UnknownSec Bypass
403
:
/
var
/
www
/
jpsagrisolution
/
cpanel
/
product_images
/
sym
/
root
/
snap
/
core20
/
current
/
usr
/
share
/
doc
/ [
drwxr-xr-x
]
Menu
Upload
Mass depes
Mass delete
Terminal
Info server
About
name :
ChangeLog
07/04/2025, commit https://git.launchpad.net/snap-core20/tree/92f33cf5c91cc93d7888f389647936aa39a31752 [ Changes in the core20 snap ] Alfonso Sánchez-Beato (2): static/run-snapd-from-snap: adapt to new mount place for snapd snap static/run-snapd-from-snap: some shell script improvements Philip Meulengracht (2): SECURITY.md: add our security documentation for the core20 snap SECURITY.md: change github link to core20 from core-base [ Changes in primed packages ] cloud-init (built from cloud-init) updated from 24.4-0ubuntu1~20.04.1 to 24.4.1-0ubuntu0~20.04.2: cloud-init (24.4.1-0ubuntu0~20.04.2) focal; urgency=medium * cherry-pick fixes for MAAS traceback (LP: #2100963) - cherry-pick c60771d8: test: pytestify test_url_helper.py - cherry-pick 8810a2dc: test: Remove CiTestCase from test_url_helper.py - cherry-pick 582f16c1: test: add OauthUrlHelper tests - cherry-pick 9311e066: fix: Update OauthUrlHelper to use readurl exception_cb -- James Falcon <james.falcon@canonical.com> Thu, 13 Mar 2025 11:28:57 -0500 cloud-init (24.4.1-0ubuntu0~20.04.1) focal; urgency=medium * Add d/p/cpick-84806336-chore-Add-feature-flag-for-manual-network-waiting - Pull in the upstream commit that makes it easier to patch out the new systemd-networkd-wait-online behavior in e30549e8 * Add d/p/cpick-b817a679-fix-retry-AWS-hotplug-for-async-IMDS.patch - Pull in the upstream commit works around a limitation in AWS's IMDS (GH-5971) (LP: #2097319) * Add d/p/no-remove-networkd-online.patch - Revert breaking change on stable release (LP: #2094149) * Update d/p/no-single-process.patch - This patch missed waiting for mounts (LP: #2097441) * refresh patches: - d/p/cli-retain-file-argument-as-main-cmd-arg.patch - d/p/revert-551f560d-cloud-config-after-snap-seeding.patch - d/p/drop-unsupported-systemd-condition-environment.patch * Upstream snapshot based on 24.4.1. List of changes from upstream can be found at https://raw.githubusercontent.com/canonical/cloud-init/24.4.1/ChangeLog (LP: #2094179, #2094208, #2094857, #2094858) -- Brett Holman <brett.holman@canonical.com> Tue, 04 Feb 2025 17:28:31 -0700 gpgv (built from gnupg2) updated from 2.2.19-3ubuntu2.2 to 2.2.19-3ubuntu2.4: gnupg2 (2.2.19-3ubuntu2.4) focal-security; urgency=medium * SECURITY UPDATE: verification DoS via crafted subkey data - debian/patches/CVE-2025-30258-1.patch: lookup key for merging/ inserting only by primary key in g10/getkey.c, g10/import.c, g10/keydb.h. - debian/patches/CVE-2025-30258-2.patch: remove a signature check function wrapper in g10/mainproc.c, g10/packet.h, g10/sig-check.c. - debian/patches/CVE-2025-30258-3.patch: fix a verification DoS due to a malicious subkey in the keyring in g10/getkey.c, g10/keydb.h, g10/mainproc.c, g10/packet.h, g10/sig-check.c, g10/pkclist.c. - debian/patches/CVE-2025-30258-4.patch: fix regression for the recent malicious subkey DoS fix in g10/getkey.c, g10/packet.h. - debian/patches/CVE-2025-30258-5.patch: fix double free of internal data in g10/sig-check.c. - CVE-2025-30258 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Sat, 29 Mar 2025 12:35:54 -0400 gnutls-bin, libgnutls30:amd64 (built from gnutls28) updated from 3.6.13-2ubuntu1.11 to 3.6.13-2ubuntu1.12: gnutls28 (3.6.13-2ubuntu1.12) focal-security; urgency=medium * SECURITY UPDATE: resource consumption issue when decoding DER-encoded certificate data - debian/patches/CVE-2024-12243-pre1.patch: add _gnutls_reallocarray and _gnutls_reallocarray_fast in lib/mem.