30 Jan 2025 09:40:47 -0330
glibc (2.27-3ubuntu1.6+esm3) bionic-security; urgency=medium
* SECURITY UPDATE: Memory leak
- debian/patches/CVE-2024-33599.patch: CVE-2024-33599: nscd: Stack-
based buffer overflow in netgroup cache (bug 31677)
- CVE-2024-33599
* SECURITY UPDATE: Null pointer dereferences
- debian/patches/CVE-2024-33600_1.patch: CVE-2024-33600: nscd: Avoid
null pointer crashes after notfound response (bug 31678)
- debian/patches/CVE-2024-33600_2.patch: CVE-2024-33600: nscd: Do
not send missing not-found response in addgetnetgrentX (bug 31678)
- debian/patches/CVE-2024-33601_33602.patch: CVE-2024-33601, CVE-
2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug
31680)
- CVE-2024-33600
- CVE-2024-33601
- CVE-2024-33602
-- Paulo Flabiano Smorigo <pfsmorigo@canonical.com> Mon, 06 May 2024 17:36:36 -0300
glibc (2.27-3ubuntu1.6+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT
- debian/patches/any/CVE-2024-2961.patch: fix out-of-bound writes when
writing escape sequence in iconvdata/Makefile,
iconvdata/iso-2022-cn-ext.c, iconvdata/tst-iconv-iso-2022-cn-ext.c.
- CVE-2024-2961
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Thu, 25 Apr 2024 07:02:23 -0300
glibc (2.27-3ubuntu1.6+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: use-after-free through getcanonname_r plugin call
- debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at
the end (getaddrinfo).
- CVE-2023-4806
* SECURITY UPDATE: use-after-free in gaih_inet function
- debian/patches/any/CVE-2023-4813.patch: simplify allocations and fix
merge and continue actions.
- CVE-2023-4813
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Wed, 22 Nov 2023 07:54:33 -0300
libgnutls30:amd64 (built from gnutls28) updated from 3.5.18-1ubuntu1.6 to 3.5.18-1ubuntu1.6+esm1:
gnutls28 (3.5.18-1ubuntu1.6+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: observable response time discrepancy in RSA-PSK key
exchange
- debian/patches/CVE-2023-5981-pre0.patch: use the appropriate level of
randomness for each operation (nettle/pk).
- debian/patches/CVE-2023-5981-pre1.patch: always use
_gnutls_switch_lib_state (pk).
- debian/patches/CVE-2023-5981-pre2.patch: new nettle rsa decryption
function that is side-channel silent.
- debian/patches/CVE-2023-5981.patch: side-step potential side-channel
(auth/rsa_psk).
* debian/libgnutls30.symbols: add gnutls_privkey_decrypt_data2 to symbols
file.
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Wed, 13 Dec 2023 08:18:19 -0300
python3-jinja2 (built from jinja2) updated from 2.10-1ubuntu0.18.04.1 to 2.10-1ubuntu0.18.04.1+esm5:
jinja2 (2.10-1ubuntu0.18.04.1+esm5) bionic-security; urgency=medium
* SECURITY REGRESSION: Arbitrary code execution via |attr filter bypass
- debian/patches/CVE-2025-27516.patch: Replace getattr_static with an
equivalent Python 2 compatible function
- CVE-2025-27516
-- John Breton <john.breton@canonical.com> Wed, 12 Mar 2025 12:51:15 -0400
jinja2 (2.10-1ubuntu0.18.04.1+esm4) bionic-security; urgency=medium
* SECURITY UPDATE: Arbitrary code execution via |attr filter bypass
- debian/patches/CVE-2025-27516.patch: attr filter uses env.getattr
- CVE-2025-27516
-- John Breton <john.breton@canonical.com> Mon, 10 Mar 2025 12:47:06 -0400
jinja2 (2.10-1ubuntu0.18.04.1+esm3) bionic-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution issue in jinja compiler
- debian/patches/CVE-2024-56201.patch: f-string syntax handling in code
generation improved in jinja2/compiler.py.
- debian/patches/CVE-2024-56326.patch: oversight on calls to str.format
adjusted in jinja2/sandbox.py.
- CVE-2024-56201
- CVE-2024-56326
-- Evan Caville <evan.caville@canonical.com> Fri, 10 Jan 2025 13:09:32 +1000
jinja2 (2.10-1ubuntu0.18.04.1+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: Cross-Site scripting in xmlattr filter
- debian/patches/CVE-2024-34064.patch: disallow invalid characters
in keys to xmlattr filter
- CVE-2024-34064
-- Nick Galanis <nick.galanis@canonical.com> Tue, 21 May 2024 12:19:12 +0100
jinja2 (2.10-1ubuntu0.18.04.1+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: regular expression DoS
- debian/patches/CVE-2020-28493.patch: rewrite regex match for
punctuation in urlize() in jinja2/utils.py.
- CVE-2020-28493
* SECURITY UPDATE: Cross-Site scripting
- debian/patches/CVE-2024-22195.patch: disallow keys with spaces
in jinja2/filters.py, tests/test_filters.py.
