{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [], "removed": [], "diff": [ "binutils", "binutils-common", "binutils-x86-64-linux-gnu", "distro-info-data", "libbinutils", "libctf-nobfd0", "libctf0", "libnss-systemd", "libpam-systemd", "libssh-4", "libsystemd0", "libudev1", "snapd", "sosreport", "systemd", "systemd-sysv", "systemd-timesyncd", "udev" ] } }, "diff": { "deb": [ { "name": "binutils", "from_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.8", "version": "2.38-4ubuntu2.8" }, "to_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.10", "version": "2.38-4ubuntu2.10" }, "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11082.patch: avoid reads of beyond", " .eh_frame section in bfd/elf-eh-frame.c.", " - CVE-2025-11082", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11083.patch: fix in bfd/elfcode.h.", " - CVE-2025-11083", " * SECURITY UPDATE: Buffer overflow", " - debian/patches/CVE-2025-1147.patch: fix treating an ifunc symbol", " as a stab in binutils/nm.c, binutils/testsuite/binutils-all/nm.exp.", " - CVE-2025-1147", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-1148.patch: replace xmalloc with stat_alloc", " in ld parser in multiple files.", " - CVE-2025-1148", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-3198.patch: fix memory leak", " inbinutils/bucomm.c.", " - CVE-2025-3198", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5244.patch: fix segfault", " in bfd/elflink.c", " - CVE-2025-5244", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5245.patch: fix segfault", " in binutils/debug.c", " - CVE-2025-5245", " * SECURITY UPDATE: Heap-based buffer overflow", " - debian/patches/CVE-2025-7545.patch: check size", " of copy_section in binutils/objcopy.c", " - CVE-2025-7545", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-8225.patch: fix in binutils/dwarf.c.", " - CVE-2025-8225", "" ], "package": "binutils", "version": "2.38-4ubuntu2.10", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Wed, 22 Oct 2025 09:58:08 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "binutils-common", "from_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.8", "version": "2.38-4ubuntu2.8" }, "to_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.10", "version": "2.38-4ubuntu2.10" }, "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11082.patch: avoid reads of beyond", " .eh_frame section in bfd/elf-eh-frame.c.", " - CVE-2025-11082", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11083.patch: fix in bfd/elfcode.h.", " - CVE-2025-11083", " * SECURITY UPDATE: Buffer overflow", " - debian/patches/CVE-2025-1147.patch: fix treating an ifunc symbol", " as a stab in binutils/nm.c, binutils/testsuite/binutils-all/nm.exp.", " - CVE-2025-1147", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-1148.patch: replace xmalloc with stat_alloc", " in ld parser in multiple files.", " - CVE-2025-1148", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-3198.patch: fix memory leak", " inbinutils/bucomm.c.", " - CVE-2025-3198", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5244.patch: fix segfault", " in bfd/elflink.c", " - CVE-2025-5244", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5245.patch: fix segfault", " in binutils/debug.c", " - CVE-2025-5245", " * SECURITY UPDATE: Heap-based buffer overflow", " - debian/patches/CVE-2025-7545.patch: check size", " of copy_section in binutils/objcopy.c", " - CVE-2025-7545", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-8225.patch: fix in binutils/dwarf.c.", " - CVE-2025-8225", "" ], "package": "binutils", "version": "2.38-4ubuntu2.10", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Wed, 22 Oct 2025 09:58:08 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "binutils-x86-64-linux-gnu", "from_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.8", "version": "2.38-4ubuntu2.8" }, "to_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.10", "version": "2.38-4ubuntu2.10" }, "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11082.patch: avoid reads of beyond", " .eh_frame section in bfd/elf-eh-frame.c.", " - CVE-2025-11082", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11083.patch: fix in bfd/elfcode.h.", " - CVE-2025-11083", " * SECURITY UPDATE: Buffer overflow", " - debian/patches/CVE-2025-1147.patch: fix treating an ifunc symbol", " as a stab in binutils/nm.c, binutils/testsuite/binutils-all/nm.exp.", " - CVE-2025-1147", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-1148.patch: replace xmalloc with stat_alloc", " in ld parser in multiple files.", " - CVE-2025-1148", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-3198.patch: fix memory leak", " inbinutils/bucomm.c.", " - CVE-2025-3198", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5244.patch: fix segfault", " in bfd/elflink.c", " - CVE-2025-5244", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5245.patch: fix segfault", " in binutils/debug.c", " - CVE-2025-5245", " * SECURITY UPDATE: Heap-based buffer overflow", " - debian/patches/CVE-2025-7545.patch: check size", " of copy_section in binutils/objcopy.c", " - CVE-2025-7545", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-8225.patch: fix in binutils/dwarf.c.", " - CVE-2025-8225", "" ], "package": "binutils", "version": "2.38-4ubuntu2.10", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Wed, 22 Oct 2025 09:58:08 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "distro-info-data", "from_version": { "source_package_name": "distro-info-data", "source_package_version": "0.52ubuntu0.9", "version": "0.52ubuntu0.9" }, "to_version": { "source_package_name": "distro-info-data", "source_package_version": "0.52ubuntu0.11", "version": "0.52ubuntu0.11" }, "cves": [], "launchpad_bugs_fixed": [ 2126961 ], "changes": [ { "cves": [], "log": [ "", " * ubuntu.csv: remove eol-legacy field from resolute", " This version of distro-info does not know about eol-legacy.", "" ], "package": "distro-info-data", "version": "0.52ubuntu0.11", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [], "author": "Nick Rosbrook ", "date": "Fri, 10 Oct 2025 11:59:51 -0400" }, { "cves": [], "log": [ "", " * Add Ubuntu 26.04 LTS \"Resolute Raccoon\" (LP: #2126961)", " * Correct date for forky", " * Correct estimation for trixie ELTS EoL to 10 years total support.", " * Update the bookworm EoL", "" ], "package": "distro-info-data", "version": "0.52ubuntu0.10", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2126961 ], "author": "Florent 