UbuntuUpdates.org

Latest Changelogs for all releases

All releases Bionic Focal Jammy Lunar Mantic Noble Precise Trusty Xenial
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesbackportsproposedbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

mysql-8.0 Jun 11th 14:07
Release: mantic Repo: main Level: security New version: 8.0.37-0ubuntu0.23.10.2
Packages in group:  libmysqlclient21 libmysqlclient-dev mysql-client mysql-client-8.0 mysql-client-core-8.0 mysql-server mysql-server-8.0 mysql-server-core-8.0

  mysql-8.0 (8.0.37-0ubuntu0.23.10.2) mantic-security; urgency=medium

  * SECURITY UPDATE: Update to 8.0.37 to fix security issues
    - CVE-2024-20994, CVE-2024-20998, CVE-2024-21000, CVE-2024-21008,
      CVE-2024-21009, CVE-2024-21013, CVE-2024-21047, CVE-2024-21054,
      CVE-2024-21060, CVE-2024-21062, CVE-2024-21069, CVE-2024-21087,
      CVE-2024-21096, CVE-2024-21102
    - debian/patches/revert_faster_tls_model.patch: updated for new
      version.

 -- Marc Deslauriers <email address hidden> Tue, 30 Apr 2024 09:06:50 -0400
CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 a
CVE-2024-20998 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
CVE-2024-21000 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36
CVE-2024-21008 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
CVE-2024-21009 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
More...

mysql-8.0 Jun 11th 14:07
Release: jammy Repo: universe Level: security New version: 8.0.37-0ubuntu0.22.04.3
Packages in group:  mysql-router mysql-source-8.0 mysql-testsuite mysql-testsuite-8.0

  mysql-8.0 (8.0.37-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Update to 8.0.37 to fix security issues
    - CVE-2024-20994, CVE-2024-20998, CVE-2024-21000, CVE-2024-21008,
      CVE-2024-21009, CVE-2024-21013, CVE-2024-21047, CVE-2024-21054,
      CVE-2024-21060, CVE-2024-21062, CVE-2024-21069, CVE-2024-21087,
      CVE-2024-21096, CVE-2024-21102
    - debian/patches/revert_faster_tls_model.patch: updated for new
      version.

 -- Marc Deslauriers <email address hidden> Tue, 30 Apr 2024 09:06:50 -0400
CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 a
CVE-2024-20998 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
CVE-2024-21000 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36
CVE-2024-21008 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
CVE-2024-21009 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
More...

libapache-mod-jk Jun 11th 14:07
Release: jammy Repo: universe Level: security New version: 1:1.2.48-1ubuntu0.1
Packages in group:  libapache2-mod-jk libapache-mod-jk-doc

  libapache-mod-jk (1:1.2.48-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Authentication bypass in mod_jk
    - debian/patches/CVE-2023-41081.patch: Remove support for implicit mapping
      of requests to workers.
    - CVE-2023-41081

 -- Octavio Galland <email address hidden> Mon, 10 Jun 2024 09:15:14 -0300
CVE-2023-41081 Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration

mysql-8.0 Jun 11th 14:07
Release: jammy Repo: main Level: security New version: 8.0.37-0ubuntu0.22.04.3
Packages in group:  libmysqlclient21 libmysqlclient-dev mysql-client mysql-client-8.0 mysql-client-core-8.0 mysql-server mysql-server-8.0 mysql-server-core-8.0

  mysql-8.0 (8.0.37-0ubuntu0.22.04.3) jammy-security; urgency=medium

  * SECURITY UPDATE: Update to 8.0.37 to fix security issues
    - CVE-2024-20994, CVE-2024-20998, CVE-2024-21000, CVE-2024-21008,
      CVE-2024-21009, CVE-2024-21013, CVE-2024-21047, CVE-2024-21054,
      CVE-2024-21060, CVE-2024-21062, CVE-2024-21069, CVE-2024-21087,
      CVE-2024-21096, CVE-2024-21102
    - debian/patches/revert_faster_tls_model.patch: updated for new
      version.