- CVE-2024-22195
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Wed, 17 Jan 2024 11:04:59 -0300
libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.16-2ubuntu0.4 to 1.16-2ubuntu0.4+esm3:
krb5 (1.16-2ubuntu0.4+esm3) bionic-security; urgency=medium
* SECURITY UPDATE: Use of MD5-based message authentication over plaintext
communications could lead to forgery attacks.
- debian/patches/CVE-2024-3596.patch: Secure Response Authenticator
by adding support for the Message-Authenticator attribute in non-EAP
authentication methods.
- debian/patches/0020-Fix-t-otp.py-for-pyrad2.2.patch: Fix message
authentication test by adding a Service-Type entry to the
radius_attributes dictionary in tests/t_otp.py. Message-Authenticator
attribute support requires pyrad >= 2.2, which also requires
Service-Type attribute to be defined.
- CVE-2024-3596
* Update libk5crypto3 symbols: add k5_hmac_md5 symbol.
-- Nicolas Campuzano Jimenez <nicolas.campuzano@canonical.com> Tue, 28 Jan 2025 16:29:51 -0500
krb5 (1.16-2ubuntu0.4+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: Invalid token requests
- debian/patches/CVE-2024-37370.patch: Fix vulnerabilities in GSS
message token handling
- CVE-2024-37370
- CVE-2024-37371
-- Bruce Cable <bruce.cable@canonical.com> Mon, 15 Jul 2024 13:47:58 +1000
krb5 (1.16-2ubuntu0.4+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: freeing of uninitialized memory
- debian/patches/CVE-2023-36054.patch: ensure array count consistency in
kadm5 RPC.
- CVE-2023-36054
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Tue, 24 Oct 2023 13:51:03 -0300
less (built from less) updated from 487-0.1 to 487-0.1ubuntu0.1~esm2:
less (487-0.1ubuntu0.1~esm2) bionic-security; urgency=medium
* SECURITY UPDATE: Arbitrary command execution
- debian/patches/CVE-2024-32487.patch: Fix bug when viewing a file
whose name contains a newline.
- CVE-2024-32487
-- Fabian Toepfer <fabian.toepfer@canonical.com> Sun, 28 Apr 2024 13:42:19 +0200
less (487-0.1ubuntu0.1~esm1) bionic-security; urgency=medium
* SECURITY UPDATE: Unsafe call and Possibly arbitrary code execution
- debian/patches/CVE-2022-48624.patch: add shell-quote
the filename when invoking LESSCLOSE in filename.c.
- CVE-2022-48624
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Fri, 23 Feb 2024 13:37:55 -0300
libcap2:amd64 (built from libcap2) updated from 1:2.25-1.2 to 1:2.25-1.2ubuntu0.1~esm1:
libcap2 (1:2.25-1.2ubuntu0.1~esm1) bionic-security; urgency=medium
* SECURITY UPDATE: integer overflow in _libcap_strdup()
- debian/patches/CVE-2023-2603.patch: properly handle large strings in
libcap/cap_alloc.c.
- CVE-2023-2603
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Thu, 15 Jun 2023 12:56:19 -0300
libncurses5:amd64, libncursesw5:amd64, libtinfo5:amd64, ncurses-base, ncurses-bin (built from ncurses) updated from 6.1-1ubuntu1.18.04.1 to 6.1-1ubuntu1.18.04.1+esm2:
ncurses (6.1-1ubuntu1.18.04.1+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: Uninitialized memory
- debian/patches/CVE-2023-50495.patch: Check return value of
_nc_save_str(), in special case for tic where extended capabilities
are processed but the terminal description was not initialized.
- CVE-2023-50495
-- Paulo Flabiano Smorigo <pfsmorigo@canonical.com> Wed, 06 Mar 2024 11:37:58 -0300
ncurses (6.1-1ubuntu1.18.04.1+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: buffer overflow vulnerability
- debian/patches/CVE-2020-19189.diff: check length when converting
from old AIX box_chars_1 capability in parse_entry.c.
- CVE-2020-19189
-- Fabian Toepfer <fabian.toepfer@canonical.com> Tue, 24 Oct 2023 12:19:20 +0200
openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:7.6p1-4ubuntu0.7 to 1:7.6p1-4ubuntu0.7+esm4:
openssh (1:7.6p1-4ubuntu0.7+esm4) bionic-security; urgency=medium
* SECURITY UPDATE: MitM with VerifyHostKeyDNS option
- debian/patches/CVE-2025-26465.patch: fix error code handling in
krl.c, sshconnect2.c.
- CVE-2025-26465
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Tue, 18 Feb 2025 10:44:19 -0300
openssh (1:7.6p1-4ubuntu0.7+esm3) bionic-security; urgency=medium
* SECURITY UPDATE: Prefix truncation attack on BPP
- debian/patches/CVE-2023-48795-pre.patch: prevent sshd from sending a
SSH_MSG_EXT_INFO for REKEX in kex.c, kex.h.
