UbuntuUpdates.org

Latest Changelogs for all releases

All releases Artful Bionic Cosmic Precise Trusty Xenial
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesproposedbackportsbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

nodejs 10-18 22:06 UTC
Release: bionic Repo: universe Level: proposed New version: 8.10.0~dfsg-2ubuntu0.4
Packages in group:  nodejs-dev nodejs-doc

  nodejs (8.10.0~dfsg-2ubuntu0.4) bionic; urgency=medium

  * Use openssl1.0 client binary in tests LP: #1798367
    - resurrect fix_sslv3_test.patch
    - revert s_client_tls12.patch, as not needed with old ssl
    - reenable-more-tests.patch - reenable openssl1.0 and zlib tests, they
      should work

 -- Dimitri John Ledkov <email address hidden> Wed, 17 Oct 2018 13:21:44 +0100

1798367 [SRU] nodejs should use openssl1.0 in testing as well

nautilus 10-18 22:06 UTC
Release: bionic Repo: main Level: proposed New version: 1:3.26.4-0~ubuntu18.04.2
Packages in group:  gir1.2-nautilus-3.0 libnautilus-extension1a libnautilus-extension-dev nautilus-data

  nautilus (1:3.26.4-0~ubuntu18.04.2) bionic; urgency=medium

  * d/p/search-engine-Query-file-system-to-determine-remoteness.patch:
    - Fix remote filesystem check on file during search (LP: #1795028)
  * d/p/0016-search-engine-add-a-recent-search-engine-listing-Gtk.patch:
    - Refreshed to add memory leak and potential crash fixes (LP: #1798426)

 -- Marco Trevisan (Treviño) <email address hidden> Mon, 08 Oct 2018 18:30:01 +0200

1798426 Nautilus leaks memory for each recent engine search
1795028 Nautilus crashes during search in is_recursive_search (search-engine)

libcrypto++ 10-18 22:06 UTC
Release: xenial Repo: universe Level: updates New version: 5.6.1-9ubuntu0.1
Packages in group:  libcrypto++9v5 libcrypto++9v5-dbg libcrypto++-dev libcrypto++-doc libcrypto++-utils

  libcrypto++ (5.6.1-9ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Timing attack against Rijndael
    - debiain/patches/CVE-2016-3995.patch: Fix the Rijndael timing attack
      counter measure
    - CVE-2016-3995
  * SECURITY UPDATE: Memory exhaustion DOS
    - debiain/patches/CVE-2016-9939.patch: Fix possible DoS in ASN.1 decoders
    - CVE-2016-9939

 -- Mike Salvatore <email address hidden> Wed, 17 Oct 2018 10:42:51 -0400

CVE-2016-9939 Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on th
CVE-2016-3995 The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may b

libcrypto++ 10-18 22:06 UTC
Release: xenial Repo: universe Level: security New version: 5.6.1-9ubuntu0.1
Packages in group:  libcrypto++9v5 libcrypto++9v5-dbg libcrypto++-dev libcrypto++-doc libcrypto++-utils

  libcrypto++ (5.6.1-9ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Timing attack against Rijndael
    - debiain/patches/CVE-2016-3995.patch: Fix the Rijndael timing attack
      counter measure
    - CVE-2016-3995
  * SECURITY UPDATE: Memory exhaustion DOS
    - debiain/patches/CVE-2016-9939.patch: Fix possible DoS in ASN.1 decoders
    - CVE-2016-9939

 -- Mike Salvatore <email address hidden> Wed, 17 Oct 2018 10:42:51 -0400

CVE-2016-9939 Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on th
CVE-2016-3995 The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and Rijndael::Dec::ProcessAndXorBlock in Crypto++ (aka cryptopp) before 5.6.4 may b

linux-azure 10-18 20:07 UTC
Release: bionic Repo: main Level: updates New version: 4.15.0-1025.26
Packages in group:  linux-azure-headers-4.15.0-1012 linux-azure-headers-4.15.0-1013 linux-azure-headers-4.15.0-1014 linux-azure-headers-4.15.0-1018 linux-azure-headers-4.15.0-1019 linux-azure-headers-4.15.0-1021 linux-azure-headers-4.15.0-1022 linux-azure-headers-4.15.0-1023 linux-azure-headers-4.15.0-1025

  linux-azure (4.15.0-1025.26) bionic; urgency=medium

  [ Ubuntu: 4.15.0-36.39 ]

