Latest Changelogs for all releases

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

qemu			Apr 10th 06:08
Release: questing	Repo: universe	Level: updates	New version: 1:10.1.0+ds-5ubuntu2.6
Packages in group:	qemu-block-supplemental qemu-guest-agent qemu-system-x86-xen qemu-system-xen qemu-user qemu-user-binfmt
qemu (1:10.1.0+ds-5ubuntu2.6) questing-security; urgency=medium * SECURITY UPDATE: use-after-free - debian/patches/CVE-2024-6519.patch: keep a reference to the device while SCRIPTS in hw/scsi/lsi53c895a.c. - CVE-2024-6519 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2026-2243.patch: fix OOB read in vmdk_read_extent() in block/vmdk.c. - CVE-2026-2243 * SECURITY UPDATE: heap buffer overflow - debian/patches/CVE-2026-3195-1.patch: fix max_size bounds check in input cb in hw/audio/virtio-snd.c. - debian/patches/CVE-2026-3195-2.patch: tighten read amount in in_cb in hw/audio/virtio-snd.c. - CVE-2026-3195 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2026-3196.patch: handle 5.14.6.2 for PCM_INFO properly in hw/audio/virtio-snd.c. - CVE-2026-3196 * SECURITY UPDATE: out-of-bounds write - debian/patches/CVE-2026-3842.patch: check length returned by cpu_physical_memory_map() in hw/hyperv/syndbg.c. - CVE-2026-3842 -- Fabian Toepfer <email address hidden> Wed, 01 Apr 2026 18:16:15 +0200
CVE-2024-6519	A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
CVE-2026-2243	A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of

qemu			Apr 10th 06:08
Release: questing	Repo: main	Level: updates	New version: 1:10.1.0+ds-5ubuntu2.6
Packages in group:	qemu-block-extra qemu-system qemu-system-arm qemu-system-common qemu-system-data qemu-system-gui qemu-system-mips qemu-system-misc qemu-system-modules-opengl qemu-system-modules-spice qemu-system-ppc (... see all)
qemu (1:10.1.0+ds-5ubuntu2.6) questing-security; urgency=medium * SECURITY UPDATE: use-after-free - debian/patches/CVE-2024-6519.patch: keep a reference to the device while SCRIPTS in hw/scsi/lsi53c895a.c. - CVE-2024-6519 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2026-2243.patch: fix OOB read in vmdk_read_extent() in block/vmdk.c. - CVE-2026-2243 * SECURITY UPDATE: heap buffer overflow - debian/patches/CVE-2026-3195-1.patch: fix max_size bounds check in input cb in hw/audio/virtio-snd.c. - debian/patches/CVE-2026-3195-2.patch: tighten read amount in in_cb in hw/audio/virtio-snd.c. - CVE-2026-3195 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2026-3196.patch: handle 5.14.6.2 for PCM_INFO properly in hw/audio/virtio-snd.c. - CVE-2026-3196 * SECURITY UPDATE: out-of-bounds write - debian/patches/CVE-2026-3842.patch: check length returned by cpu_physical_memory_map() in hw/hyperv/syndbg.c. - CVE-2026-3842 -- Fabian Toepfer <email address hidden> Wed, 01 Apr 2026 18:16:15 +0200
CVE-2024-6519	A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
CVE-2026-2243	A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of

qemu			Apr 10th 06:08
Release: noble	Repo: universe	Level: updates	New version: 1:8.2.2+ds-0ubuntu1.16
Packages in group:	qemu-block-supplemental qemu-guest-agent qemu-system-x86-xen qemu-system-xen qemu-user qemu-user-binfmt qemu-user-static
qemu (1:8.2.2+ds-0ubuntu1.16) noble-security; urgency=medium * SECURITY UPDATE: use-after-free - debian/patches/CVE-2024-6519.patch: keep a reference to the device while SCRIPTS in hw/scsi/lsi53c895a.c. - CVE-2024-6519 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2026-2243.patch: fix OOB read in vmdk_read_extent() in block/vmdk.c. - CVE-2026-2243 * SECURITY UPDATE: heap buffer overflow - debian/patches/CVE-2026-3195-1.patch: fix max_size bounds check in input cb in hw/audio/virtio-snd.c. - debian/patches/CVE-2026-3195-2.patch: tighten read amount in in_cb in hw/audio/virtio-snd.c. - CVE-2026-3195 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2026-3196.patch: handle 5.14.6.2 for PCM_INFO properly in hw/audio/virtio-snd.c. - CVE-2026-3196 * SECURITY UPDATE: out-of-bounds write - debian/patches/CVE-2026-3842.patch: check length returned by cpu_physical_memory_map() in hw/hyperv/syndbg.c. - CVE-2026-3842 -- Fabian Toepfer <email address hidden> Wed, 08 Apr 2026 11:57:03 +0200
CVE-2024-6519	A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
CVE-2026-2243	A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of