- debian/patches/CVE-2023-48795.patch: implement "strict key exchange"
in PROTOCOL, kex.c, kex.h, packet.c, sshconnect2.c, sshd.c.
- CVE-2023-48795
* SECURITY UPDATE: command injection via shell metacharacters
- debian/patches/CVE-2023-51385.patch: ban user/hostnames with most
shell metacharacters in ssh.c.
- CVE-2023-51385
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Thu, 14 Dec 2023 16:23:32 -0300
openssh (1:7.6p1-4ubuntu0.7+esm2) bionic-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: information leak in algorithm negotiation (LP: #2030275)
- debian/patches/CVE-2020-14145-mitigation.patch: tweak the client
hostkey preference ordering algorithm in sshconnect2.c.
- Note: This update does not solve CVE-2020-14145, but does mitigate
the issue in the specific scenario where the user has a key that
matches the best-preference default algorithm.
-- Nishit Majithia <nishit.majithia@canonical.com> Mon, 07 Aug 2023 17:19:03 +0530
openssh (1:7.6p1-4ubuntu0.7+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: remote code execution relating to PKCS#11 providers
- debian/patches/CVE-2023-38408-1.patch: terminate process if requested
to load a PKCS#11 provider that isn't a PKCS#11 provider in
ssh-pkcs11.c.
- CVE-2023-38408
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Fri, 28 Jul 2023 12:12:31 -0300
libssl1.1:amd64, openssl (built from openssl) updated from 1.1.1-1ubuntu2.1~18.04.23 to 1.1.1-1ubuntu2.1~18.04.23+esm5:
openssl (1.1.1-1ubuntu2.1~18.04.23+esm5) bionic-security; urgency=medium
* SECURITY UPDATE: Implicit rejection for RSA PKCS#1 (LP: #2054090)
- debian/patches/rsa-dsa-add-missing-private-key.patch: make RSA
and DSA operations throw MISSING_PRIVATE_KEY if needed in
crypto/dsa/dsa_err.c, crypto/dsa/dsa_ossl.c, crypto/ec/ecdh_ossl.c,
crypto/ec/ecdsa_ossl.c, crypto/err/openssl.txt,
crypto/rsa/rsa_err.c, crypto/rsa/rsa_ossl.c,
include/openssl/dsaerr.h and include/openssl/rsaerr.h
- debian/patches/openssl-1.1.1-pkcs1-implicit-rejection.patch:
Return deterministic random output instead of an error in case
there is a padding error in crypto/cms/cms_env.c,
crypto/pkcs7/pk7_doit.c, crypto/rsa/rsa_locl.h,
crypto/rsa/rsa_ossl.c, crypto/rsa/rsa_pk1.c, crypto/rsa/rsa_pmeth.c,
doc/man1/pkeyutl.pod, doc/man1/rsautl.pod,
doc/man3/EVP_PKEY_CTX_ctrl.pod, doc/man3/EVP_PKEY_decrypt.pod,
doc/man3/RSA_padding_add_PKCS1_type_1.pod,
doc/man3/RSA_public_encrypt.pod, include/openssl/rsa.h and
test/recipes/30-test_evp_data/evppkey.txt.
-- David Fernandez Gonzalez <david.fernandezgonzalez@canonical.com> Fri, 16 Feb 2024 16:57:43 +0100
openssl (1.1.1-1ubuntu2.1~18.04.23+esm4) bionic-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: Excessive time spent in DH check / generation with
large Q parameter value
- debian/patches/CVE-2023-5678.patch: make DH_check_pub_key() and
DH_generate_key() safer yet in crypto/dh/dh_check.c,
crypto/dh/dh_err.c, crypto/dh/dh_key.c, crypto/err/openssl.txt,
include/openssl/dh.h, include/openssl/dherr.h.
- CVE-2023-5678
* SECURITY UPDATE: PKCS12 Decoding crashes
- debian/patches/CVE-2024-0727.patch: add NULL checks where ContentInfo
data can be NULL in crypto/pkcs12/p12_add.c,
crypto/pkcs12/p12_mutl.c, crypto/pkcs12/p12_npas.c,
crypto/pkcs7/pk7_mime.c.
- CVE-2024-0727
-- Ian Constantin <ian.constantin@canonical.com> Wed, 07 Feb 2024 16:19:13 +0200
openssl (1.1.1-1ubuntu2.1~18.04.23+esm3) bionic-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-3446.patch: adds check to prevent the testing of
an excessively large modulus in DH_check().
- CVE-2023-3446
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2023-3817.patch: adds check to prevent the testing of
invalid q values in DH_check().