 -- Marc Deslauriers <email address hidden> Tue, 30 Apr 2024 09:06:50 -0400
CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 a
CVE-2024-20998 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
CVE-2024-21000 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36
CVE-2024-21008 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
CVE-2024-21009 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
More...

mysql-8.0 Jun 11th 14:07
Release: focal Repo: universe Level: security New version: 8.0.37-0ubuntu0.20.04.3
Packages in group:  mysql-router mysql-source-8.0 mysql-testsuite mysql-testsuite-8.0

  mysql-8.0 (8.0.37-0ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: Update to 8.0.37 to fix security issues
    - CVE-2024-20994, CVE-2024-20998, CVE-2024-21000, CVE-2024-21008,
      CVE-2024-21009, CVE-2024-21013, CVE-2024-21047, CVE-2024-21054,
      CVE-2024-21060, CVE-2024-21062, CVE-2024-21069, CVE-2024-21087,
      CVE-2024-21096, CVE-2024-21102
    - debian/patches/revert_faster_tls_model.patch: updated for new
      version.
    - debian/patches/disable_test_riscv64_ftbfs.patch: disable a test that
      FTBFS on riscv64.

 -- Marc Deslauriers <email address hidden> Wed, 22 May 2024 12:16:04 -0400
CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 a
CVE-2024-20998 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
CVE-2024-21000 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36
CVE-2024-21008 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
CVE-2024-21009 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
More...

libapache-mod-jk Jun 11th 14:07
Release: focal Repo: universe Level: security New version: 1:1.2.46-1ubuntu0.1
Packages in group:  libapache2-mod-jk libapache-mod-jk-doc

  libapache-mod-jk (1:1.2.46-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Authentication bypass in mod_jk
    - debian/patches/CVE-2023-41081.patch: Remove support for implicit mapping
      of requests to workers.
    - CVE-2023-41081

 -- Octavio Galland <email address hidden> Mon, 10 Jun 2024 09:16:11 -0300
CVE-2023-41081 Important: Authentication Bypass CVE-2023-41081 The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration

mysql-8.0 Jun 11th 14:07
Release: focal Repo: main Level: security New version: 8.0.37-0ubuntu0.20.04.3
Packages in group:  libmysqlclient21 libmysqlclient-dev mysql-client mysql-client-8.0 mysql-client-core-8.0 mysql-server mysql-server-8.0 mysql-server-core-8.0

  mysql-8.0 (8.0.37-0ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: Update to 8.0.37 to fix security issues
    - CVE-2024-20994, CVE-2024-20998, CVE-2024-21000, CVE-2024-21008,
      CVE-2024-21009, CVE-2024-21013, CVE-2024-21047, CVE-2024-21054,
      CVE-2024-21060, CVE-2024-21062, CVE-2024-21069, CVE-2024-21087,
      CVE-2024-21096, CVE-2024-21102
    - debian/patches/revert_faster_tls_model.patch: updated for new
      version.
    - debian/patches/disable_test_riscv64_ftbfs.patch: disable a test that
      FTBFS on riscv64.

 -- Marc Deslauriers <email address hidden> Wed, 22 May 2024 12:16:04 -0400
CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 a
CVE-2024-20998 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
CVE-2024-21000 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36
CVE-2024-21008 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
CVE-2024-21009 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior
More...

nodejs Jun 11th 12:06
Release: mantic Repo: universe Level: updates New version: 18.13.0+dfsg1-1ubuntu2.3
Packages in group:  libnode108 libnode-dev nodejs-doc

  nodejs (18.13.0+dfsg1-1ubuntu2.3) mantic-security; urgency=medium

  * SECURITY UPDATE:
    - debian/patches/CVE-2023-32002.patch: fixed a policy mechanism bypass in
      `Module._load` (CVE-2023-32002) and one in `constructor.createRequire`
      (CVE-2023-32006)
    - debian/patches/CVE-2023-32559.patch: fixed a privilege escalation in
      process.binding
    - CVE-2023-32002
    - CVE-2023-32006
    - CVE-2023-32559