'Skia' Jacquet ", "date": "Fri, 10 Oct 2025 11:33:51 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libbinutils", "from_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.8", "version": "2.38-4ubuntu2.8" }, "to_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.10", "version": "2.38-4ubuntu2.10" }, "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11082.patch: avoid reads of beyond", " .eh_frame section in bfd/elf-eh-frame.c.", " - CVE-2025-11082", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11083.patch: fix in bfd/elfcode.h.", " - CVE-2025-11083", " * SECURITY UPDATE: Buffer overflow", " - debian/patches/CVE-2025-1147.patch: fix treating an ifunc symbol", " as a stab in binutils/nm.c, binutils/testsuite/binutils-all/nm.exp.", " - CVE-2025-1147", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-1148.patch: replace xmalloc with stat_alloc", " in ld parser in multiple files.", " - CVE-2025-1148", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-3198.patch: fix memory leak", " inbinutils/bucomm.c.", " - CVE-2025-3198", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5244.patch: fix segfault", " in bfd/elflink.c", " - CVE-2025-5244", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5245.patch: fix segfault", " in binutils/debug.c", " - CVE-2025-5245", " * SECURITY UPDATE: Heap-based buffer overflow", " - debian/patches/CVE-2025-7545.patch: check size", " of copy_section in binutils/objcopy.c", " - CVE-2025-7545", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-8225.patch: fix in binutils/dwarf.c.", " - CVE-2025-8225", "" ], "package": "binutils", "version": "2.38-4ubuntu2.10", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Wed, 22 Oct 2025 09:58:08 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libctf-nobfd0", "from_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.8", "version": "2.38-4ubuntu2.8" }, "to_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.10", "version": "2.38-4ubuntu2.10" }, "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11082.patch: avoid reads of beyond", " .eh_frame section in bfd/elf-eh-frame.c.", " - CVE-2025-11082", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11083.patch: fix in bfd/elfcode.h.", " - CVE-2025-11083", " * SECURITY UPDATE: Buffer overflow", " - debian/patches/CVE-2025-1147.patch: fix treating an ifunc symbol", " as a stab in binutils/nm.c, binutils/testsuite/binutils-all/nm.exp.", " - CVE-2025-1147", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-1148.patch: replace xmalloc with stat_alloc", " in ld parser in multiple files.", " - CVE-2025-1148", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-3198.patch: fix memory leak", " inbinutils/bucomm.c.", " - CVE-2025-3198", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5244.patch: fix segfault", " in bfd/elflink.c", " - CVE-2025-5244", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5245.patch: fix segfault", " in binutils/debug.c", " - CVE-2025-5245", " * SECURITY UPDATE: Heap-based buffer overflow", " - debian/patches/CVE-2025-7545.patch: check size", " of copy_section in binutils/objcopy.c", " - CVE-2025-7545", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-8225.patch: fix in binutils/dwarf.c.", " - CVE-2025-8225", "" ], "package": "binutils", "version": "2.38-4ubuntu2.10", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Wed, 22 Oct 2025 09:58:08 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libctf0", "from_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.8", "version": "2.38-4ubuntu2.8" }, "to_version": { "source_package_name": "binutils", "source_package_version": "2.38-4ubuntu2.10", "version": "2.38-4ubuntu2.10" }, "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-1147", "url": "https://ubuntu.com/security/CVE-2025-1147", "cve_description": "A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-1148", "url": "https://ubuntu.com/security/CVE-2025-1148", "cve_description": "A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: \"I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master.\"", "cve_priority": "medium", "cve_public_date": "2025-02-10 14:15:00 UTC" }, { "cve": "CVE-2025-3198", "url": "https://ubuntu.com/security/CVE-2025-3198", "cve_description": "A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-04-04 02:15:00 UTC" }, { "cve": "CVE-2025-5244", "url": "https://ubuntu.com/security/CVE-2025-5244", "cve_description": "A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-05-27 13:15:00 UTC" }, { "cve": "CVE-2025-5245", "url": "https://ubuntu.com/security/CVE-2025-5245", "cve_description": "A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-05-27 15:15:00 UTC" }, { "cve": "CVE-2025-7545", "url": "https://ubuntu.com/security/CVE-2025-7545", "cve_description": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-13 22:15:00 UTC" }, { "cve": "CVE-2025-8225", "url": "https://ubuntu.com/security/CVE-2025-8225", "cve_description": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.", "cve_priority": "medium", "cve_public_date": "2025-07-27 08:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11082.patch: avoid reads of beyond", " .eh_frame section in bfd/elf-eh-frame.c.", " - CVE-2025-11082", " * SECURITY UPDATE: Heap based buffer overflow", " - debian/patches/CVE-2025-11083.patch: fix in bfd/elfcode.h.", " - CVE-2025-11083", " * SECURITY UPDATE: Buffer overflow", " - debian/patches/CVE-2025-1147.patch: fix treating an ifunc symbol", " as a stab in binutils/nm.c, binutils/testsuite/binutils-all/nm.exp.", " - CVE-2025-1147", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-1148.patch: replace xmalloc with stat_alloc", " in ld parser in multiple files.", " - CVE-2025-1148", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-3198.patch: fix memory leak", " inbinutils/bucomm.c.", " - CVE-2025-3198", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5244.patch: fix segfault", " in bfd/elflink.c", " - CVE-2025-5244", " * SECURITY UPDATE: Memory corruption", " - debian/patches/CVE-2025-5245.patch: fix segfault", " in binutils/debug.c", " - CVE-2025-5245", " * SECURITY UPDATE: Heap-based buffer overflow", " - debian/patches/CVE-2025-7545.patch: check size", " of copy_section in binutils/objcopy.c", " - CVE-2025-7545", " * SECURITY UPDATE: Memory leak", " - debian/patches/CVE-2025-8225.patch: fix in binutils/dwarf.c.", " - CVE-2025-8225", "" ], "package": "binutils", "version": "2.38-4ubuntu2.10", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Leonidas