qemu			Apr 10th 06:08
Release: noble	Repo: main	Level: updates	New version: 1:8.2.2+ds-0ubuntu1.16
Packages in group:	qemu-block-extra qemu-system qemu-system-arm qemu-system-common qemu-system-data qemu-system-gui qemu-system-mips qemu-system-misc qemu-system-modules-opengl qemu-system-modules-spice qemu-system-ppc (... see all)
qemu (1:8.2.2+ds-0ubuntu1.16) noble-security; urgency=medium * SECURITY UPDATE: use-after-free - debian/patches/CVE-2024-6519.patch: keep a reference to the device while SCRIPTS in hw/scsi/lsi53c895a.c. - CVE-2024-6519 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2026-2243.patch: fix OOB read in vmdk_read_extent() in block/vmdk.c. - CVE-2026-2243 * SECURITY UPDATE: heap buffer overflow - debian/patches/CVE-2026-3195-1.patch: fix max_size bounds check in input cb in hw/audio/virtio-snd.c. - debian/patches/CVE-2026-3195-2.patch: tighten read amount in in_cb in hw/audio/virtio-snd.c. - CVE-2026-3195 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2026-3196.patch: handle 5.14.6.2 for PCM_INFO properly in hw/audio/virtio-snd.c. - CVE-2026-3196 * SECURITY UPDATE: out-of-bounds write - debian/patches/CVE-2026-3842.patch: check length returned by cpu_physical_memory_map() in hw/hyperv/syndbg.c. - CVE-2026-3842 -- Fabian Toepfer <email address hidden> Wed, 08 Apr 2026 11:57:03 +0200
CVE-2024-6519	A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
CVE-2026-2243	A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of

qemu			Apr 10th 06:08
Release: jammy	Repo: universe	Level: updates	New version: 1:6.2+dfsg-2ubuntu6.30
Packages in group:	qemu-guest-agent qemu-system-x86-microvm qemu-system-x86-xen qemu-user qemu-user-binfmt qemu-user-static
qemu (1:6.2+dfsg-2ubuntu6.30) jammy-security; urgency=medium * SECURITY UPDATE: use-after-free - debian/patches/CVE-2024-6519-pre1.patch: dd missing decrement of reentrancy counter in hw/scsi/lsi53c895a.c. - debian/patches/CVE-2024-6519.patch: keep a reference to the device while SCRIPTS in hw/scsi/lsi53c895a.c. - CVE-2024-6519 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2026-2243.patch: fix OOB read in vmdk_read_extent() in block/vmdk.c. - CVE-2026-2243 -- Fabian Toepfer <email address hidden> Wed, 01 Apr 2026 18:19:07 +0200
CVE-2024-6519	A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
CVE-2026-2243	A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of

qemu			Apr 10th 06:08
Release: jammy	Repo: main	Level: updates	New version: 1:6.2+dfsg-2ubuntu6.30
Packages in group:	qemu-block-extra qemu-system qemu-system-arm qemu-system-common qemu-system-data qemu-system-gui qemu-system-mips qemu-system-misc qemu-system-ppc qemu-system-s390x qemu-system-sparc (... see all)
qemu (1:6.2+dfsg-2ubuntu6.30) jammy-security; urgency=medium * SECURITY UPDATE: use-after-free - debian/patches/CVE-2024-6519-pre1.patch: dd missing decrement of reentrancy counter in hw/scsi/lsi53c895a.c. - debian/patches/CVE-2024-6519.patch: keep a reference to the device while SCRIPTS in hw/scsi/lsi53c895a.c. - CVE-2024-6519 * SECURITY UPDATE: out-of-bounds read - debian/patches/CVE-2026-2243.patch: fix OOB read in vmdk_read_extent() in block/vmdk.c. - CVE-2026-2243 -- Fabian Toepfer <email address hidden> Wed, 01 Apr 2026 18:19:07 +0200
CVE-2024-6519	A use-after-free vulnerability was found in the QEMU LSI53C895A SCSI Host Bus Adapter emulation. This issue can lead to a crash or VM escape.
CVE-2026-2243	A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of