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation
  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

CVE-2018-17182 An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An
CVE-2018-14633 A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request f

linux-azure 10-18 20:07 UTC
Release: bionic Repo: main Level: security New version: 4.15.0-1025.26
Packages in group:  linux-azure-headers-4.15.0-1012 linux-azure-headers-4.15.0-1013 linux-azure-headers-4.15.0-1014 linux-azure-headers-4.15.0-1018 linux-azure-headers-4.15.0-1019 linux-azure-headers-4.15.0-1021 linux-azure-headers-4.15.0-1022 linux-azure-headers-4.15.0-1023 linux-azure-headers-4.15.0-1025

  linux-azure (4.15.0-1025.26) bionic; urgency=medium

  [ Ubuntu: 4.15.0-36.39 ]

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation
  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

CVE-2018-17182 An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An
CVE-2018-14633 A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request f

linux-azure 10-18 20:06 UTC
Release: xenial Repo: main Level: updates New version: 4.15.0-1025.26~16.04.1
Packages in group:  linux-azure-headers-4.11.0-1009 linux-azure-headers-4.11.0-1011 linux-azure-headers-4.11.0-1013 linux-azure-headers-4.11.0-1014 linux-azure-headers-4.11.0-1015 linux-azure-headers-4.11.0-1016 linux-azure-headers-4.13.0-1005 linux-azure-headers-4.13.0-1006 linux-azure-headers-4.13.0-1007 linux-azure-headers-4.13.0-1009 linux-azure-headers-4.13.0-1011 (... see all)

  linux-azure (4.15.0-1025.26~16.04.1) xenial; urgency=medium

  [ Ubuntu: 4.15.0-36.39 ]

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation
  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

CVE-2018-17182 An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An
CVE-2018-14633 A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request f

linux-azure 10-18 20:06 UTC
Release: xenial Repo: main Level: security New version: 4.15.0-1025.26~16.04.1
Packages in group:  linux-azure-headers-4.11.0-1015 linux-azure-headers-4.11.0-1016 linux-azure-headers-4.13.0-1005 linux-azure-headers-4.13.0-1006 linux-azure-headers-4.13.0-1007 linux-azure-headers-4.13.0-1011 linux-azure-headers-4.13.0-1014 linux-azure-headers-4.13.0-1016 linux-azure-headers-4.13.0-1018 linux-azure-headers-4.15.0-1013 linux-azure-headers-4.15.0-1014 (... see all)

  linux-azure (4.15.0-1025.26~16.04.1) xenial; urgency=medium

  [ Ubuntu: 4.15.0-36.39 ]

  * CVE-2018-14633
    - iscsi target: Use hex2bin instead of a re-implementation
  * CVE-2018-17182
    - mm: get rid of vmacache_flush_all() entirely

CVE-2018-17182 An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An
CVE-2018-14633 A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request f

linux-oem 10-18 19:06 UTC
Release: bionic Repo: main Level: proposed New version: 4.15.0-1024.29
Packages in group:  linux-oem-headers-4.15.0-1004 linux-oem-headers-4.15.0-1005 linux-oem-headers-4.15.0-1006 linux-oem-headers-4.15.0-1007 linux-oem-headers-4.15.0-1008 linux-oem-headers-4.15.0-1009 linux-oem-headers-4.15.0-1010 linux-oem-headers-4.15.0-1011 linux-oem-headers-4.15.0-1012 linux-oem-headers-4.15.0-1013 linux-oem-headers-4.15.0-1014 (... see all)

  linux-oem (4.15.0-1024.29) bionic; urgency=medium

  * linux-oem: 4.15.0-1024.29 -proposed tracker (LP: #1797069)

  * Keyboard backlight sysfs sometimes is missing on Dell laptops (LP: #1797304)
    - platform/x86: dell-smbios: Correct some style warnings
    - platform/x86: dell-smbios: Rename dell-smbios source to dell-smbios-base
    - platform/x86: dell-smbios: Link all dell-smbios-* modules together
    - [Config] CONFIG_DELL_SMBIOS_SMM=y, CONFIG_DELL_SMBIOS_WMI=y
    - [Config] CONFIG_DELL_SMBIOS_SMM=y, CONFIG_DELL_SMBIOS_WMI=y

  [ Ubuntu: 4.15.0-38.41 ]