Da Silva Barbosa ", "date": "Wed, 22 Oct 2025 09:58:08 -0300" } ], "notes": null, "is_version_downgrade": false }, { "name": "libnss-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.17", "version": "249.11-0ubuntu3.17" }, "cves": [], "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)", " * d/t/tests-in-lxd: drop patching workaround (LP: #2115263)", " - d/t/control: add Depends: dnsmasq-base", " (Revealed by test progressing past previous failure)", "", " [ Chengen Du ]", " * core/device: fix devlink handling (LP: #2100252)", "" ], "package": "systemd", "version": "249.11-0ubuntu3.17", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "author": "Nick Rosbrook ", "date": "Tue, 26 Aug 2025 11:23:06 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpam-systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.17", "version": "249.11-0ubuntu3.17" }, "cves": [], "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)", " * d/t/tests-in-lxd: drop patching workaround (LP: #2115263)", " - d/t/control: add Depends: dnsmasq-base", " (Revealed by test progressing past previous failure)", "", " [ Chengen Du ]", " * core/device: fix devlink handling (LP: #2100252)", "" ], "package": "systemd", "version": "249.11-0ubuntu3.17", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "author": "Nick Rosbrook ", "date": "Tue, 26 Aug 2025 11:23:06 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libssh-4", "from_version": { "source_package_name": "libssh", "source_package_version": "0.9.6-2ubuntu0.22.04.4", "version": "0.9.6-2ubuntu0.22.04.4" }, "to_version": { "source_package_name": "libssh", "source_package_version": "0.9.6-2ubuntu0.22.04.5", "version": "0.9.6-2ubuntu0.22.04.5" }, "cves": [ { "cve": "CVE-2025-8114", "url": "https://ubuntu.com/security/CVE-2025-8114", "cve_description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "cve_priority": "low", "cve_public_date": "2025-07-24 15:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-8114", "url": "https://ubuntu.com/security/CVE-2025-8114", "cve_description": "A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.", "cve_priority": "low", "cve_public_date": "2025-07-24 15:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: NULL pointer dereference", " - debian/patches/CVE-2025-8114.patch: sets rc to SSH_ERROR prior to goto", " error in ssh_make_sessionid() of src/kex.c.", " - CVE-2025-8114", "" ], "package": "libssh", "version": "0.9.6-2ubuntu0.22.04.5", "urgency": "medium", "distributions": "jammy-security", "launchpad_bugs_fixed": [], "author": "Ian Constantin ", "date": "Wed, 29 Oct 2025 14:58:26 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsystemd0", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.17", "version": "249.11-0ubuntu3.17" }, "cves": [], "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)", " * d/t/tests-in-lxd: drop patching workaround (LP: #2115263)", " - d/t/control: add Depends: dnsmasq-base", " (Revealed by test progressing past previous failure)", "", " [ Chengen Du ]", " * core/device: fix devlink handling (LP: #2100252)", "" ], "package": "systemd", "version": "249.11-0ubuntu3.17", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "author": "Nick Rosbrook ", "date": "Tue, 26 Aug 2025 11:23:06 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "libudev1", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.17", "version": "249.11-0ubuntu3.17" }, "cves": [], "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)", " * d/t/tests-in-lxd: drop patching workaround (LP: #2115263)", " - d/t/control: add Depends: dnsmasq-base", " (Revealed by test progressing past previous failure)", "", " [ Chengen Du ]", " * core/device: fix devlink handling (LP: #2100252)", "" ], "package": "systemd", "version": "249.11-0ubuntu3.17", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "author": "Nick Rosbrook ", "date": "Tue, 26 Aug 2025 11:23:06 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "snapd", "from_version": { "source_package_name": "snapd", "source_package_version": "2.68.5+ubuntu22.04.1", "version": "2.68.5+ubuntu22.04.1" }, "to_version": { "source_package_name": "snapd", "source_package_version": "2.72+ubuntu22.04", "version": "2.72+ubuntu22.04" }, "cves": [], "launchpad_bugs_fixed": [ 2124239, 2122054, 2117558, 1916244, 2121238, 2117121, 2112626, 2114704, 2118396, 2114923, 2112551, 2114779, 2112544, 2112332, 1952500, 1849346, 2098780, 2033883, 2112209, 2107443, 2104066, 2105854, 2102456, 2106121, 2088456, 2098137, 2109843, 2098137, 2104933, 2098137, 2101834, 2098137, 2099709, 2098137, 2098137, 2089195, 2072987, 1712808, 1966203, 1886414, 2089691 ], "changes": [ { "cves": [], "log": [ "", " * New upstream release, LP: #2124239", " - FDE: support replacing TPM protected keys at runtime via the", " /v2/system-volumes endpoint", " - FDE: support secboot preinstall check fix actions for 25.10+", " hybrid installs via the /v2/system/{label} endpoint", " - FDE: tweak polkit message to remove jargon", " - FDE: ensure proper sealing with kernel command line defaults", " - FDE: provide generic reseal function", " - FDE: support using OPTEE for protecting keys, as an alternative to", " existing fde-setup hooks (Ubuntu Core only)", " - Confdb: 'snapctl get --view' supports passing default values", " - Confdb: content sub-rules in confdb-schemas inherit their parent", " rule's \"access\"", " - Confdb: make confdb error kinds used in API more generic", " - Confdb: fully support lists and indexed paths (including unset)", " - Prompting: add notice backend for prompting types (unused for now)", " - Prompting: include request cgroup in prompt", " - Prompting: handle unsupported xattrs", " - Prompting: add permission mapping for the camera interface", " - Notices: read notices from state without state lock", " - Notices: add methods to get notice fields and create, reoccur, and", " deepcopy notice", " - Notices: add notice manager to coordinate separate notice backends", " - Notices: support draining notices from state when notice backend", " registered as producer of a particular notice type", " - Notices: query notice manager from daemon instead of querying", " state for notices directly", " - Packaging: Ubuntu | ignore .git directory", " - Packaging: FIPS | bump deb Go FIPS to 1.23", " - Packaging: snap | bump FIPS toolchain to 1.23", " - Packaging: debian | sync most upstream changes", " - Packaging: debian-sid | depends on libcap2-bin for postint", " - Packaging: Fedora | drop fakeroot", " - Packaging: snap | modify snapd.mk to pass build tags when running", " unit tests", " - Packaging: snap | modify snapd.mk to pass nooptee build tag", " - Packaging: modify Makefile.am to fix snap-confine install profile", " with 'make hack'", " - Packaging: modify Makefile.am to fix out-of-tree use of 'make", " hack'", " - LP: #2122054 Snap installation: skip snap icon download when", " running in a cloud or using a proxy store", " - Snap installation: add timeout to http client when downloading", " snap icon", " - Snap installation: use http(s) proxy for icon downloads", " - LP: #2117558 snap-confine: fix error message with /root/snap not", " accessible", " - snap-confine: fix non-suid limitation by switching to root:root to", " operate v1 freezer", " - core-initrd: do not use writable-paths when not available", " - core-initrd: remove debian folder", " - LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev", " interface now with the more robust gpio-aggregator configfs kernel", " interface", " - Interfaces: gpio-chardev | exclusive snap connections, raise a", " conflict when both gpio-chardev and gpio are connected", " - Interfaces: gpio-chardev | fix gpio-aggregator module load order", " - Interfaces: ros-snapd-support | grant access to /v2/changes", " - Interfaces: uda-driver-libs, egl-driver-libs, gbm-driver-libs,", " opengl-driver-libs, opengles-driver-libs | new interfaces to", " support nvidia driver components", " - Interfaces: microstack-support | allow DPDK (hugepage related", " permissions)", " - Interfaces: system-observe | allow reading additional files in", " /proc, needed by node-exporter", " - Interfaces: u2f | add Cano Key, Thesis FIDO2 BioFP+ Security Key", " and Kensington VeriMark DT Fingerprint Key to device list", " - Interfaces: snap-interfaces-requests-control | allow shell API", " control", " - Interfaces: fwupd | allow access to Intel CVS sysfs", " - Interfaces: hardware-observe | allow read access to Kernel", " Samepage Merging (KSM)", " - Interfaces: xilinx-dma | support Multi Queue DMA (QDMA) IP", " - Interfaces: spi | relax sysfs permission rules to allow access to", " SPI device node attributes", " - Interfaces: content | introduce compatibility label", " - LP: #2121238 Interfaces: do not expose Kerberos tickets for", " classic snaps", " - Interfaces: ssh-public-keys | allow ro access to public host keys", " with ssh-key", " - Interfaces: Modify AppArmor template to allow listing systemd", " credentials and invoking systemd-creds", " - Interfaces: modify AppArmor template with workarounds for Go 1.35", " cgroup aware GOMAXPROCS", " - Interfaces: modify seccomp template to allow landlock_*", " - Prevent snap hooks from running while relevant snaps are unlinked", " - Make refreshes wait before unlinking snaps if running hooks can be", " affected", " - Fix systemd unit generation by moving \"WantedBy=\" from section", " \"unit\" to \"install\"", " - Add opt-in logging support for snap-update-ns", " - Unhide 'snap help' sign and export-key under Development category", " - LP: #2117121 Cleanly support socket activation for classic snap", " - Add architecture to 'snap version' output", " - Add 'snap debug api' option to disable authentication through", " auth.json", " - Show grade in notes for 'snap info --verbose'", " - Fix preseeding failure due to scan-disk issue on RPi", " - Support 'snap debug api' queries to user session agents", " - LP: #2112626 Improve progress reporting for snap install/refresh", " - Drop legacy BAMF_DESKTOP_FILE_HINT in desktop files", " - Fix /v2/apps error for root user when user services are present", " - LP: #2114704 Extend output to indicate when snap data snapshot was", " created during remove", " - Improve how we handle emmc volumes", " - Improve handling of system-user extra assertions", "" ], "package": "snapd", "version": "2.72+ubuntu22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2124239, 2122054, 2117558, 1916244, 2121238, 2117121, 2112626, 2114704 ], "author": "Ernest Lotter ", "date": "Thu, 18 Sep 2025 10:00:54 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2118396", " - FDE: auto-repair when recovery key is used", " - FDE: revoke keys on shim update", " - FDE: revoke old TPM keys when dbx has been updated", " - FDE: do not reseal FDE hook keys every time", " - FDE: store keys in the kernel keyring when installing from initrd", " - FDE: allow disabled DMA on Core", " - FDE: snap-bootstrap: do not check for partition in scan-disk on", " CVM", " - FDE: support secboot preinstall check for 25.10+ hybrid installs", " via the /v2/system/{label} endpoint", " - FDE: support generating recovery key at install time via the", " /v2/systems/{label} endpoint", " - FDE: update passphrase quality check at install time via the", " /v2/systems/{label} endpoint", " - FDE: support replacing recovery key at runtime via the new", " /v2/system-volumes endpoint", " - FDE: support checking recovery keys at runtime via the /v2/system-", " volumes endpoint", " - FDE: support enumerating keyslots at runtime via the /v2/system-", " volumes endpoint", " - FDE: support changing passphrase at runtime via the /v2/system-", " volumes endpoint", " - FDE: support passphrase quality check at runtime via the", " /v2/system-volumes endpoint", " - FDE: update secboot to revision 3e181c8edf0f", " - Confdb: support lists and indexed paths on read and write", " - Confdb: alias references must be wrapped in brackets", " - Confdb: support indexed paths in confdb-schema assertion", " - Confdb: make API errors consistent with options", " - Confdb: fetch confdb-schema assertion on access", " - Confdb: prevent --previous from being used in read-side hooks", " - Components: fix snap command with multiple components", " - Components: set revision of seed components to x1", " - Components: unmount extra kernel-modules components mounts", " - AppArmor Prompting: add lifespan \"session\" for prompting rules", " - AppArmor Prompting: support restoring prompts after snapd restart", " - AppArmor Prompting: limit the extra information included in probed", " AppArmor features and system key", " - Notices: refactor notice state internals", " - SELinux: look for restorecon/matchpathcon at all known locations", " rather than current PATH", " - SELinux: update policy to allow watching cgroups (for RAA), and", " talking to user session agents (service mgmt/refresh)", " - Refresh App Awareness: Fix unexpected