UbuntuUpdates.org

Release natty does not exist.

Latest Changelogs for all releases

All releases Bionic Focal Jammy Lunar Mantic Noble Precise Trusty Xenial
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesbackportsproposedbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

postgresql-14 May 30th 14:07
Release: jammy Repo: main Level: security New version: 14.12-0ubuntu0.22.04.1
Packages in group:  libecpg6 libecpg-compat3 libecpg-dev libpgtypes3 libpq5 libpq-dev postgresql-client-14 postgresql-doc-14 postgresql-plperl-14 postgresql-plpython3-14 postgresql-pltcl-14 (... see all)

  postgresql-14 (14.12-0ubuntu0.22.04.1) jammy-security; urgency=medium

  * New upstream version (LP: #2067388).

    + A dump/restore is not required for those running 14.X.

    + However, a security vulnerability was found in the system views
      pg_stats_ext and pg_stats_ext_exprs, potentially allowing
      authenticated database users to see data they shouldn't. If this is of
      concern in your installation, follow the steps below to rectify it.

    + Also, if you are upgrading from a version earlier than 14.11, see
      those release notes as well please.

    + Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries
      to the table owner (Nathan Bossart)

      These views failed to hide statistics for expressions that involve
      columns the accessing user does not have permission to read. View
      columns such as most_common_vals might expose security-relevant
      data. The potential interactions here are not fully clear, so in the
      interest of erring on the side of safety, make rows in these views
      visible only to the owner of the associated table.

      The PostgreSQL Project thanks Lukas Fittl for reporting this
      problem.

      By itself, this fix will only fix the behavior in newly initdb'd
      database clusters. If you wish to apply this change in an existing
      cluster, you will need to do the following:

        - In each database of the cluster, run the
          /usr/share/postgresql/14/fix-CVE-2024-4317.sql script as superuser. In
          psql this would look like:

            \i /usr/share/postgresql/14/fix-CVE-2024-4317.sql

          It will not hurt to run the script more than once.

        - Do not forget to include the template0 and template1 databases,
          or the vulnerability will still exist in databases you create
          later. To fix template0, you'll need to temporarily make it accept
          connections. Do that with:

            ALTER DATABASE template0 WITH ALLOW_CONNECTIONS true;

          and then after fixing template0, undo it with:

            ALTER DATABASE template0 WITH ALLOW_CONNECTIONS false;

      (CVE-2024-4317)

    + Details about these and many further changes can be found at:
      https://www.postgresql.org/docs/14/release-14-12.html

  * d/postgresql-14.NEWS: Update.

 -- Sergio Durigan Junior <email address hidden> Tue, 28 May 2024 09:51:10 -0400

 (See more...)
2067388 New upstream microreleases 12.19, 14.12, 15.7 and 16.3
CVE-2024-4317 Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common value

node-browserify-sign May 30th 14:07
Release: focal Repo: universe Level: updates New version: 4.0.4-2ubuntu0.20.04.1
Packages in group: 

  node-browserify-sign (4.0.4-2ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Signature Forgery Attack
    - debian/patches/CVE-2023-46234.patch: fixed an upper bound check issue in
      `dsaVerify` function
    - CVE-2023-46234

 -- Amir Naseredini <email address hidden> Tue, 28 May 2024 12:41:04 +0100
CVE-2023-46234 browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on i

nvidia-graphics-drivers-550 May 30th 13:07
Release: noble Repo: multiverse Level: proposed New version: 550.78-0ubuntu0.24.04.1
Packages in group:  nvidia-dkms-550 nvidia-dkms-550-open nvidia-driver-550-open nvidia-headless-550 nvidia-headless-550-open nvidia-headless-no-dkms-550 nvidia-headless-no-dkms-550-open nvidia-kernel-source-550-open

  nvidia-graphics-drivers-550 (550.78-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream release (LP: #2065302)

 -- Eduard de Vidal Flores <email address hidden> Thu, 23 May 2024 14:47:37 +0200
2065302 New upstream relase 550.78

nvidia-graphics-drivers-550 May 30th 13:07
Release: noble Repo: restricted Level: proposed New version: 550.78-0ubuntu0.24.04.1
Packages in group:  libnvidia-cfg1-550 libnvidia-common-550 libnvidia-compute-550 libnvidia-decode-550 libnvidia-encode-550 libnvidia-extra-550 libnvidia-fbc1-550 libnvidia-gl-550 nvidia-compute-utils-550 nvidia-driver-550 nvidia-firmware-550-550.78 (... see all)

  nvidia-graphics-drivers-550 (550.78-0ubuntu0.24.04.1) noble; urgency=medium

  * New upstream release (LP: #2065302)

 -- Eduard de Vidal Flores <email address hidden> Thu, 23 May 2024 14:47:37 +0200
2065302 New upstream relase 550.78

python-pymysql May 30th 13:07
Release: noble Repo: main Level: security New version: 1.0.2-2ubuntu1.1
Packages in group:  python3-pymysql python-pymysql-doc

  python-pymysql (1.0.2-2ubuntu1.1) noble-security; urgency=medium

  * SECURITY UPDATE: SQL injection via untrusted JSON input
    - debian/patches/CVE-2024-36039.patch: forbid dict parameter in
      pymysql/converters.py, pymysql/tests/test_connection.py.
    - CVE-2024-36039

 -- Marc Deslauriers <email address hidden> Tue, 28 May 2024 13:31:47 -0400
CVE-2024-36039 PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

node-browserify-sign May 30th 13:07
Release: mantic Repo: universe Level: security New version: 4.2.1-3ubuntu0.1
Packages in group: 

  node-browserify-sign (4.2.1-3ubuntu0.1) mantic-security; urgency=medium

  * SECURITY UPDATE: Signature Forgery Attack
    - debian/patches/CVE-2023-46234.patch: fixed an upper bound check issue in
      `dsaVerify` function
    - CVE-2023-46234