  * linux: 4.15.0-38.41 -proposed tracker (LP: #1797061)
  * Silent data corruption in Linux kernel 4.15 (LP: #1796542)
    - block: add a lower-level bio_add_page interface
    - block: bio_iov_iter_get_pages: fix size of last iovec
    - blkdev: __blkdev_direct_IO_simple: fix leak in error case
    - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs

 -- Chia-Lin Kao (AceLan) <email address hidden> Tue, 16 Oct 2018 10:32:03 +0800

1796542 Silent data corruption in Linux kernel 4.15
1797304 Keyboard backlight sysfs sometimes is missing on Dell laptops

national-geographic-wallpaper 10-18 05:07 UTC
This package belongs to a PPA: Atareao Atareao
Release: bionic Repo: main Level: base New version: 0.6.6-0extras18.04.1
Packages in group: 

 national-geographic-wallpaper (0.6.6-0extras18.04.1) bionic; urgency=medium
 .
   * Added update on reboot


firefox 10-18 04:08 UTC
This package belongs to a PPA: Ubuntu Mozilla Security
Release: trusty Repo: main Level: base New version: 63.0+build1-0ubuntu0.14.04.2
Packages in group:  firefox-dbg firefox-dev firefox-globalmenu firefox-locale-af firefox-locale-an firefox-locale-ar firefox-locale-as firefox-locale-ast firefox-locale-az firefox-locale-be firefox-locale-bg (... see all)

 firefox (63.0+build1-0ubuntu0.14.04.2) trusty; urgency=medium
 .
   * Do not require Node.js to build, as version 8.11 isn't available in trusty
     - update debian/config/mozconfig.in
     - update debian/control{,.in}


golang-1.10 10-18 04:06 UTC
Release: trusty Repo: universe Level: proposed New version: 1.10.4-2ubuntu1~14.04.1
Packages in group:  golang-1.10-doc golang-1.10-go golang-1.10-src

  golang-1.10 (1.10.4-2ubuntu1~14.04.1) trusty; urgency=medium

  * Backport to 14.04. (LP: #1794395)
  * Build with Go 1.6.
  * Do not run the test_shared tests on arm64.

 -- Michael Hudson-Doyle <email address hidden> Wed, 26 Sep 2018 12:41:47 +1200

1794395 upload golang-1.10 1.10.4 to all supported releases of ubuntu

firefox 10-18 00:08 UTC
This package belongs to a PPA: Ubuntu Mozilla Security
Release: xenial Repo: main Level: base New version: 63.0+build1-0ubuntu0.16.04.2
Packages in group:  firefox-dbg firefox-dev firefox-globalmenu firefox-locale-af firefox-locale-an firefox-locale-ar firefox-locale-as firefox-locale-ast firefox-locale-az firefox-locale-be firefox-locale-bg (... see all)

 firefox (63.0+build1-0ubuntu0.16.04.2) xenial; urgency=medium
 .
   * Do not require Node.js to build, as version 8.11 isn't available in xenial
     - update debian/config/mozconfig.in
     - update debian/control{,.in}


golang-1.10 10-18 00:06 UTC
Release: xenial Repo: universe Level: proposed New version: 1.10.4-2ubuntu1~16.04.1
Packages in group:  golang-1.10-doc golang-1.10-go golang-1.10-src

  golang-1.10 (1.10.4-2ubuntu1~16.04.1) xenial; urgency=medium

  * Backport to 16.04. (LP: #1794395)

 -- Michael Hudson-Doyle <email address hidden> Thu, 27 Sep 2018 09:16:14 +1200

1794395 upload golang-1.10 1.10.4 to all supported releases of ubuntu

firefox 10-17 23:08 UTC
This package belongs to a PPA: Ubuntu Mozilla Security
Release: bionic Repo: main Level: base New version: 63.0+build1-0ubuntu0.18.04.2
Packages in group:  firefox-dbg firefox-dev firefox-globalmenu firefox-locale-af firefox-locale-an firefox-locale-ar firefox-locale-as firefox-locale-ast firefox-locale-az firefox-locale-be firefox-locale-bg (... see all)

 firefox (63.0+build1-0ubuntu0.18.04.2) bionic; urgency=medium
 .
   * Do not require Node.js to build, as version 8.11 isn't available in bionic
     - update debian/config/mozconfig.in
     - update debian/control{,.in}




About   -   Send Feedback to @ubuntu_updates