inotify file descriptor", " cleanup", " - snap-confine: workaround for glibc fchmodat() fallback and handle", " ENOSYS", " - snap-confine: add support for host policy for limiting users able", " to run snaps", " - LP: #2114923 Reject system key mismatch advise when not yet seeded", " - Use separate lanes for essential and non-essential snaps during", " seeding and allow non-essential installs to retry", " - Fix bug preventing remodel from core18 to core18 when snapd snap", " is unchanged", " - LP: #2112551 Make removal of last active revision of a snap equal", " to snap remove", " - LP: #2114779 Allow non-gpt in fallback mode to support RPi", " - Switch from using systemd LogNamespace to manually controlled", " journal quotas", " - Change snap command trace logging to only log the command names", " - Grant desktop-launch access to /v2/snaps", " - Update code for creating the snap journal stream", " - Switch from using core to snapd snap for snap debug connectivity", " - LP: #2112544 Fix offline remodel case where we switched to a", " channel without an actual refresh", " - LP: #2112332 Exclude snap/snapd/preseeding when generating preseed", " tarball", " - LP: #1952500 Fix snap command progress reporting", " - LP: #1849346 Interfaces: kerberos-tickets | add new interface", " - Interfaces: u2f | add support for Thetis Pro", " - Interfaces: u2f | add OneSpan device and fix older device", " - Interfaces: pipewire, audio-playback | support pipewire as system", " daemon", " - Interfaces: gpg-keys | allow access to GPG agent sockets", " - Interfaces: usb-gadget | add new interface", " - Interfaces: snap-fde-control, firmware-updater-support | add new", " interfaces to support FDE", " - Interfaces: timezone-control | extend to support timedatectl", " varlink", " - Interfaces: cpu-control | fix rules for accessing IRQ sysfs and", " procfs directories", " - Interfaces: microstack-support | allow SR-IOV attachments", " - Interfaces: modify AppArmor template to allow snaps to read their", " own systemd credentials", " - Interfaces: posix-mq | allow stat on /dev/mqueue", " - LP: #2098780 Interfaces: log-observe | add capability", " dac_read_search", " - Interfaces: block-devices | allow access to ZFS pools and datasets", " - LP: #2033883 Interfaces: block-devices | opt-in access to", " individual partitions", " - Interfaces: accel | add new interface to support accel kernel", " subsystem", " - Interfaces: shutdown | allow client to bind on its side of dbus", " socket", " - Interfaces: modify seccomp template to allow pwritev2", " - Interfaces: modify AppArmor template to allow reading", " /proc/sys/fs/nr_open", " - Packaging: drop snap.failure service for openSUSE", " - Packaging: add SELinux support for openSUSE", " - Packaging: disable optee when using nooptee build tag", " - Packaging: add support for static PIE builds in snapd.mk, drop", " pie.patch from openSUSE", " - Packaging: add libcap2-bin runtime dependency for ubuntu-16.04", " - Packaging: use snapd.mk for packaging on Fedora", " - Packaging: exclude .git directory", " - Packaging: fix DPKG_PARSECHANGELOG assignment", " - Packaging: fix building on Fedora with dpkg installed", "" ], "package": "snapd", "version": "2.71+ubuntu22.04", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2118396, 2114923, 2112551, 2114779, 2112544, 2112332, 1952500, 1849346, 2098780, 2033883 ], "author": "Ernest Lotter ", "date": "Fri, 25 Jul 2025 13:18:47 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2112209", " - FDE: Fix reseal with v1 hook key format", " - FDE: set role in TPM keys", " - AppArmor prompting (experimental): add handling for expired", " requests or listener in the kernel", " - AppArmor prompting: log the notification protocol version", " negotiated with the kernel", " - AppArmor prompting: implement notification protocol v5 (manually", " disabled for now)", " - AppArmor prompting: register listener ID with the kernel and", " resend notifications after snapd restart (requires protocol v5+)", " - AppArmor prompting: select interface from metadata tags and set", " request interface accordingly (requires protocol v5+)", " - AppArmor prompting: include request PID in prompt", " - AppArmor prompting: move the max prompt ID file to a subdirectory", " of the snap run directory", " - AppArmor prompting: avoid race between closing/reading socket fd", " - Confdb (experimental): make save/load hooks mandatory if affecting", " ephemeral", " - Confdb: clear tx state on failed load", " - Confdb: modify 'snap sign' formats JSON in assertion bodies (e.g.", " confdb-schema)", " - Confdb: add NestedEphemeral to confdb schemas", " - Confdb: add early concurrency checks", " - Simplify building Arch package", " - Enable snapd.apparmor on Fedora", " - Build snapd snap with libselinux", " - Emit snapd.apparmor warning only when using apparmor backend", " - When running snap, on system key mismatch e.g. due to network", " attached HOME, trigger and wait for a security profiles", " regeneration", " - Avoid requiring state lock to get user, warnings, or pending", " restarts when handling API requests", " - Start/stop ssh.socket for core24+ when enabling/disabling the ssh", " service", " - Allow providing a different base when overriding snap", " - Modify snap-bootstrap to mount snapd snap directly to /snap", " - Modify snap-bootstrap to mount /lib/{modules,firmware} from snap", " as fallback", " - Modify core-initrd to use systemctl reboot instead of /sbin/reboot", " - Copy the initramfs 'manifest-initramfs.yaml' to initramfs file", " creation directory so it can be copied to the kernel snap", " - Build the early initrd from installed ucode packages", " - Create drivers tree when remodeling from UC20/22 to UC24", " - Load gpio-aggregator module before the helper-service needs it", " - Run 'systemctl start' for mount units to ensure they are run also", " when unchanged", " - Update godbus version to 'v5 v5.1.0'", " - Add support for POST to /v2/system-info with system-key-mismatch", " indication from the client", " - Add 'snap sign --update-timestamp' flag to update timestamp before", " signing", " - Add vfs support for snap-update-ns to use to simulate and evaluate", " mount sequences", " - Add refresh app awareness debug logging", " - Add snap-bootstrap scan-disk subcommand to be called from udev", " - Add feature to inject proxy store assertions in build image", " - Add OP-TEE bindings, enable by default in ARM and ARM64 builds", " - Fix