 -- Amir Naseredini <email address hidden> Tue, 28 May 2024 12:26:03 +0100
CVE-2023-46234 browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on i

python-pymysql May 30th 13:07
Release: mantic Repo: main Level: security New version: 1.0.2-1ubuntu1.23.10.1
Packages in group:  python3-pymysql python-pymysql-doc

  python-pymysql (1.0.2-1ubuntu1.23.10.1) mantic-security; urgency=medium

  * SECURITY UPDATE: SQL injection via untrusted JSON input
    - debian/patches/CVE-2024-36039.patch: forbid dict parameter in
      pymysql/converters.py, pymysql/tests/test_connection.py.
    - CVE-2024-36039

 -- Marc Deslauriers <email address hidden> Tue, 28 May 2024 13:33:51 -0400
CVE-2024-36039 PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

node-browserify-sign May 30th 13:07
Release: jammy Repo: universe Level: security New version: 4.2.1-2ubuntu0.1
Packages in group: 

  node-browserify-sign (4.2.1-2ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: Signature Forgery Attack
    - debian/patches/CVE-2023-46234.patch: fixed an upper bound check issue in
      `dsaVerify` function
    - CVE-2023-46234
  * debian/rules: disabled running the tests during build because of LP bug
    #1979639

 -- Amir Naseredini <email address hidden> Wed, 29 May 2024 16:02:25 +0100
CVE-2023-46234 browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on i

nvidia-graphics-drivers-550 May 30th 13:07
Release: jammy Repo: restricted Level: proposed New version: 550.78-0ubuntu0.22.04.1
Packages in group:  libnvidia-cfg1-550 libnvidia-common-550 libnvidia-compute-550 libnvidia-decode-550 libnvidia-encode-550 libnvidia-extra-550 libnvidia-fbc1-550 libnvidia-gl-550 nvidia-compute-utils-550 nvidia-dkms-550 nvidia-dkms-550-open (... see all)

  nvidia-graphics-drivers-550 (550.78-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream release (LP: #2065302)

 -- Eduard de Vidal Flores <email address hidden> Thu, 23 May 2024 14:42:17 +0200
2065302 New upstream relase 550.78

python-pymysql May 30th 13:07
Release: jammy Repo: main Level: security New version: 1.0.2-1ubuntu1.22.04.1
Packages in group:  python3-pymysql python-pymysql-doc

  python-pymysql (1.0.2-1ubuntu1.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: SQL injection via untrusted JSON input
    - debian/patches/CVE-2024-36039.patch: forbid dict parameter in
      pymysql/converters.py, pymysql/tests/test_connection.py.
    - CVE-2024-36039

 -- Marc Deslauriers <email address hidden> Tue, 28 May 2024 13:34:34 -0400
CVE-2024-36039 PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict.

nvidia-imex-550 May 30th 13:07
Release: focal Repo: multiverse Level: proposed New version: 550.54.15-0ubuntu0.20.04.1
Packages in group: 

  nvidia-imex-550 (550.54.15-0ubuntu0.20.04.1) focal; urgency=medium

  * New Upstream release (LP: 2059115)

 -- Kuba Pawlak <email address hidden> Tue, 26 Mar 2024 14:07:27 +0100

libnvidia-nscq-550 May 30th 13:07
Release: focal Repo: multiverse Level: proposed New version: 550.54.15-0ubuntu0.20.04.1
Packages in group: 

  libnvidia-nscq-550 (550.54.15-0ubuntu0.20.04.1) focal; urgency=medium

  * New Upstream release (LP: 2059115)

 -- Kuba Pawlak <email address hidden> Tue, 26 Mar 2024 13:40:34 +0100

nvidia-graphics-drivers-550 May 30th 13:07
Release: focal Repo: multiverse Level: proposed New version: 550.78-0ubuntu0.20.04.1
Packages in group:  libnvidia-cfg1-550 libnvidia-common-550 libnvidia-compute-550 libnvidia-decode-550 libnvidia-encode-550 libnvidia-extra-550 libnvidia-fbc1-550 libnvidia-gl-550 nvidia-compute-utils-550 nvidia-dkms-550 nvidia-dkms-550-open (... see all)

  nvidia-graphics-drivers-550 (550.78-0ubuntu0.20.04.1) focal; urgency=medium

  * New upstream release (LP: #2065302)

 -- Eduard de Vidal Flores <email address hidden> Thu, 23 May 2024 14:32:59 +0200
2065302 New upstream relase 550.78

fabric-manager-550 May 30th 13:07
Release: focal Repo: multiverse Level: proposed New version: 550.54.15-0ubuntu0.20.04.1
Packages in group:  cuda-drivers-fabricmanager-550 nvidia-fabricmanager-550 nvidia-fabricmanager-dev-550

  fabric-manager-550 (550.54.15-0ubuntu0.20.04.1) focal; urgency=medium

  * New Upstream release (LP: 2059115)

 -- Kuba Pawlak <email address hidden> Tue, 26 Mar 2024 13:56:39 +0100

node-browserify-sign May 30th 13:07
Release: focal Repo: universe Level: security New version: 4.0.4-2ubuntu0.20.04.1
Packages in group: 

  node-browserify-sign (4.0.4-2ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Signature Forgery Attack
    - debian/patches/CVE-2023-46234.patch: fixed an upper bound check issue in
      `dsaVerify` function
    - CVE-2023-46234

 -- Amir Naseredini <email address hidden> Tue, 28 May 2024 12:41:04 +0100
CVE-2023-46234 browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on i


About   -   Send Feedback to @ubuntu_updates