Latest Changelogs for all releases
Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).
ubuntu-release-upgrader | Apr 29th 21:07 | ||
---|---|---|---|
Release: noble | Repo: universe | Level: proposed | New version: 1:24.04.17 |
Packages in group: | ubuntu-release-upgrader-qt | ||
ubuntu-release-upgrader (1:24.04.17) noble; urgency=medium [ Nick Rosbrook ]
[ Julian Andres Klode ]
-- Julian Andres Klode <email address hidden> Mon, 29 Apr 2024 16:26:40 +0200 |
|||
2061891 | Noble upgrade breaks iptables-persistent and netfilter-persistent usage | ||
2063464 | systemd-resolved wasn't installed on upgrade from Jammy to Noble | ||
2064090 | Automatically installed bit not transitioned to t64 libraries |
ubuntu-release-upgrader | Apr 29th 21:07 | ||
---|---|---|---|
Release: noble | Repo: main | Level: proposed | New version: 1:24.04.17 |
Packages in group: | python3-distupgrade ubuntu-release-upgrader-core ubuntu-release-upgrader-gtk | ||
ubuntu-release-upgrader (1:24.04.17) noble; urgency=medium [ Nick Rosbrook ]
[ Julian Andres Klode ]
-- Julian Andres Klode <email address hidden> Mon, 29 Apr 2024 16:26:40 +0200 |
|||
2061891 | Noble upgrade breaks iptables-persistent and netfilter-persistent usage | ||
2063464 | systemd-resolved wasn't installed on upgrade from Jammy to Noble | ||
2064090 | Automatically installed bit not transitioned to t64 libraries |
freerdp3 | Apr 29th 19:06 | ||
---|---|---|---|
Release: noble | Repo: universe | Level: updates | New version: 3.5.1+dfsg1-0ubuntu1 |
Packages in group: | freerdp3-dev freerdp3-shadow-x11 freerdp3-wayland freerdp3-x11 libfreerdp-shadow3-3 libfreerdp-shadow-subsystem3-3 winpr3-utils | ||
freerdp3 (3.5.1+dfsg1-0ubuntu1) noble-security; urgency=medium * SECURITY UPDATE: updated to 3.5.1 to fix multiple security issues
-- Marc Deslauriers <email address hidden> Mon, 29 Apr 2024 10:25:11 -0400 |
|||
CVE-2024-32658 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V | ||
CVE-2024-32659 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if | ||
CVE-2024-32660 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i | ||
CVE-2024-32661 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc | ||
CVE-2024-32662 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. T |
freerdp3 | Apr 29th 19:06 | ||
---|---|---|---|
Release: noble | Repo: main | Level: updates | New version: 3.5.1+dfsg1-0ubuntu1 |
Packages in group: | libfreerdp3-3 libfreerdp-client3-3 libfreerdp-server3-3 libwinpr3-3 libwinpr3-dev libwinpr-tools3-3 | ||
freerdp3 (3.5.1+dfsg1-0ubuntu1) noble-security; urgency=medium * SECURITY UPDATE: updated to 3.5.1 to fix multiple security issues
-- Marc Deslauriers <email address hidden> Mon, 29 Apr 2024 10:25:11 -0400 |
|||
CVE-2024-32658 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V | ||
CVE-2024-32659 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if | ||
CVE-2024-32660 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i | ||
CVE-2024-32661 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc | ||
CVE-2024-32662 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. T |
freerdp3 | Apr 29th 18:06 | ||
---|---|---|---|
Release: noble | Repo: universe | Level: security | New version: 3.5.1+dfsg1-0ubuntu1 |
Packages in group: | freerdp3-dev freerdp3-shadow-x11 freerdp3-wayland freerdp3-x11 libfreerdp-shadow3-3 libfreerdp-shadow-subsystem3-3 winpr3-utils | ||
freerdp3 (3.5.1+dfsg1-0ubuntu1) noble-security; urgency=medium * SECURITY UPDATE: updated to 3.5.1 to fix multiple security issues
-- Marc Deslauriers <email address hidden> Mon, 29 Apr 2024 10:25:11 -0400 |
|||
CVE-2024-32658 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V | ||
CVE-2024-32659 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if | ||
CVE-2024-32660 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i | ||
CVE-2024-32661 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc | ||
CVE-2024-32662 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. T |
freerdp3 | Apr 29th 18:06 | ||
---|---|---|---|
Release: noble | Repo: main | Level: security | New version: 3.5.1+dfsg1-0ubuntu1 |
Packages in group: | libfreerdp3-3 libfreerdp-client3-3 libfreerdp-server3-3 libwinpr3-3 libwinpr3-dev libwinpr-tools3-3 | ||
freerdp3 (3.5.1+dfsg1-0ubuntu1) noble-security; urgency=medium * SECURITY UPDATE: updated to 3.5.1 to fix multiple security issues
-- Marc Deslauriers <email address hidden> Mon, 29 Apr 2024 10:25:11 -0400 |
|||
CVE-2024-32658 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V | ||
CVE-2024-32659 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if | ||
CVE-2024-32660 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i | ||
CVE-2024-32661 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc | ||
CVE-2024-32662 | FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. T |
firefox | Apr 29th 15:08 | This package belongs to a PPA: Ubuntu Mozilla Security | |
---|---|---|---|
Release: focal | Repo: main | Level: base | New version: 125.0.3+ |