systemd dependency options target to go under 'unit' section", " - Fix snap-bootstrap reading kernel snap instead of base resulting", " in bad modeenv", " - Fix a regression during seeding when using early-config", " - LP: #2107443 reset SHELL to /bin/bash in non-classic snaps", " - Make Azure kernels reboot upon panic", " - Fix snap-confine to not drop capabilities if the original user is", " already root", " - Fix data race when stopping services", " - Fix task dependency issue by temporarily disable re-refresh on", " prerequisite updates", " - Fix compiling against op-tee on armhf", " - Fix dbx update when not using FDE", " - Fix potential validation set deadlock due to bases waiting on", " snaps", " - LP: #2104066 Only cancel notices requests on stop/shutdown", " - Interfaces: bool-file | fix gpio glob pattern as required for", " '[XXXX]*' format", " - Interfaces: system-packages-doc | allow access to", " /usr/local/share/doc", " - Interfaces: ros-snapd-support interface | added new interface", " - Interfaces: udisks2 | allow chown capability", " - Interfaces: system-observe | allow reading cpu.max", " - Interfaces: serial-port | add ttyMAXX to allowed list", " - Interfaces: modified seccomp template to disallow", " 'O_NOTIFICATION_PIPE'", " - Interfaces: fwupd | add support for modem-manager plugin", " - Interfaces: gpio-chardev | make unsupported and remove", " experimental flag to hide this feature until gpio-aggregator is", " available", " - Interfaces: hardware-random | fix udev match rule", " - Interfaces: timeserver-control | extend to allow timedatectl", " timesync commands", " - Interfaces: add symlinks backend", " - Interfaces: system key mismatch handling", "" ], "package": "snapd", "version": "2.70", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2112209, 2107443, 2104066 ], "author": "Ernest Lotter ", "date": "Tue, 03 Jun 2025 11:46:44 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2105854", " - FDE: re-factor listing of the disks based on run mode model and", " model to correctly resolve paths", " - FDE: run snapd from snap-failure with the correct keyring mode", " - Snap components: allow remodeling back to an old snap revision", " that includes components", " - Snap components: fix remodel to a kernel snap that is already", " installed on the system, but not the current kernel due to a", " previous remodel.", " - Snap components: fix for snapctl inputs that can crash snapd", " - Confdb (experimental): load ephemeral data when reading data via", " snapctl get", " - Confdb (experimental): load ephemeral data when reading data via", " snap get", " - Confdb (experimental): rename {plug}-view-changed hook to observe-", " view-{plug}", " - Confdb (experimental): rename confdb assertion to confdb-schema", " - Confdb (experimental): change operator grouping in confdb-control", " assertion", " - Confdb (experimental): add confdb-control API", " - AppArmor: extend the probed features to include the presence of", " files, as well as directories", " - AppArmor prompting (experimental): simplify the listener", " - AppArmor metadata tagging (disabled): probe parser support for", " tags", " - AppArmor metadata tagging (disabled): implement notification", " protocol v5", " - Confidential VMs: sysroot.mount is now dynamically created by", " snap-bootstrap instead of being a static file in the initramfs", " - Confidential VMs: Add new implementation of snap integrity API", " - Non-suid snap-confine: first phase to replace snap-confine suid", " with capabilities to achieve the required permissions", " - Initial changes for dynamic security profiles updates", " - Provide snap icon fallback for /v2/icons without requiring network", " access at runtime", " - Add eMMC gadget update support", " - Support reexec when using /usr/libexec/snapd on the host (Arch", " Linux, openSUSE)", " - Auto detect snap mount dir location on unknown distributions", " - Modify snap-confine AppArmor template to allow all glibc HWCAPS", " subdirectories to prevent launch errors", " - LP: #2102456 update secboot to bf2f40ea35c4 and modify snap-", " bootstrap to remove usage of go templates to reduce size by 4MB", " - Fix snap-bootstrap to mount kernel snap from", " /sysroot/writable/system-data", " - LP: #2106121 fix snap-bootstrap busy loop", " - Fix encoding of time.Time by using omitzero instead of omitempty", " (on go 1.24+)", " - Fix setting snapd permissions through permctl for openSUSE", " - Fix snap struct json tags typo", " - Fix snap pack configure hook permissions check incorrect file mode", " - Fix gadget snap reinstall to honor existing sizes of partitions", " - Fix to update command line when re-executing a snapd tool", " - Fix 'snap validate' of specific missing newline and add error on", " missed case of 'snap validate --refresh' without another action", " - Workaround for snapd-confine time_t size differences between", " architectures", " - Disallow pack and install of snapd, base and os with specific", " configure hooks", " - Drop udev build dependency that is no longer required and add", " missing systemd-dev dependency", " - Build snap-bootstrap with nomanagers tag to decrease size by 1MB", " - Interfaces: polkit | support custom polkit rules", " - Interfaces: opengl | LP: #2088456 fix GLX on nvidia when xorg is", " confined by AppArmor", " - Interfaces: log-observe | add missing udev rule", " - Interfaces: hostname-control | fix call to hostnamectl in core24", " - Interfaces: network-control | allow removing created network", " namespaces", " - Interfaces: scsi-generic | re-enable base declaration for scsi-", " generic plug", " - Interfaces: u2f | add support for Arculus AuthentiKey", "" ], "package": "snapd", "version": "2.69", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2105854, 2102456, 2106121, 2088456 ], "author": "Ernest Lotter ", "date": "Tue, 08 Apr 2025 12:53:39 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2098137", " - LP: #2109843 fix missing preseed files when running in a container", "" ], "package": "snapd", "version": "2.68.5", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2098137, 2109843 ], "author": "Ernest Lotter ", "date": "Wed, 21 May 2025 17:46:09 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2098137", " - Snap components: LP: #2104933 workaround for classic 24.04/24.10", " models that incorrectly specify core22 instead of core24", " - Update build