 -- Amir Naseredini <email address hidden> Tue, 04 Jun 2024 13:20:15 +0100
CVE-2023-32002 The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulne
CVE-2023-32006 The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given
CVE-2023-32559 A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the de

nodejs Jun 11th 12:06
Release: jammy Repo: universe Level: updates New version: 12.22.9~dfsg-1ubuntu3.6
Packages in group:  libnode72 libnode-dev nodejs-doc

  nodejs (12.22.9~dfsg-1ubuntu3.6) jammy-security; urgency=medium

  * SECURITY UPDATE: Bypass the Policy Mechanism
    - debian/patches/CVE-2023-32002.patch: fixed a policy mechanism bypass in
      `Module._load` (CVE-2023-32002) and one in `constructor.createRequire`
      (CVE-2023-32006)
    - debian/patches/CVE-2023-32559.patch: fixed a privilege escalation in
      process.binding
    - CVE-2023-32002
    - CVE-2023-32006
    - CVE-2023-32559

 -- Amir Naseredini <email address hidden> Fri, 07 Jun 2024 16:17:56 +0100
CVE-2023-32002 The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulne
CVE-2023-32006 The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given
CVE-2023-32559 A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the de

nodejs Jun 11th 10:07
Release: mantic Repo: universe Level: security New version: 18.13.0+dfsg1-1ubuntu2.3
Packages in group:  libnode108 libnode-dev nodejs-doc

  nodejs (18.13.0+dfsg1-1ubuntu2.3) mantic-security; urgency=medium

  * SECURITY UPDATE:
    - debian/patches/CVE-2023-32002.patch: fixed a policy mechanism bypass in
      `Module._load` (CVE-2023-32002) and one in `constructor.createRequire`
      (CVE-2023-32006)
    - debian/patches/CVE-2023-32559.patch: fixed a privilege escalation in
      process.binding
    - CVE-2023-32002
    - CVE-2023-32006
    - CVE-2023-32559

 -- Amir Naseredini <email address hidden> Tue, 04 Jun 2024 13:20:15 +0100
CVE-2023-32002 The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulne
CVE-2023-32006 The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given
CVE-2023-32559 A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the de

linux-restricted-signatures-oracle Jun 11th 10:07
Release: mantic Repo: restricted Level: security New version: 6.5.0-1024.24
Packages in group:  linux-modules-nvidia-525-open-6.5.0-1011-oracle linux-modules-nvidia-525-open-6.5.0-1012-oracle linux-modules-nvidia-525-open-6.5.0-1013-oracle linux-modules-nvidia-525-open-6.5.0-1014-oracle linux-modules-nvidia-525-open-6.5.0-1015-oracle linux-modules-nvidia-525-open-6.5.0-1016-oracle linux-modules-nvidia-525-open-6.5.0-1018-oracle linux-modules-nvidia-525-open-6.5.0-1019-oracle linux-modules-nvidia-535-open-6.5.0-1011-oracle linux-modules-nvidia-535-open-6.5.0-1012-oracle linux-modules-nvidia-535-open-6.5.0-1013-oracle (... see all)

  linux-restricted-signatures-oracle (6.5.0-1024.24) mantic; urgency=medium

  * Main version: 6.5.0-1024.24

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/tracking-bug -- resync from main package