- CVE-2023-3817
-- Ian Constantin <ian.constantin@canonical.com> Thu, 19 Oct 2023 12:31:19 +0300
openssl (1.1.1-1ubuntu2.1~18.04.23+esm2) bionic; urgency=medium
* Fix SSL errors due to "too many key updates" (LP: #2035112)
- d/p/lp2035112-dont-restrict-number-of-keyupdate.patch
-- Heitor Alves de Siqueira <halves@canonical.com> Mon, 25 Sep 2023 16:58:29 +0000
openssl (1.1.1-1ubuntu2.1~18.04.23+esm1) bionic; urgency=medium
* Include support for OPENSSL_NO_ATEXIT functionality introduced in
OpenSSL 1.1.1b which prevents OpenSSL from being cleaned up when exit() is
called. This prevents .NET applications from segfaulting
- d/p/lp1983100-0001-Implement-OPENSSL_INIT_NO_ATEXIT.patch
(LP: #1983100)
-- Tom Moyer <tom.moyer@canonical.com> Wed, 05 Jul 2023 16:10:39 +0000
libssl1.0.0:amd64 (built from openssl1.0) updated from 1.0.2n-1ubuntu5.13 to 1.0.2n-1ubuntu5.13+esm1:
openssl1.0 (1.0.2n-1ubuntu5.13+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: denial of service via large DH parameters
- debian/patches/CVE-2023-3446.patch: Fix DH_check() excessive time
with over sized modulus
- debian/patches/CVE-2023-3817.patch: DH_check(): Do not try
checking q properties if it is obviously invalid
- debian/patches/CVE-2023-5678.patch: Make DH_check_pub_key() and
DH_generate_key() safer yet
- CVE-2023-3446
- CVE-2023-3817
- CVE-2023-5678
* SECURITY UPDATE: denial of service via NULL pointer dereference
- CVE-2024-0727
- debian/patches/CVE-2024-0727.patch: Add NULL checks where
ContentInfo data can be NULL
-- Giampaolo Fresi Roglia <giampaolo.fresi.roglia@canonical.com> Thu, 21 Mar 2024 11:18:27 +0100
libpam-modules-bin, libpam-modules:amd64, libpam-runtime, libpam0g:amd64 (built from pam) updated from 1.1.8-3.6ubuntu2.18.04.6 to 1.1.8-3.6ubuntu2.18.04.6+esm1:
pam (1.1.8-3.6ubuntu2.18.04.6+esm1) bionic-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: pam_namespace local denial of service
- debian/patches-applied/CVE-2024-22365.patch: use O_DIRECTORY to
prevent local DoS situations in modules/pam_namespace/pam_namespace.c.
- CVE-2024-22365
-- Ian Constantin <ian.constantin@canonical.com> Tue, 19 Mar 2024 17:24:05 +0200
libprocps6:amd64, procps (built from procps) updated from 2:3.3.12-3ubuntu1.2 to 2:3.3.12-3ubuntu1.2+esm1:
procps (2:3.3.12-3ubuntu1.2+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2023-4016: replace the use of malloc() with calloc()
in ps/parser.c to prevent the potential for an arithmetic overflow when
allocating memory.
- CVE-2023-4016
-- Ian Constantin <ian.constantin@canonical.com> Tue, 31 Oct 2023 13:35:42 +0200
python3-cryptography (built from python-cryptography) updated from 2.1.4-1ubuntu1.4 to 2.1.4-1ubuntu1.4+esm1:
python-cryptography (2.1.4-1ubuntu1.4+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: exposure of confidential data
- debian/patches/CVE-2023-50782.patch: update bindings in
src/_cffi_src/openssl/rsa.py to be compatible with new openssl version
1.1.1-1ubuntu2.1~18.04.23+esm5, which fixes the issue by changing
PKCS#1 v1.5 RSA to return random output instead of an exception when
detecting wrong padding
- CVE-2023-50782
-- Jorge Sancho Larraz <jorge.sancho.larraz@canonical.com> Thu, 29 Feb 2024 12:40:24 +0100
python3-idna (built from python-idna) updated from 2.6-1 to 2.6-1ubuntu0.1~esm1:
python-idna (2.6-1ubuntu0.1~esm1) bionic-security; urgency=medium
* SECURITY UPDATE: resource exhaustion
- debian/patches/CVE-2024-3651.patch: checks input before processing
- CVE-2024-3651
-- Jorge Sancho Larraz <jorge.sancho.larraz@canonical.com> Fri, 10 May 2024 11:37:39 +0200
python3-pkg-resources (built from python-setuptools) updated from 39.0.1-2ubuntu0.1 to 39.0.1-2ubuntu0.1+esm1:
python-setuptools (39.0.1-2ubuntu0.1+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: remote code execution via package download functions
- debian/patches/CVE-2024-6345.patch: modernize and fix VCS handling
to prevent code injection in setuptools/package_index.py and
setuptools/tests/test_packageindex.py.
- CVE-2024-6345
-- Vyom Yadav <vyom.yadav@canonical.com> Tue, 10 Sep 2024 19:49:28 +0530
python3-urllib3 (built from python-urllib3) updated from 1.22-1ubuntu0.18.04.2 to 1.22-1ubuntu0.18.04.2+esm2:
python-urllib3 (1.22-1ubuntu0.18.04.2+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: The Proxy-Authorization header is not correctly stripped
when redirecting to a different host.