*. - debian/patches/CVE-2024-12243-pre2.patch: add INT_ADD_OK etc in gl/intprops.h. - debian/patches/CVE-2024-12243.patch: optimize name constraints processing in lib/datum.c, lib/x509/name_constraints.c, lib/x509/x509_ext.c, lib/x509/x509_ext_int.h, lib/x509/x509_int.h. - CVE-2024-12243 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 12 Feb 2025 12:32:03 -0500 python3-jinja2 (built from jinja2) updated from 2.10.1-2ubuntu0.4 to 2.10.1-2ubuntu0.6: jinja2 (2.10.1-2ubuntu0.6) focal-security; urgency=medium * SECURITY REGRESSION: Arbitrary code execution via |attr filter bypass - debian/patches/CVE-2025-27516.patch: Replace getattr_static with an equivalent Python 2 compatible function - CVE-2025-27516 -- John Breton <john.breton@canonical.com> Wed, 12 Mar 2025 12:53:04 -0400 jinja2 (2.10.1-2ubuntu0.5) focal-security; urgency=medium * SECURITY UPDATE: Arbitrary code execution via |attr filter bypass - debian/patches/CVE-2025-27516.patch: attr filter uses env.getattr - CVE-2025-27516 -- John Breton <john.breton@canonical.com> Mon, 10 Mar 2025 12:58:01 -0400 libgssapi-krb5-2:amd64, libk5crypto3:amd64, libkrb5-3:amd64, libkrb5support0:amd64 (built from krb5) updated from 1.17-6ubuntu4.8 to 1.17-6ubuntu4.9: krb5 (1.17-6ubuntu4.9) focal-security; urgency=medium * SECURITY UPDATE: denial of service via two memory leaks - debian/patches/CVE-2024-26458.patch: fix two unlikely memory leaks in src/lib/gssapi/krb5/k5sealv3.c, src/lib/rpc/pmap_rmt.c. - CVE-2024-26458 - CVE-2024-26461 * SECURITY UPDATE: kadmind DoS via iprop log file - debian/patches/CVE-2025-24528.patch: prevent overflow when calculating ulog block size in src/lib/kdb/kdb_log.c. - CVE-2025-24528 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 25 Feb 2025 12:27:13 -0500 libcap2-bin, libcap2:amd64 (built from libcap2) updated from 1:2.32-1ubuntu0.1 to 1:2.32-1ubuntu0.2: libcap2 (1:2.32-1ubuntu0.2) focal-security; urgency=medium * SECURITY UPDATE: incorrect group name handling - debian/patches/CVE-2025-1390-1.patch: fix potential configuration parsing error in pam_cap/pam_cap.c. - debian/patches/CVE-2025-1390-2.patch: add a test for bad group prefix in pam_cap/sudotest.conf. - CVE-2025-1390 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 20 Feb 2025 11:01:08 -0500 libtasn1-6:amd64 (built from libtasn1-6) updated from 4.16.0-2 to 4.16.0-2ubuntu0.1: libtasn1-6 (4.16.0-2ubuntu0.1) focal-security; urgency=medium * SECURITY UPDATE: Denial of service through inefficient algorithm. - CVE-2024-12133-x.patch: Add caching and optimize algorithms in lib/decoding.c, lib/element.c, lib/element.h, lib/int.h, lib/parser_aux.c, and lib/structure.c. - CVE-2024-12133 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 12 Feb 2025 09:20:57 -0330 opensc, opensc-pkcs11:amd64 (built from opensc) updated from 0.20.0-3ubuntu0.1~esm1 to 0.20.0-3ubuntu0.1~esm3: opensc (0.20.0-3ubuntu0.1~esm3) focal-security; urgency=medium * SECURITY REGRESSION: EVP_VerifyFinal error after last update. - debian/patches/series: Revert patches from last update pending futher investigation -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Fri, 28 Mar 2025 10:48:33 -0230 opensc (0.20.0-3ubuntu0.1~esm2) focal-security; urgency=medium * SECURITY UPDATE: Stack buffer overflow - debian/patches/CVE-2021-42782-1.patch: cardos: Correctly calculate the left bytes to avoid buffer overrun - debian/patches/CVE-2021-42782-2.patch: PIV Improved parsing of data from the card - debian/patches/CVE-2021-42782-3.patch: coolkey: Initialize potentially uninitialized memory - debian/patches/CVE-2021-42782-4.patch: tcos: prevent out of bounds read - debian/patches/CVE-2021-42782-5.patch: iasecc: Prevent stack buffer overflow when empty ACL is returned - CVE-2021-42782 * SECURITY UPDATE: Use after return - debian/patches/CVE-2021-42780.patch: tcos: Check bounds in insert_pin() - CVE-2021-42780 * SECURITY UPDATE: PIN Bypass - debian/patches/CVE-2023-40660-1.patch: Fixed PIN authentication bypass - debian/patches/CVE-2023-40660-2.patch: pkcs15init: Check login status before asking for a pin overflow during keygen - CVE-2023-40660 * SECURITY UPDATE: Compromised card operations - debian/patches/CVE-2023-40661-1.patch: pkcs15: Avoid buffer overflow when getting last update - debian/patches/CVE-2023-40661-2.patch: setcos: Avoid buffer underflow - debian/patches/CVE-2023-40661-3.patch: setcos: Avoid writing behind the path buffer end - debian/patches/CVE-2023-40661-4.patch: oberthur: Avoid buffer overflow - debian/patches/CVE-2023-40661-5-pre1.patch: pkcs15-pubkey: free DER value when parsing public key fails - debian/patches/CVE-2023-40661-5.patch: pkcs15-pubkey.c: Avoid double-free - debian/patches/CVE-2023-40661-6.patch: pkcs15-cflex: check path length to prevent underflow - debian/patches/CVE-2023-40661-7.patch: Check length of string before making copy - debian/patches/CVE-2023-40661-8.patch: Check array bounds - debian/patches/CVE-2023-40661-9.patch: sc_pkcs15init_rmdir: prevent out of bounds write - debian/patches/CVE-2023-40661-10.patch: iasecc: Avoid another buffer overflow - debian/patches/CVE-2023-40661-11-pre1.patch: iassecc: Verify buffer lengths before use - debian/patches/CVE-2023-40661-11.patch: iasecc: Avoid buffer overflow with invalid data - debian/patches/CVE-2023-40661-12.patch: iasecc: Check length of data when parsing crt - debian/patches/CVE-2023-40661-13-pre1.patch: card-entersafe.c: Free modulus buffer in case of error - debian/patches/CVE-2023-40661-13.patch: entersafe: Avoid buffer overflow during keygen - CVE-2023-40661 * SECURITY UPDATE: Missing variable initialization - debian/patches/CVE-2024-45615-1.patch: Fix uninitialized values - debian/patches/CVE-2024-45615-2.patch: Initialize variables for tag and CLA - debian/patches/CVE-2024-45615-3.patch: Initialize OID length - debian/patches/CVE-2024-45615-4.patch: Initialize variables for tag and CLA - debian/patches/CVE-2024-45615-5.patch: Avoid using uninitialized memory - debian/patches/CVE-2024-45617-1.patch: Check return value when selecting AID - debian/patches/CVE-2024-45617-2.patch: Return error when response length is 0 - debian/patches/CVE-2024-45617-3.patch: Check number of read bytes - debian/patches/CVE-2024-45618-1.patch: Check return value of serial num conversion - debian/patches/CVE-2024-45618-2.patch: Report transport key error - CVE-2024-45615 - CVE-2024-45617 - CVE-2024-45618 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2023-2977.patch: pkcs15init: correct left length calculation to fix buffer overrun bug - debian/patches/CVE-2024-45616-1.patch: Fix uninitialized values - debian/patches/CVE-2024-45616-2.patch: Check length of APDU response - debian/patches/CVE-2024-45616-3.patch: Correctly calculate certificate length based on the resplen - debian/patches/CVE-2024-45616-4.patch: Check length of serial number - debian/patches/CVE-2024-45616-5.patch: Use actual length of reponse buffer - debian/patches/CVE-2024-45616-6.patch: Check length of response buffer in select - debian/patches/CVE-2024-45616-7.patch: Check APDU response length and ASN1 lengths - debian/patches/CVE-2024-45616-8.patch: Report invalid SW when reading object - debian/patches/CVE-2024-45616-9.patch: Avoid using uninitialized memory - debian/patches/CVE-2024-45616-10.patch: Check length of serial number - debian/patches/CVE-2024-45620-1.patch: Check length of file to be non-zero - debian/patches/CVE-2024-45620-2.patch: Check length of data before dereferencing - debian/patches/CVE-2024-45620-3.patch: Check length of data when parsing - debian/patches/CVE-2024-8443-1.patch: Avoid buffer overflow when writing fingerprint - debian/patches/CVE-2024-8443-2.patch: Do not accept non-matching key responses - CVE-2023-2977 - CVE-2024-45616 - CVE-2024-45620 - CVE-2024-8443 -- Bruce Cable <bruce.cable@canonical.com> Fri, 07 Mar 2025 16:24:52 +1100 openssh-client, openssh-server, openssh-sftp-server (built from openssh) updated from 1:8.2p1-4ubuntu0.11 to 1:8.2p1-4ubuntu0.12: openssh (1:8.2p1-4ubuntu0.12) focal-security; urgency=medium * SECURITY UPDATE: MitM with VerifyHostKeyDNS option - debian/patches/CVE-2025-26465.patch: fix error code handling in krl.c, ssh-agent.c, ssh-sk-client.c, sshconnect2.c, sshsig.c. - CVE-2025-26465 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 11 Feb 2025 09:09:35 -0500 libssl1.1:amd64, openssl (built from openssl) updated from 1.1.1f-1ubuntu2.23 to 1.1.1f-1ubuntu2.24: openssl (1.1.1f-1ubuntu2.24) focal-security; urgency=medium * SECURITY UPDATE: Low-level invalid GF(2^m) parameters lead to OOB memory access - debian/patches/CVE-2024-9143.patch: harden BN_GF2m_poly2arr against misuse in crypto/bn/bn_gf2m.c, test/ec_internal_test.c. - CVE-2024-9143 * SECURITY UPDATE: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation - debian/patches/CVE-2024-13176.patch: Fix timing side-channel in ECDSA signature computation in crypto/bn/bn_exp.c, crypto/ec/ec_lib.c, include/crypto/bn.h. - CVE-2024-13176 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 05 Feb 2025 08:26:48 -0500 libpython3.8-minimal:amd64, libpython3.8-stdlib:amd64, python3.8, python3.8-minimal (built from python3.8) updated from 3.8.10-0ubuntu1~20.04.14 to 3.8.10-0ubuntu1~20.04.18: python3.8 (3.8.10-0ubuntu1~20.04.18) focal-security; urgency=medium * SECURITY UPDATE: urlparse does not flag hostname with square brackets as incorrect - debian/patches/CVE-2025-0938-pre1.patch: Removed. - debian/patches/CVE-2025-0938-pre2.patch: Removed. - debian/patches/add-support-for-scoped-IPv6-addresses.patch: Add support for scoped IPv6 addresses. - debian/patches/CVE-2025-0938.patch: Updated. - CVE-2025-0938 -- Fabian Toepfer <fabian.toepfer@canonical.com> Tue, 18 Mar 2025 21:04:55 +0100 python3.8 (3.8.10-0ubuntu1~20.04.17) focal-security; urgency=medium * SECURITY REGRESSION: IPv6 parsing issue (LP: #2103454) - debian/patches/CVE-2025-0938*.patch: Disable patches until further investigation -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 17 Mar 2025 15:35:05 -0400 python3.8 (3.8.10-0ubuntu1~20.04.16) focal-security; urgency=medium * SECURITY UPDATE: incorrect quoting in venv module - debian/patches/CVE-2024-9287.patch: Updated to fix additional quotes in activation scripts Lib/venv/scripts/common/activate, Lib/venv/scripts/posix/activate.csh, and