dependencies", "" ], "package": "snapd", "version": "2.68.4", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2098137, 2104933 ], "author": "Ernest Lotter ", "date": "Wed, 02 Apr 2025 19:48:25 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2098137", " - FDE: LP: #2101834 snapd 2.68+ and snap-bootstrap <2.68 fallback to", " old keyring path", " - Fix Plucky snapd deb build issue related to /var/lib/snapd/void", " permissions", " - Fix snapd deb build complaint about ifneq with extra bracket", "" ], "package": "snapd", "version": "2.68.3", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2098137, 2101834 ], "author": "Ernest Lotter ", "date": "Mon, 10 Mar 2025 20:13:38 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2098137", " - FDE: use boot mode for FDE hooks", " - FDE: add snap-bootstrap compatibility check to prevent image", " creation with incompatible snapd and kernel snap", " - FDE: add argon2 out-of-process KDF support", " - FDE: have separate mutex for the sections writing a fresh modeenv", " - FDE: LP: #2099709 update secboot to e07f4ae48e98", " - Confdb: support pruning ephemeral data and process alternative", " types in order", " - core-initrd: look at env to mount directly to /sysroot", " - core-initrd: prepare for Plucky build and split out 24.10", " (Oracular)", " - Fix missing primed packages in snapd snap manifest", " - Interfaces: posix-mq | fix incorrect clobbering of global variable", " and make interface more precise", " - Interfaces: opengl | add more kernel fusion driver files", "" ], "package": "snapd", "version": "2.68.2", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2098137, 2099709 ], "author": "Ernest Lotter ", "date": "Thu, 27 Feb 2025 09:56:20 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2098137", " - Fix snap-confine type specifier type mismatch on armhf", "" ], "package": "snapd", "version": "2.68.1", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2098137 ], "author": "Ernest Lotter ", "date": "Mon, 24 Feb 2025 10:31:49 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2098137", " - FDE: add support for new and more extensible key format that is", " unified between TPM and FDE hook", " - FDE: add support for adding passphrases during installation", " - FDE: update secboot to 30317622bbbc", " - Snap components: make kernel components available on firstboot", " after either initramfs or ephemeral rootfs style install", " - Snap components: mount drivers tree from initramfs so kernel", " modules are available in early boot stages", " - Snap components: support remodeling to models that contain", " components", " - Snap components: support offline remodeling to models that contain", " components", " - Snap components: support creating new recovery systems with", " components", " - Snap components: support downloading components with 'snap", " download' command", " - Snap components: support sideloading asserted components", " - AppArmor Prompting(experimental): improve version checks and", " handling of listener notification protocol for communication with", " kernel AppArmor", " - AppArmor Prompting(experimental): make prompt replies idempotent,", " and have at most one rule for any given path pattern, with", " potentially mixed outcomes and lifespans", " - AppArmor Prompting(experimental): timeout unresolved prompts after", " a period of client inactivity", " - AppArmor Prompting(experimental): return an error if a patch", " request to the API would result in a rule without any permissions", " - AppArmor Prompting(experimental): warn if there is no prompting", " client present but prompting is enabled, or if a prompting-related", " error occurs during snapd startup", " - AppArmor Prompting(experimental): do not log error when converting", " empty permissions to AppArmor permissions", " - Confdb(experimental): rename registries to confdbs (including API", " /v2/registries => /v2/confdb)", " - Confdb(experimental): support marking confdb schemas as ephemeral", " - Confdb(experimental): add confdb-control assertion and feature", " flag", " - Refresh App Awareness(experimental): LP: #2089195 prevent", " possibility of incorrect notification that snap will quit and", " update", " - Confidential VMs: snap-bootstrap support for loading partition", " information from a manifest file for cloudimg-rootfs mode", " - Confidential VMs: snap-bootstrap support for setting up cloudimg-", " rootfs as an overlayfs with integrity protection", " - dm-verity for essential snaps: add support for snap-integrity", " assertion", " - Interfaces: modify AppArmor template to allow owner read on", " @{PROC}/@{pid}/fdinfo/*", " - Interfaces: LP: #2072987 modify AppArmor template to allow using", " setpriv to run daemon as non-root user", " - Interfaces: add configfiles backend that ensures the state of", " configuration files in the filesystem", " - Interfaces: add ldconfig backend that exposes libraries coming", " from snaps to either the rootfs or to other snaps", " - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when", " inside a container", " - Interfaces: add auditd-support interface that grants audit_control", " capability and required paths for auditd to function", " - Interfaces: add checkbox-support interface that allows", " unrestricted access to all devices", " - Interfaces: fwupd | allow access to dell bios recovery", " - Interfaces: fwupd | allow access to shim and fallback shim", " - Interfaces: mount-control | add mount option validator to detect", " mount option conflicts early", " - Interfaces: cpu-control | add read access to /sys/kernel/irq/", " - Interfaces: locale-control | changed to be implicit on Ubuntu Core", " Desktop", " - Interfaces: microstack-support | support for utilizing of AMD SEV", " capabilities", " - Interfaces: u2f | added missing OneSpan device product IDs", " - Interfaces: auditd-support | grant seccomp setpriority", " - Interfaces: opengl interface | enable parsing of nvidia driver", " information files", " - Allow mksquashfs 'xattrs' when packing snap types os, core, base", " and snapd as part of work to support non-root snap-confine", " - Upstream/downstream packaging changes and build updates", " - Improve error logs for malformed desktop files to also show which", " desktop file is at fault", " - Provide more precise error message when overriding channels with", " grade during seed creation", " - Expose 'snap prepare-image' validation parameter", " - Add snap-seccomp 'dump' command that dumps the filter rules from a", " compiled