- debian/patches/CVE-2024-37891.patch: Add "Proxy-Authorization" to
DEFAULT_REDIRECT_HEADERS_BLACKLIST in urllib3/util/retry.py. Add header
to tests.
- CVE-2024-37891
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 17 Oct 2024 14:01:34 -0230
python-urllib3 (1.22-1ubuntu0.18.04.2+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: http authorization header leakage via http redirect
- debian/patches/CVE-2018-25091.patch: removes the authorization
header from the http request when the client is redirected to a
different origin.
- CVE-2018-25091
* SECURITY UPDATE: http cookie leakage via http redirect
- debian/patches/CVE-2023-43804.patch: removes the cookie from the
http request when the client is redirected to a different origin.
- CVE-2023-43804
* SECURITY UPDATE: http body leakage via http redirect
- debian/patches/CVE-2023-45803.patch: removes the body from the
http request when the client is is redirected to a different origin
and the http verb is changed to GET.
- CVE-2023-45803
-- Jorge Sancho Larraz <jorge.sancho.larraz@canonical.com> Wed, 25 Oct 2023 12:57:52 +0200
libpython3.6-minimal:amd64, libpython3.6-stdlib:amd64, python3.6, python3.6-minimal (built from python3.6) updated from 3.6.9-1~18.04ubuntu1.12 to 3.6.9-1~18.04ubuntu1.13+esm4:
python3.6 (3.6.9-1~18.04ubuntu1.13+esm4) bionic-security; urgency=medium
* SECURITY UPDATE: IPv6 and IPvFuture hosts parsing correction
- debian/patches/CVE-2025-0938.patch: gh-105704: Disallow square
brackets (`[` and `]`) in domain names for parsed URLs (GH-129418)
- CVE-2025-0938
-- John Breton <john.breton@canonical.com> Wed, 14 May 2025 21:34:07 +0200
python3.6 (3.6.9-1~18.04ubuntu1.13+esm3) bionic-security; urgency=medium
* SECURITY UPDATE: Incorrect IPv6 and IPvFuture validation
- debian/patches/CVE-2024-11168.patch: 00444: Security fix for CVE-
2024-11168 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- CVE-2024-11168
* SECURITY UPDATE: Command injection
- debian/patches/CVE-2024-9287.patch: 00443: gh-124651: Quote
template strings in `venv` activation scripts
- CVE-2024-9287
* SECURITY UPDATE: ReDoS via tar archives
- debian/patches/CVE-2024-6232.patch: [CVE-2024-6232] Remove
backtracking when parsing tarfile headers
- CVE-2024-6232
-- John Breton <john.breton@canonical.com> Thu, 01 May 2025 14:38:51 -0400
python3.6 (3.6.9-1~18.04ubuntu1.13+esm2) bionic-security; urgency=medium
* SECURITY UPDATE: User-after-free
- debian/patches/CVE-2022-48560.patch: Fix posible crash in heapq with
custom comparison operators in Modules/_heapqmodule.c,
Lib/test/test_heapq.py.
- CVE-2022-48560
* SECURITY UPDATE: xml external entity processing
- debian/patches/CVE-2022-48565.patch: rejects XML entity declarations
in plist files.
- CVE-2022-48565
* SECURITY UPDATE: breaking of constant-time guarantee for crypto ops
- debian/patches/CVE-2022-48566.patch: adds ``volatile`` to the
accumulator variable result in ``hmac.compare_digest``, making
constant-time-defeating optimizations less likely.
- CVE-2022-48566
* SECURITY UPDATE: Zip-Bombs with overlap entries
- debian/patches/CVE-2024-0450.patch: Protect zipfile from
"quoted-overlap" zipbomb. Raise BadZipFile when try to read an
entry that overlaps with other entry or central directory.
- CVE-2024-0450
-- Allen Huang <allen.huang@canonical.com> Thu, 11 Apr 2024 10:35:16 +0100
python3.6 (3.6.9-1~18.04ubuntu1.13+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2022-48564.patch: Prevent some possible DoS attacks
via providing invalid Plist files in plistlib.py.
- CVE-2022-48564
* SECURITY UPDATE: TLS handshake bypass
- debian/patches/CVE-2023-40217.patch: avoid ssl pre-close flaw in ssl.py.
- CVE-2023-40217
-- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 22 Nov 2023 11:38:54 +0100
python3.6 (3.6.9-1~18.04ubuntu1.13) bionic-security; urgency=medium
* SECURITY UPDATE: Possible Bypass Blocklisting
- debian/patches/CVE-2023-24329-2.patch: adds a complementary patch/fix
for CVE-2023-24329 that was partially fixed before. This patch starts
stripping C0 control and space chars in 'urlsplit' in Lib/urllib/parse.py,
Lib/test/test_urlparse.py.
- CVE-2023-24329
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Wed, 24 May 2023 12:28:26 -0300
python3-requests (built from requests) updated from 2.18.4-2ubuntu0.1 to 2.18.4-2ubuntu0.1+esm1:
requests (2.18.4-2ubuntu0.1+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: Unintended leak of Proxy-Authorization header
- debian/patches/CVE-2023-32681.patch: don't attach header to redirects
with an HTTPS destination in requests/sessions.py,
tests/test_requests.py.