manila			Apr 10th 01:08
Release: noble	Repo: universe	Level: updates	New version: 1:18.0.1-0ubuntu2.3
Packages in group:	manila-api manila-common manila-data manila-doc manila-scheduler manila-share python3-manila
`manila (1:18.0.1-0ubuntu2.3) noble; urgency=medium [ James Page ] * d/gbp.conf: Configure debian branch for stable updates. * d/gbp.conf, .launchpad.yaml: Sync from cloud-archive-tools for caracal. [ Seyeong Kim ] * d/p/lp2143377-fix-rados-dangling-index.patch: Fix RADOS export index dangling reference causing NFS-Ganesha crash (LP: #2143377) -- Seyeong Kim <email address hidden> Fri, 20 Mar 2026 00:20:57 +0000`

libvirt			Apr 10th 01:08
Release: noble	Repo: universe	Level: updates	New version: 10.0.0-2ubuntu8.13
Packages in group:	libnss-libvirt libvirt-clients-qemu libvirt-daemon-driver-lxc libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-zfs libvirt-daemon-driver-vbox libvirt-daemon-driver-xen libvirt-daemon-system-sysv libvirt-dev (... see all)
`libvirt (10.0.0-2ubuntu8.13) noble; urgency=medium * d/p/u/lp2138902-*: prevent qemu virtiofs crash if cgroup is missing (LP: #2138902) -- Hector Cao <email address hidden> Wed, 18 Mar 2026 23:54:19 +0100`
2138902	session libvirtd crashes when hot adding filesystems

ubuntu-drivers-common			Apr 10th 01:08
Release: noble	Repo: universe	Level: updates	New version: 1:0.9.7.6ubuntu3.7
Packages in group:	dh-modaliases nvidia-common
`ubuntu-drivers-common (1:0.9.7.6ubuntu3.7) noble; urgency=medium [ Kai-Chuan Hsieh ] * Fix AMD + Nvidia boot_vga not set (LP: #2115047) -- Kai-Chuan Hsieh <email address hidden> Wed, 18 Mar 2026 13:59:40 +0800`
2115047	\u201cPRIME Profiles\u201d option is disppeared in nvidia-settings on AMD + Nvidia platform

rustc			Apr 10th 01:08
Release: noble	Repo: universe	Level: updates	New version: 1.75.0+dfsg0ubuntu1-0ubuntu7.4
Packages in group:	cargo-doc rust-all rust-clippy rust-doc rustfmt rust-gdb rust-lldb rust-src
`rustc (1.75.0+dfsg0ubuntu1-0ubuntu7.4) noble; urgency=medium * d/p/upstream/u-tar-cve-2026-33056: fix vulnerability (LP: #2145764) * d/rules: increase FAILURES_ALLOWED to fix s390x build failure. -- Brent Kerby <email address hidden> Tue, 24 Mar 2026 11:53:44 -0600`

apparmor			Apr 10th 01:08
Release: noble	Repo: universe	Level: updates	New version: 4.0.1really4.0.1-0ubuntu0.24.04.6
Packages in group:	apparmor-notify dh-apparmor
apparmor (4.0.1really4.0.1-0ubuntu0.24.04.6) noble; urgency=medium * This is an SRU, tracked in LP: #2143863 * Add patch to remove the busybox and nautilus profiles (LP: #2142792): - d/p/u/delete-the-busybox-and-nautilus-profiles.patch * d/apparmor.install, d/apparmor.maintscript: account for removal of the busybox and nautilus profiles * Add patches to fix socketpair regression test (LP: #2124206): - d/p/u/-0002-tests-regression-fix-regression-test-for-upstream.patch - d/p/u/-0001-tests-regressions-fix-unix_socket_pathname.sh-for.patch - d/p/u/0000-tests-regression-increase-unix-socket-test-timeout.patch - d/p/u/0001-tests-regression-Update-socketpair-test-for-upstream.patch - d/p/u/0002-tests-regression-update-socketpair-tests-to-detect-d.patch - d/p/u/0003-tests-regression-update-tests-requires-for-v9-af_unix.patch - d/p/u/0004-tests-regression-Improve-output-of-require_any_of_k.patch - d/p/u/0005-tests-regression-update-network-requirements-for-v9.patch - d/p/u/0006-regression-tests-update-logic-to-support-v9-af_unix-.patch - d/p/u/0007-tests-regressions-Fix-socket-pair-for-v7-semantics.patch * Add patches to fix libapparmor features parsing (LP: #2105986): - d/p/u/libapparmor-feature-match-prefixes.patch - d/p/u/libapparmor-bump-patch-version-for-features-prefix.patch - d/p/u/libapparmor-add-test-for-libapparmor-features-prefix.patch * Add patch to fix parser handling of norelatime mount flag (LP: #2110688): - d/p/u/parser-fix-handling-of-norelatime-mount-rule-flag.patch * Add patch to fix incorrect man page information (LP: #2110630) - d/p/u/fix-incorrect-mount-flag-apparmor.d-docs.patch * Add patch to add regression tests for the above two patches: - d/p/u/regression-verify-documented-mount-flag-behavior.patch -- Ryan Lee <email address hidden> Fri, 20 Feb 2026 15:51:51 -0800
2143863	[SRU] AppArmor bugfixes for Noble
2142792	The busybox and nautilus profiles in 24.04 should be removed
2124206	apparmor socketpair regression test needs fixing
2110688	apparmor parser incorrectly treats norelatime mount flag as a no-op
2110630	apparmor.d man page contains incorrect information about mount flag combinations