Packages in group: | firefox-dbg firefox-dev firefox-geckodriver firefox-locale-af firefox-locale-an firefox-locale-ar firefox-locale-as firefox-locale-ast firefox-locale-az firefox-locale-be firefox-locale-bg (... see all) | ||
firefox (125.0.3+build1-0ubuntu0.20.04.1) focal; urgency=medium
|
libvirt | Apr 29th 14:07 | ||
---|---|---|---|
Release: noble | Repo: universe | Level: updates | New version: 10.0.0-2ubuntu8.1 |
Packages in group: | libnss-libvirt libvirt-clients-qemu libvirt-daemon-driver-lxc libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-zfs libvirt-daemon-driver-vbox libvirt-daemon-driver-xen libvirt-daemon-system-sysv libvirt-dev (... see all) | ||
libvirt (10.0.0-2ubuntu8.1) noble-security; urgency=medium * SECURITY UPDATE: off-by-one in udevListInterfacesByStatus()
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 11:42:32 -0400 |
|||
CVE-2024-1441 | An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `nam | ||
CVE-2024-2494 | A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length c |
gnutls28 | Apr 29th 14:07 | ||
---|---|---|---|
Release: noble | Repo: universe | Level: updates | New version: 3.8.3-1.1ubuntu3.1 |
Packages in group: | gnutls-bin | ||
gnutls28 (3.8.3-1.1ubuntu3.1) noble-security; urgency=medium * SECURITY UPDATE: side-channel leak via Minerva attack
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 09:54:34 -0400 |
|||
CVE-2024-28834 | A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading | ||
CVE-2024-28835 | A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "c |
glibc | Apr 29th 14:07 | ||
---|---|---|---|
Release: noble | Repo: universe | Level: updates | New version: 2.39-0ubuntu8.1 |
Packages in group: | glibc-source locales-all nscd | ||
glibc (2.39-0ubuntu8.1) noble-security; urgency=medium * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 09:52:32 -0400 |
|||
CVE-2024-2961 | The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting string |
apache2 | Apr 29th 14:07 | ||
---|---|---|---|
Release: noble | Repo: universe | Level: updates | New version: 2.4.58-1ubuntu8.1 |
Packages in group: | apache2-suexec-custom apache2-suexec-pristine libapache2-mod-md libapache2-mod-proxy-uwsgi | ||
apache2 (2.4.58-1ubuntu8.1) noble-security; urgency=medium * SECURITY UPDATE: HTTP response splitting
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 11:13:41 -0400 |
|||
CVE-2023-38709 | Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses. This issue affects | ||
CVE-2024-24795 | HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applicat | ||
CVE-2024-27316 | HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client do |
libvirt | Apr 29th 14:07 | ||
---|---|---|---|
Release: noble | Repo: main | Level: updates | New version: 10.0.0-2ubuntu8.1 |
Packages in group: | libvirt0 libvirt-clients libvirt-daemon libvirt-daemon-config-network libvirt-daemon-config-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-system libvirt-daemon-system-systemd libvirt-doc libvirt-l10n | ||
libvirt (10.0.0-2ubuntu8.1) noble-security; urgency=medium * SECURITY UPDATE: off-by-one in udevListInterfacesByStatus()
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 11:42:32 -0400 |
|||
CVE-2024-1441 | An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `nam | ||
CVE-2024-2494 | A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length c |
gnutls28 | Apr 29th 14:07 | ||
---|---|---|---|
Release: noble | Repo: main | Level: updates | New version: 3.8.3-1.1ubuntu3.1 |
Packages in group: | gnutls-doc libgnutls28-dev libgnutls30t64 libgnutls-dane0t64 libgnutls-openssl27t64 | ||
gnutls28 (3.8.3-1.1ubuntu3.1) noble-security; urgency=medium * SECURITY UPDATE: side-channel leak via Minerva attack
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 09:54:34 -0400 |
|||
CVE-2024-28834 | A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading | ||
CVE-2024-28835 | A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "c |
glibc | Apr 29th 14:07 | ||
---|---|---|---|
Release: noble | Repo: main | Level: updates | New version: 2.39-0ubuntu8.1 |
Packages in group: | glibc-doc libc6 libc6-dbg libc6-dev libc6-dev-i386 libc6-dev-x32 libc6-i386 libc6-x32 libc-bin libc-dev-bin libc-devtools (... see all) | ||
glibc (2.39-0ubuntu8.1) noble-security; urgency=medium * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT
-- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 09:52:32 -0400 |
|||
CVE-2024-2961 | The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting string |
curl | Apr 29th 14:07 | ||
---|---|---|---|
Release: noble | Repo: main | Level: updates | New version: 8.5.0-2ubuntu10.1 |
Packages in group: | libcurl3t64-gnutls libcurl4-doc libcurl4-gnutls-dev libcurl4-openssl-dev libcurl4t64 | ||
curl (8.5.0-2ubuntu10.1) noble-security; urgency=medium * SECURITY UPDATE: Usage of disabled protocol
-- Marc Deslauriers <email address hidden> Mon, 22 Apr 2024 12:00:57 -0400 |
|||
CVE-2024-2004 | Usage of disabled protocol | ||
CVE-2024-2398 | HTTP/2 push headers memory-leak |