- CVE-2023-32681
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Mon, 12 Jun 2023 10:08:05 -0300
login, passwd (built from shadow) updated from 1:4.5-1ubuntu2.5 to 1:4.5-1ubuntu2.5+esm1:
shadow (1:4.5-1ubuntu2.5+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: unsanitized buffer leading to a password leak during
gpasswd new password operation
- debian/patches/CVE-2023-4641.patch: fix password leak in gpasswd.
- CVE-2023-4641
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Tue, 06 Feb 2024 09:31:54 -0300
libsqlite3-0:amd64 (built from sqlite3) updated from 3.22.0-1ubuntu0.7 to 3.22.0-1ubuntu0.7+esm1:
sqlite3 (3.22.0-1ubuntu0.7+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: heap overflow in sessionReadRecord
- debian/patches/CVE-2023-7104.patch: fix a buffer overread in the
sessions extension that could occur when processing a corrupt
changeset in ext/session/sqlite3session.c.
- CVE-2023-7104
-- Octavio Galland <octavio.galland@canonical.com> Mon, 24 Jun 2024 16:19:52 -0300
libpam-systemd:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-sysv, udev (built from systemd) updated from 237-3ubuntu10.57 to 237-3ubuntu10.57+esm2:
systemd (237-3ubuntu10.57+esm2) bionic; urgency=medium
* Fix systemd mount units failing during boot (LP: #1837227)
- d/p/lp1837227/0001-core-properly-reset-all-ExecStatus-structures-when-e.patch
- d/p/lp1837227/0002-mount-flush-out-cycle-state-on-DEAD-MOUNTED-only-not.patch
- d/p/lp1837227/0003-mount-rescan-proc-self-mountinfo-before-processing-w.patch
- d/p/lp1837227/0004-mount-mark-an-existing-mounting-unit-from-proc-self-.patch
- d/p/lp1837227/0005-core-mount-adjust-deserialized-state-based-on-proc-s.patch
* Fix FTBFS for test-fs-util symlink failures (LP: #2077176)
- d/p/lp2077176/0001-fs-util-introduce-fchmod_opath.patch
- d/p/lp2077176/0002-fs-util-introduce-fchmod_and_chown.patch
- d/p/lp2077176/0003-fs-util-beef-up-chmod_and_chown-a-bit.patch
- d/p/lp2077176/0004-fs-util-change-chmod_and_chown-to-not-complain-if-st.patch
- d/p/lp2077176/0005-fs-util-rewrite-chmod_and_chown.patch
- d/p/lp2077176/0006-fs-util-no-need-for-fchmod_and_chown-to-access-proc-.patch
- d/p/lp2077176/0007-tree-wide-port-various-places-over-to-use-chmod_and_.patch
- d/p/lp2077176/0008-test-fs-util-don-t-validate-mode-of-symlinks.patch
-- Heitor Alves de Siqueira <halves@canonical.com> Fri, 16 Aug 2024 14:54:17 +0000
systemd (237-3ubuntu10.57+esm1) bionic; urgency=medium
* d/p/lp2024864-add-missing-null-check.patch:
- Add NULL check on link_drop_foreign_request (LP: #2024864)
-- Tiago Pasqualini <tiago.pasqualini@canonical.com> Fri, 23 Jun 2023 16:51:01 -0300
tar (built from tar) updated from 1.29b-2ubuntu0.4 to 1.29b-2ubuntu0.4+esm1:
tar (1.29b-2ubuntu0.4+esm1) bionic-security; urgency=medium
* SECURITY UPDATE: stack overflow via crafted xattr (LP: #2029464)
- debian/patches/CVE-2023-39804.patch: allocate xattr keys and values
on the heap rather than the stack in src/xheader.c
- CVE-2023-39804
-- Alex Murray <alex.murray@canonical.com> Tue, 05 Dec 2023 15:48:12 +1030
tzdata (built from tzdata) updated from 2023c-0ubuntu0.18.04 to 2025b-0ubuntu0.18.04+esm1:
tzdata (2025b-0ubuntu0.18.04+esm1) bionic-security; urgency=medium
* New upstream release (LP: #2104284):
- New America/Coyhaique zone for Aysén Region in Chile, which moves
from -04/-03 to -03. It will not change its clocks on 2025-04-05.
- Improve historical data for Iran
* Add America/Coyhaique to tzdata.install and debconf templates
* Update English, French and Spanish debconf translations for Coyhaique
* Add autopkgtest test case for 2025b release
-- Benjamin Drung <bdrung@ubuntu.com> Wed, 02 Apr 2025 14:18:23 +0200
tzdata (2025a-0ubuntu0.18.04+esm1) bionic-security; urgency=medium
* New upstream release 2024b (LP: #2079966):
- Improve historical data for Mexico, Mongolia, and Portugal.
- System V names are now obsolescent (reverted, see below).
- The main data form now uses %z.