 -- Philip Cox <email address hidden> Mon, 13 May 2024 15:22:28 +0200
1786013 Packaging resync

linux-restricted-signatures-aws Jun 11th 10:07
Release: mantic Repo: restricted Level: security New version: 6.5.0-1021.21
Packages in group:  linux-modules-nvidia-525-open-6.5.0-1009-aws linux-modules-nvidia-525-open-6.5.0-1010-aws linux-modules-nvidia-525-open-6.5.0-1011-aws linux-modules-nvidia-525-open-6.5.0-1012-aws linux-modules-nvidia-525-open-6.5.0-1013-aws linux-modules-nvidia-525-open-6.5.0-1014-aws linux-modules-nvidia-525-open-6.5.0-1015-aws linux-modules-nvidia-525-open-6.5.0-1016-aws linux-modules-nvidia-535-open-6.5.0-1009-aws linux-modules-nvidia-535-open-6.5.0-1010-aws linux-modules-nvidia-535-open-6.5.0-1011-aws (... see all)

  linux-restricted-signatures-aws (6.5.0-1021.21) mantic; urgency=medium

  * Main version: 6.5.0-1021.21

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/tracking-bug -- resync from main package

 -- Philip Cox <email address hidden> Fri, 10 May 2024 11:28:25 -0400
1786013 Packaging resync

linux-restricted-modules-oracle Jun 11th 10:07
Release: mantic Repo: restricted Level: security New version: 6.5.0-1024.24
Packages in group:  linux-modules-nvidia-435-oracle linux-modules-nvidia-440-oracle linux-modules-nvidia-450-oracle linux-modules-nvidia-455-oracle linux-modules-nvidia-460-oracle linux-modules-nvidia-460-server-oracle linux-modules-nvidia-465-oracle linux-modules-nvidia-470-6.5.0-1011-oracle linux-modules-nvidia-470-6.5.0-1012-oracle linux-modules-nvidia-470-6.5.0-1013-oracle linux-modules-nvidia-470-6.5.0-1014-oracle (... see all)

  linux-restricted-modules-oracle (6.5.0-1024.24) mantic; urgency=medium

  * Main version: 6.5.0-1024.24

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/tracking-bug -- resync from main package

 -- Philip Cox <email address hidden> Mon, 13 May 2024 15:22:28 +0200
1786013 Packaging resync

linux-restricted-modules-aws Jun 11th 10:07
Release: mantic Repo: restricted Level: security New version: 6.5.0-1021.21
Packages in group:  linux-modules-nvidia-435-aws linux-modules-nvidia-440-aws linux-modules-nvidia-450-aws linux-modules-nvidia-455-aws linux-modules-nvidia-460-aws linux-modules-nvidia-460-server-aws linux-modules-nvidia-465-aws linux-modules-nvidia-470-6.5.0-1009-aws linux-modules-nvidia-470-6.5.0-1010-aws linux-modules-nvidia-470-6.5.0-1011-aws linux-modules-nvidia-470-6.5.0-1012-aws (... see all)

  linux-restricted-modules-aws (6.5.0-1021.21) mantic; urgency=medium

  * Main version: 6.5.0-1021.21

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/tracking-bug -- resync from main package

 -- Philip Cox <email address hidden> Fri, 10 May 2024 11:28:25 -0400
1786013 Packaging resync

linux-signed-oracle Jun 11th 10:07
Release: mantic Repo: main Level: security New version: 6.5.0-1024.24
Packages in group:  linux-image-6.5.0-1011-oracle linux-image-6.5.0-1012-oracle linux-image-6.5.0-1013-oracle linux-image-6.5.0-1014-oracle linux-image-6.5.0-1015-oracle linux-image-6.5.0-1016-oracle linux-image-6.5.0-1018-oracle linux-image-6.5.0-1019-oracle linux-image-6.5.0-1020-oracle linux-image-6.5.0-1021-oracle linux-image-6.5.0-1023-oracle (... see all)

  linux-signed-oracle (6.5.0-1024.24) mantic; urgency=medium

  * Main version: 6.5.0-1024.24

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/tracking-bug -- resync from main package

 -- Philip Cox <email address hidden> Mon, 13 May 2024 15:21:13 +0200
1786013 Packaging resync


About   -   Send Feedback to @ubuntu_updates