UnknownSec Bypass
403
:
/
proc
/
self
/
root
/
snap
/
core20
/
current
/
usr
/
share
/
doc
/ [
drwxr-xr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
ChangeLog
30/07/2025, commit https://git.launchpad.net/snap-core20/tree/4a63850fbbbed40f33996c788219e15ad39ea4e9 [ Changes in the core20 snap ] Philip Meulengracht (1): tools: aggregate old changelogs [ Changes in primed packages ] cloud-init (built from cloud-init) updated from 24.4.1-0ubuntu0~20.04.2 to 24.4.1-0ubuntu0~20.04.3+esm1: cloud-init (24.4.1-0ubuntu0~20.04.3+esm1) focal-security; urgency=medium * d/cloud-init.postinst: move existing hotplug-cmd fifo to root-only share dir (CVE-2024-11584) * cherry-pick 8c3ae1bb: fix: Don't attempt to identify non-x86 OpenStack instances (LP: #2069607) (CVE-2024-6174) * cherry-pick e3f42adc: fix: strict disable in ds-identify on no datasources found (LP: #2069607) (CVE-2024-6174) * cherry-pick 8b45006c: fix: Make hotplug socket writable only by root (LP: #2114229) (CVE-2024-11584) -- Chad Smith <chad.smith@canonical.com> Wed, 25 Jun 2025 09:09:01 -0600 cloud-init (24.4.1-0ubuntu0~20.04.3) focal; urgency=medium * cherry-pick 7a0265d3: fix: ensure MAAS datasource retries on failure (#6167) (LP: #2106671) -- James Falcon <james.falcon@canonical.com> Fri, 23 May 2025 15:43:28 -0500 gpgv (built from gnupg2) updated from 2.2.19-3ubuntu2.4 to 2.2.19-3ubuntu2.5: gnupg2 (2.2.19-3ubuntu2.5) focal-security; urgency=medium * debian/patches/fix-key-validity-regression-due-to-CVE-2025- 30258.patch: - Fix a key validity regression following patches for CVE-2025-30258, causing trusted "certify-only" primary keys to be ignored when checking signature on user IDs and computing key validity. This regression makes imported keys signed by a trusted "certify-only" key have an unknown validity (LP: #2114775). -- dcpi <dcpi@u22vm> Thu, 26 Jun 2025 16:57:26 +0000 python3-urllib3 (built from python-urllib3) updated from 1.25.8-2ubuntu0.4 to 1.25.8-2ubuntu0.4+esm1: python-urllib3 (1.25.8-2ubuntu0.4+esm1) focal-security; urgency=medium * SECURITY UPDATE: Information disclosure through improperly disabled redirects. - debian/patches/CVE-2025-50181.patch: Add "retries" check and set retries to Retry.from_int(retries, redirect=False) as well as set raise_on_redirect in ./src/urllib3/poolmanager.py. - CVE-2025-50181 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 23 Jun 2025 17:58:59 -0230 libsqlite3-0:amd64 (built from sqlite3) updated from 3.31.1-4ubuntu0.7 to 3.31.1-4ubuntu0.7+esm1: sqlite3 (3.31.1-4ubuntu0.7+esm1) focal-security; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: Memory corruption via number of aggregate terms - debian/patches/CVE-2025-6965.patch: raise an error right away if the number of aggregate terms in a query exceeds the maximum number of columns in src/expr.c, src/sqliteInt.h. - CVE-2025-6965 -- Ian Constantin <ian.constantin@canonical.com> Mon, 28 Jul 2025 22:54:05 +0300 sudo (built from sudo) updated from 1.8.31-1ubuntu1.5 to 1.8.31-1ubuntu1.5+esm1: sudo (1.8.31-1ubuntu1.5+esm1) focal-security; urgency=medium * SECURITY UPDATE: Local Privilege Escalation via host option - debian/patches/CVE-2025-32462.patch: only allow specifying a host when listing privileges. - CVE-2025-32462 -- Federico Quattrin <federico.quattrin@canonical.com> Wed, 25 Jun 2025 17:10:55 -0300 16/06/2025, commit https://git.launchpad.net/snap-core20/tree/92f33cf5c91cc93d7888f389647936aa39a31752 [ Changes in the core20 snap ] No detected changes for the core20 snap [ Changes in primed packages ] apt, libapt-pkg6.0:amd64 (built from apt) updated from 2.0.10 to 2.0.11: apt (2.0.11) focal; urgency=medium * Fix buffer overflow, stack overflow, exponential complexity in apt-ftparchive Contents generation (LP: #2083697) - ftparchive: Mystrdup: Add safety check and bump buffer size - ftparchive: contents: Avoid exponential complexity and overflows - test framework: Improve valgrind support - test: Check that apt-ftparchive handles deep paths - increase valgrind cleanliness to make the tests pass: - pkgcachegen: Use placement new to construct header - acquire: Disable gcc optimization of strcmp() reading too far into struct dirent's d_name buffer. -- Julian Andres Klode <juliank@ubuntu.com> Tue, 22 Oct 2024 15:27:19 +0200 libc-bin, libc6:amd64, libc6:i386 (built from glibc) updated from 2.31-0ubuntu9.17 to 2.31-0ubuntu9.18: glibc (2.31-0ubuntu9.18) focal-security; urgency=medium * SECURITY UPDATE: privelege escalation issue - debian/patches/any/CVE-2025-4802.patch: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static - CVE-2025-4802 -- Nishit Majithia <nishit.majithia@canonical.com> Mon, 26 May 2025 13:39:37 +0530 libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.17-6ubuntu4.9 to 1.17-6ubuntu4.11: krb5 (1.17-6ubuntu4.11) focal-security; urgency=medium * SECURITY UPDATE: Use of weak cryptographic hash. - debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options. Disallow usage of des3 and rc4 unless allowed in the config. Replace warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage of deprecated enctypes in ./src/kdc/kdc_util.c. - debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c. - debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol. - CVE-2025-3576 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Thu, 15 May 2025 17:02:09 +0200 libpython3.8-minimal:amd64, libpython3.8-stdlib:amd64, python3.8, python3.8-minimal (built from python3.8) updated from 3.8.10-0ubuntu1~20.04.18 to 3.8.10-0ubuntu1~20.04.18+esm1: python3.8 (3.8.10-0ubuntu1~20.04.18+esm1) focal-security; urgency=medium * SECURITY UPDATE: Improper encoding of comma during address list folding. - debian/patches/CVE-2025-1795-1.patch: Replace ValueTerminal with ListSeparator in ./Lib/email/_header_value_parser.py. - debian/patches/CVE-2025-1795-2.patch: Add checks for terminal non-encoding in ./Lib/email/_header_value_parser.py. - CVE-2025-1795 * SECURITY UPDATE: Use after free in unicode_escape decoding. - debian/patches/CVE-2025-4516-pre1.patch: Add DecodeUnicodeEscapeStateful and replace DecodeUnicodeEscape with DecodeUnicodeEscapeInternal in ./Include/cpython/unicodeobject.h. Change IncrementalDecoder and add decode to StreamReader in ./Lib/encodings/unicode_escape.py. Change instance to DecodeUnicodeEscapeStateful in ./Modules/_codecsmodule.c. Change checks in ./Modules/clinic/_codecsmodule.c.h and instances in ./Objects/unicodeobject.c and ./Parser/pegen/parse_string.c. - debian/patches/CVE-2025-4516.patch: Add _PyBytes_DecodeEscape2 in ./Include/cpython/bytesobject.h. Add _PyUnicode_DecodeUnicodeEscapeInternal2 in ./Include/cpython/unicodeobject.h. Add extra escape checks in ./Objects/bytesobject.c and ./Objects/unicodeobject.c. - debian/libpython.symbols.in: Update symbols with new functions. - CVE-2025-4516 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 04 Jun 2025 16:26:55 -0230 python3-requests (built from requests) updated from 2.22.0-2ubuntu1.1 to 2.22.0-2ubuntu1.1+esm1: requests (2.22.0-2ubuntu1.1+esm1) focal-security; urgency=medium * SECURITY UPDATE: Information Leak - debian/patches/CVE-2024-47081.patch: Only use hostname to do netrc lookup instead of netloc - CVE-2024-47081 -- Bruce Cable <bruce.cable@canonical.com> Wed, 11 Jun 2025 13:27:30 +1000 python3-pkg-resources, python3-setuptools (built from setuptools) updated from 45.2.0-1ubuntu0.2 to 45.2.0-1ubuntu0.3: setuptools (45.2.0-1ubuntu0.3) focal-security; urgency=medium * SECURITY UPDATE: path traversal vulnerability - debian/patches/CVE-2025-47273-pre1.patch: Extract _resolve_download_filename with test. - debian/patches/CVE-2025-47273.patch: Add a check to ensure the name resolves relative to the tmpdir. - CVE-2025-47273 -- Fabian Toepfer <fabian.toepfer@canonical.com> Wed, 28 May 2025 19:14:28 +0200 libpam-systemd:amd64, libsystemd0:amd64, libudev1:amd64, systemd, systemd-sysv, systemd-timesyncd, udev (built from systemd) updated from 245.4-4ubuntu3.24 to 245.4-4ubuntu3.24+esm1: systemd (245.4-4ubuntu3.24+esm1) focal-security; urgency=medium * SECURITY UPDATE: race condition in systemd-coredump - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of _META_MANDATORY_MAX. - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core pattern. - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus assertion. - CVE-2025-4598 -- Octavio Galland <octavio.galland@canonical.com> Mon, 02 Jun 2025 17:05:57 -0300 tzdata (built from tzdata) updated from 2025b-0ubuntu0.20.04 to 2025b-0ubuntu0.20.04.1: tzdata (2025b-0ubuntu0.20.04.1) focal; urgency=medium * Update the ICU timezone data to 2025b (LP: #2107950) * Add autopkgtest test case for ICU timezone data 2025b -- Benjamin Drung <bdrung@ubuntu.com> Tue, 22 Apr 2025 12:20:10 +0200
Copyright © 2025 - UnknownSec