- Asia/Choibalsan is now an alias for Asia/Ulaanbaatar
* New upstream release 2025a (LP: #2095233):
- Paraguay adopts permanent -03 starting spring 2024
- No leap second on 2025-06-30
* Add autopkgtest test case for 2024b release
* Move UNIX System V zones back from backzone to backwards file
to keep them unchanged for the stable release updates.
* Build the timezone data from rearguard.zi
* Test debconf configuration with autopkgtest
* Make remaining legacy timezones selectable in debconf (LP: #2070285)
* Add autopkgtest test case for 2025a release
* Override lintian's unused-debconf-template
* debian/rules: remove unused VERSION variable
-- Benjamin Drung <bdrung@ubuntu.com> Wed, 05 Mar 2025 23:17:37 +0100
tzdata (2024a-0ubuntu0.18.04.1+esm1) bionic-security; urgency=medium
* Do not replace CET, CST6CDT, EET, EST*, HST, MET, MST*, PST8PDT, WET.
The replacements differed in using daylight saving. (LP: #2055718)
* Allow ziguard.awk to generate timezone symlinks that point to symlinks
to fix (at least) the timezone symlinks Africa/Asmera,
Antarctica/South_Pole, Iceland, Pacific/Ponape, and Pacific/Truk.
* Correct timezone updates on tzdata configuration:
- Fix updating US/Indiana-Starke to America/Indiana/Knox
- Update Mideast/Riyadh8[789] to Asia/Riyadh
- Update America/Fort_Wayne and America/Indianapolis
to America/Indiana/Indianapolis
- Update America/Knox_IN to America/Indiana/Knox
- Update America/Louisville to America/Kentucky/Louisville
* Test convert_timezone for consistency
-- Benjamin Drung <bdrung@ubuntu.com> Fri, 26 Jul 2024 13:36:06 +0200
tzdata (2024a-0ubuntu0.18.04+esm1) bionic-security; urgency=medium
* New upstream version (LP: #2052739):
- Kazakhstan unifies on UTC+5 beginning 2024-03-01.
- Palestine springs forward a week later after Ramadan.
- zic no longer pretends to support indefinite-past DST.
- localtime no longer mishandles Ciudad Juárez in 2422.
* Add autopkgtest test case for 2024a release
-- Benjamin Drung <bdrung@ubuntu.com> Wed, 21 Feb 2024 14:57:40 +0100
tzdata (2023d-0ubuntu0.18.04+esm1) bionic-security; urgency=medium
* New upstream version (LP: #2047314):
- Ittoqqortoormiit, Greenland changes time zones on 2024-03-31.
- Vostok, Antarctica changed time zones on 2023-12-18.
- Casey, Antarctica changed time zones five times since 2020.
- Code and data fixes for Palestine timestamps starting in 2072.
- A new data file zonenow.tab for timestamps starting now.
* Install zonenow.tab in tzdata
* Add autopkgtest test case for 2023d release
* Refresh make-systemv.patch
-- Benjamin Drung <bdrung@ubuntu.com> Tue, 02 Jan 2024 21:38:35 +0100
vim-common, vim-tiny, xxd (built from vim) updated from 2:8.0.1453-1ubuntu1.13 to 2:8.0.1453-1ubuntu1.13+esm12:
vim (2:8.0.1453-1ubuntu1.13+esm12) bionic-security; urgency=medium
* SECURITY UPDATE: Use after free when redirecting display command to
register.
- debian/patches/CVE-2025-26603.patch: Change redir_reg check to use
vim_strchr command check in ./src/ops.c.
- CVE-2025-26603
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 02 Apr 2025 15:33:34 -0230
vim (2:8.0.1453-1ubuntu1.13+esm11) bionic-security; urgency=medium
* SECURITY UPDATE: Use after free when closing a buffer.
- debian/patches/CVE-2024-47814.patch: Add buf_locked() in src/buffer.c.
Abort autocommands editing a file when buf_locked() in src/ex_cmds.c.
Add buf_locked() in src/proto/buffer.pro.
- CVE-2024-47814
* debian/patches/skip_spell_tests.patch: Skip failing tests.
-- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 20 Nov 2024 13:04:22 -0330
vim (2:8.0.1453-1ubuntu1.13+esm10) bionic-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2024-43802.patch: check buflen before advancing
offset.
- CVE-2024-43802
-- Vyom Yadav <vyom.yadav@canonical.com> Wed, 25 Sep 2024 10:37:23 +0530
vim (2:8.0.1453-1ubuntu1.13+esm9) bionic-security; urgency=medium
* SECURITY UPDATE: use after free
- debian/patches/CVE-2024-41957.patch: set tagname to NULL
after being freed
- CVE-2024-41957
* SECURITY UPDATE: use after free
- debian/patches/CVE-2024-43374.patch: add lock to keep
reference valid
- CVE-2024-43374
-- Bruce Cable <bruce.cable@canonical.com> Tue, 27 Aug 2024 15:40:33 +1000
vim (2:8.0.1453-1ubuntu1.13+esm8) bionic-security; urgency=medium
* SECURITY UPDATE: stack based buffer overflow
- debian/patches/CVE-2024-22667.patch: passes error buffer length down
through option callback functions.