rustc-1.89			Apr 10th 01:08
Release: noble	Repo: universe	Level: updates	New version: 1.89.0+dfsg~24.04-0ubuntu0.24.04.2
Packages in group:	cargo-1.89 cargo-1.89-doc libstd-rust-1.89 libstd-rust-1.89-dev rust-1.89-all rust-1.89-clippy rust-1.89-doc rust-1.89-gdb rust-1.89-lldb rust-1.89-src rustfmt-1.89 (... see all)
`rustc-1.89 (1.89.0+dfsg~24.04-0ubuntu0.24.04.2) noble; urgency=medium * d/p/upstream/u-tar-cve-2026-33056: Fix vulnerability (LP: #2145764) -- Max Gilmour <email address hidden> Wed, 25 Mar 2026 10:09:31 -0700`

rustc-1.84			Apr 10th 01:08
Release: noble	Repo: universe	Level: updates	New version: 1.84.1+dfsg0ubuntu1~bpo2-0ubuntu2.24.04.1
Packages in group:	cargo-1.84 cargo-1.84-doc libstd-rust-1.84 libstd-rust-1.84-dev rust-1.84-all rust-1.84-clippy rust-1.84-doc rust-1.84-gdb rust-1.84-lldb rust-1.84-src rustfmt-1.84 (... see all)
`rustc-1.84 (1.84.1+dfsg0ubuntu1~bpo2-0ubuntu2.24.04.1) noble; urgency=medium * d/p/upstream/u-tar-cve-2026-33056: fix vulnerability (LP: #2145764) -- Brent Kerby <email address hidden> Tue, 24 Mar 2026 08:29:23 -0600`

rustc-1.83			Apr 10th 01:08
Release: noble	Repo: universe	Level: updates	New version: 1.83.0+dfsg0ubuntu1~bpo2-0ubuntu0.24.04.1
Packages in group:	cargo-1.83 cargo-1.83-doc libstd-rust-1.83 libstd-rust-1.83-dev rust-1.83-all rust-1.83-clippy rust-1.83-doc rust-1.83-gdb rust-1.83-lldb rust-1.83-src rustfmt-1.83 (... see all)
`rustc-1.83 (1.83.0+dfsg0ubuntu1~bpo2-0ubuntu0.24.04.1) noble; urgency=medium * d/p/upstream/u-tar-cve-2026-33056: fix vulnerability (LP: #2145764) -- Brent Kerby <email address hidden> Tue, 24 Mar 2026 09:52:13 -0600`

rustc-1.82			Apr 10th 01:08
Release: noble	Repo: universe	Level: updates	New version: 1.82.0+dfsg0ubuntu0-0ubuntu0.24.04.1
Packages in group:	cargo-1.82 cargo-1.82-doc libstd-rust-1.82 libstd-rust-1.82-dev rust-1.82-all rust-1.82-clippy rust-1.82-doc rust-1.82-gdb rust-1.82-lldb rust-1.82-src rustfmt-1.82 (... see all)
`rustc-1.82 (1.82.0+dfsg0ubuntu0-0ubuntu0.24.04.1) noble; urgency=medium * d/p/upstream/u-tar-cve-2026-33056: fix vulnerability (LP: #2145764) -- Brent Kerby <email address hidden> Tue, 24 Mar 2026 10:51:47 -0600`

About - Send Feedback to @ubuntu_updates