Lib/venv/scripts/posix/activate.fish. - CVE-2024-9287 * SECURITY UPDATE: urlparse does not flag hostname with square brackets as incorrect - debian/patches/CVE-2025-0938-pre1.patch: Remove urlsplit() optimization for 'http' prefixed inputs. - debian/patches/CVE-2025-0938-pre2.patch: Fix urlparse() with numeric paths. - debian/patches/CVE-2025-0938.patch: Refreshed. It has together with the pre patches the intended effect now. - CVE-2025-0938 -- Fabian Toepfer <fabian.toepfer@canonical.com> Tue, 11 Mar 2025 18:45:31 +0100 python3.8 (3.8.10-0ubuntu1~20.04.15) focal-security; urgency=medium * SECURITY UPDATE: urlparse does not flag hostname with square brackets as incorrect - debian/patches/CVE-2025-0938.patch: disallow square brackets in domain names for parsed URLs in Lib/test/test_urlparse.py, Lib/urllib/parse.py. - CVE-2025-0938 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 04 Feb 2025 10:02:54 -0500 tzdata (built from tzdata) updated from 2024b-0ubuntu0.20.04.1 to 2025b-0ubuntu0.20.04: tzdata (2025b-0ubuntu0.20.04) focal; urgency=medium * New upstream release (LP: #2104284): - New America/Coyhaique zone for Aysén Region in Chile, which moves from -04/-03 to -03. It will not change its clocks on 2025-04-05. - Improve historical data for Iran * Add America/Coyhaique to tzdata.install and debconf templates * Update English, French and Spanish debconf translations for Coyhaique * Add autopkgtest test case for 2025b release * No ICU data update yet as none is yet available upstream. -- Benjamin Drung <bdrung@ubuntu.com> Wed, 26 Mar 2025 21:45:15 +0100 tzdata (2025a-0ubuntu0.20.04) focal; urgency=medium * New upstream release (LP: #2095233): - Paraguay adopts permanent -03 starting spring 2024 - No leap second on 2025-06-30 * Add autopkgtest test case for 2025a release * debian/rules: rename icu-data branch from master to main * Update the ICU timezone data to 2025a * Add autopkgtest test case for ICU timezone data 2025a * Drop unused translations * Override lintian's unused-debconf-template -- Benjamin Drung <bdrung@ubuntu.com> Fri, 14 Feb 2025 23:00:32 +0100 vim-common, vim-tiny, xxd (built from vim) updated from 2:8.1.2269-1ubuntu5.31 to 2:8.1.2269-1ubuntu5.32: vim (2:8.1.2269-1ubuntu5.32) focal-security; urgency=medium * SECURITY UPDATE: Use after free when redirecting display command to register. - debian/patches/CVE-2025-26603.patch: Change redir_reg check to use vim_strchr command check in ./src/register.c. - CVE-2025-26603 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Wed, 02 Apr 2025 14:09:51 -0230 wpasupplicant (built from wpa) updated from 2:2.9-1ubuntu4.4 to 2:2.9-1ubuntu4.6: wpa (2:2.9-1ubuntu4.6) focal-security; urgency=medium * SECURITY UPDATE: Side-channel attack due to cache access patterns. - debian/patches/CVE-2022-2330x-x.patch: Add crypto function operators in ./src/crypto/crypto.h, .../crypto_openssl.c, and .../crypto_wolfssl.c. Add dragonfly_sqrt() helper function in ./src/common/dragonfly.c. Change coordinate calculations in ./src/eap_common/eap_pwd_common.c. - CVE-2022-23303 - CVE-2022-23304 * SECURITY UPDATE: Encrypted element reusage. - debian/patches/CVE-2022-37660.patch: Add hostapd_dpp_pkex_clear_code() and wpas_dpp_pkex_clear_code(), and clear code reusage in ./src/ap/dpp_hostapd.c and ./wpa_supplicant/dpp_supplicant.c - CVE-2022-37660 -- Hlib Korzhynskyy <hlib.korzhynskyy@canonical.com> Mon, 24 Feb 2025 16:44:55 -0330
Copyright © 2025 - UnknownSec