- CVE-2024-22667
-- Ian Constantin <ian.constantin@canonical.com> Thu, 14 Mar 2024 14:18:43 +0200
vim (2:8.0.1453-1ubuntu1.13+esm7) bionic-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2022-1725.patch: Check for regexp program becoming NULL
in more places.
- CVE-2022-1725
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2022-1771.patch: Limit recursion of getcmdline().
- CVE-2022-1771
* SECURITY UPDATE: out of bounds write vulnerability
- debian/patches/CVE-2022-1897.patch: Disallow undo when in a substitute
command.
- CVE-2022-1897
* SECURITY UPDATE: out-of-bounds write
- debian/patches/CVE-2022-2000.patch: addresses the potential for an
overflow by adding a bounds check and truncating the message if needed.
- CVE-2022-2000
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-46246.patch: Check that the return value from the
vim_str2nr() function is not larger than INT_MAX and if yes, bail out with
an error.
- CVE-2023-46246
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-48231.patch: If the current window structure is
no longer valid, fail and return before attempting to set win->w_closing
variable.
- CVE-2023-48231
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48233.patch: If the count after the :s command is
larger than what fits into a (signed) long variable, abort with
e_value_too_large.
- CVE-2023-48233
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48234.patch: When getting the count for a normal z
command, it may overflow for large counts given. So verify, that we can
safely store the result in a long.
- CVE-2023-48234
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48235.patch: When parsing relative ex addresses
one may unintentionally cause an overflow (because LONG_MAX - lnum will
overflow for negative addresses).
- CVE-2023-48235
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48236.patch: When using the z= command, we may
overflow the count with values larger than MAX_INT. So verify that we do
not overflow and in case when an overflow is detected, simply return 0.
- CVE-2023-48236
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-48237.patch: When shifting lines in operator
pending mode and using a very large value, we may overflow the size of
integer. Fix this by using a long variable, testing if the result would
be larger than INT_MAX and if so, indent by INT_MAX value.
- CVE-2023-48237
-- Fabian Toepfer <fabian.toepfer@canonical.com> Tue, 05 Dec 2023 18:30:44 +0100
vim (2:8.0.1453-1ubuntu1.13+esm6) bionic-security; urgency=medium
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4733.patch: Verify oldwin pointer after
reset_VIsual() in do_ecmd.
- CVE-2023-4733
* SECURITY UPDATE: out of bounds write vulnerability
- debian/patches/CVE-2023-4735.patch: Add check for buffer size to avoid
overflow in do_addsub.
- CVE-2023-4735
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/CVE-2023-4750.patch: Check buffer is valid before
accessing it.
- CVE-2023-4750
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-4751.patch: Stop Visual mode when using :ball
to avoid illegal memory access.
- CVE-2023-4751
* SECURITY UPDATE: heap based buffer overflow vulnerability
- debian/patches/CVE-2023-5344.patch: Add NULL at end of buffer in
trunc_string.
- CVE-2023-5344
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-5441.patch: skip gui_scroll when exmode_active
in gui_do_scroll.
- CVE-2023-5441
-- Fabian Toepfer <fabian.toepfer@canonical.com> Mon, 16 Oct 2023 20:16:18 +0200
vim (2:8.0.1453-1ubuntu1.13+esm5) bionic-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3234.patch: Check for replacing NUL after Tab.
- CVE-2022-3234
* SECURITY UPDATE: use after free memory issue
- debian/patches/CVE-2022-3256.patch: Copy the mark before editing
another buffer
- debian/patches/CVE-2022-3352.patch: Disallow deleting the current
buffer to avoid using freed memory
- debian/patches/CVE-2022-3591.patch: Disallow navigating to a dummy
buffer
- debian/patches/CVE-2022-4292.patch: Bail out if the window no longer
exists.
- CVE-2022-3256
- CVE-2022-3352
- CVE-2022-3591
- CVE-2022-4292
* SECURITY UPDATE: stack-based buffer overflow
- debian/patches/CVE-2022-3324.patch: Make sure the window width does
not become negative
- CVE-2022-3324
* debian/patches/fix_flaky_tests.patch: fix some flaky tests
-- Nishit Majithia <nishit.majithia@canonical.com> Fri, 06 Oct 2023 14:00:55 +0530
vim (2:8.0.1453-1ubuntu1.13+esm4) bionic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write issue
- debian/patches/CVE-2022-2598.patch: Make sure the line number does
not go below one.
- CVE-2022-2598
* SECURITY UPDATE: use after free memory issue
- debian/patches/CVE-2022-3099.patch: Do not check breakpoint for
non-existing line
- CVE-2022-3099
-- Nishit Majithia <nishit.majithia@canonical.com> Fri, 18 Aug 2023 09:37:41 +0530
apt: not primed anymore
debconf: not primed anymore
libapt-pkg5.0:amd64: not primed anymore
Mini Shell