profile", " - Add fallback release info location /etc/initrd-release", " - Added core-initrd to snapd repo and fixed issues with ubuntu-core-", " initramfs deb builds", " - Remove stale robust-mount-namespace-updates experimental feature", " flag", " - Remove snapd-snap experimental feature (rejected) and it's feature", " flag", " - Changed snap-bootstrap to mount base directly on /sysroot", " - Mount ubuntu-seed mounted as no-{suid,exec,dev}", " - Mapping volumes to disks: add support for volume-assignments in", " gadget", " - Fix silently broken binaries produced by distro patchelf 0.14.3 by", " using locally build patchelf 0.18", " - Fix mismatch between listed refresh candidates and actual refresh", " due to outdated validation sets", " - Fix 'snap get' to produce compact listing for tty", " - Fix missing store-url by keeping it as part of auxiliary store", " info", " - Fix snap-confine attempting to retrieve device cgroup setup inside", " container where it is not available", " - Fix 'snap set' and 'snap get' panic on empty strings with early", " error checking", " - Fix logger debug entries to show correct caller and file", " information", " - Fix issue preventing hybrid systems from being seeded on first", " boot", " - LP: #1966203 remove auto-import udev rules not required by deb", " package to avoid unwanted syslog errors", " - LP: #1886414 fix progress reporting when stdout is on a tty, but", " stdin is not", "" ], "package": "snapd", "version": "2.68", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2098137, 2089195, 2072987, 1712808, 1966203, 1886414 ], "author": "Ernest Lotter ", "date": "Thu, 13 Feb 2025 12:42:09 +0200" }, { "cves": [], "log": [ "", " * New upstream release, LP: #2089691", " - Fix apparmor permissions to allow snaps access to kernel modules", " and firmware on UC24, which also fixes the kernel-modules-control", " interface on UC24", " - AppArmor prompting (experimental): disallow /./ and /../ in path", " patterns", " - Fix 'snap run' getent based user lookup in case of bad PATH", " - Fix snapd using the incorrect AppArmor version during undo of an", " refresh for regenerating snap profiles", " - Add new syscalls to base templates", " - hardware-observe interface: allow riscv_hwprobe syscall", " - mount-observe interface: allow listmount and statmount syscalls", "" ], "package": "snapd", "version": "2.67.1", "urgency": "medium", "distributions": "xenial", "launchpad_bugs_fixed": [ 2089691 ], "author": "Ernest Lotter ", "date": "Wed, 15 Jan 2025 22:02:37 +0200" } ], "notes": null, "is_version_downgrade": false }, { "name": "sosreport", "from_version": { "source_package_name": "sosreport", "source_package_version": "4.8.2-0ubuntu0~22.04.2", "version": "4.8.2-0ubuntu0~22.04.2" }, "to_version": { "source_package_name": "sosreport", "source_package_version": "4.9.2-0ubuntu0~22.04.1", "version": "4.9.2-0ubuntu0~22.04.1" }, "cves": [], "launchpad_bugs_fixed": [ 2114840 ], "changes": [ { "cves": [], "log": [ "", " * New 4.9.2 upstream release. (LP: #2114840)", "", " * For more details, full release note is available here:", " - https://github.com/sosreport/sos/releases/tag/4.9.2", "", " * Update the package to bring back the sosreport and sos-collector commands", " and their respective man pages. This add various files for this", " - debian/bin.sosreport", " - debian/bin.sos-collector", " - debian/links", " d/rules was updated to install the bin files in the right location", "", " * d/control: Add 'python3-yaml' as part of depends for the sunbeam plugin", "", " * wrap-and-sort files, so that in future one-line changes to any of", " the corresponding files.", "", " * d/copyright:", " - Sync with Debian package", "", " * d/p/0002-component-Grab-tmpdir-from-policy.patch: Fix a regression", " where the sos was being created in /var/tmp instead of /tmp. The", " hard-coded value is now updated to use the policy which for debian", " defaults to /tmp.", "", " * Former patches, now fixed:", " - d/p/0002-debian-do-not-install-LICENSE-README-AUTHORS.patch", " - d/p/0003-o_horizon-Obfuscate-credentials-in-local_settings.py.patch:", " - d/p/0004-ceph_common-Obfuscate-rgw-password-in-ceph.conf.patch:", " - d/p/0005-logs-Add-all-auth.log-syslog-and-kerne.log-as-standa.patch:", " - d/p/0006-ubuntu-Revamp-of-plugin.patch:", " - d/p/0007-clean-Update-the-last-command-for-obfuscation.patch:", " - d/p/0008-login-clean-Update-login-plugin-and-use-for-clean.patch:", "", " * Remaining patches:", " - d/p/0001-debian-change-tmp-dir-location.patch", "" ], "package": "sosreport", "version": "4.9.2-0ubuntu0~22.04.1", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2114840 ], "author": "Arif Ali ", "date": "Thu, 24 Jul 2025 15:18:48 +0000" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.17", "version": "249.11-0ubuntu3.17" }, "cves": [], "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)", " * d/t/tests-in-lxd: drop patching workaround (LP: #2115263)", " - d/t/control: add Depends: dnsmasq-base", " (Revealed by test progressing past previous failure)", "", " [ Chengen Du ]", " * core/device: fix devlink handling (LP: #2100252)", "" ], "package": "systemd", "version": "249.11-0ubuntu3.17", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "author": "Nick Rosbrook ", "date": "Tue, 26 Aug 2025 11:23:06 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-sysv", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.17", "version": "249.11-0ubuntu3.17" }, "cves": [], "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)", " * d/t/tests-in-lxd: drop patching workaround (LP: #2115263)", " - d/t/control: add Depends: dnsmasq-base", " (Revealed by test progressing past previous failure)", "", " [ Chengen Du ]", " * core/device: fix devlink handling (LP: #2100252)", "" ], "package": "systemd", "version": "249.11-0ubuntu3.17", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "author": "Nick Rosbrook ", "date": "Tue, 26 Aug 2025 11:23:06 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "systemd-timesyncd", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.17", "version": "249.11-0ubuntu3.17" }, "cves": [], "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)", " * d/t/tests-in-lxd: drop patching workaround (LP: #2115263)", " - d/t/control: add Depends: dnsmasq-base", " (Revealed by test progressing past previous failure)", "", " [ Chengen Du ]", " * core/device: fix devlink handling (LP: #2100252)", "" ], "package": "systemd", "version": "249.11-0ubuntu3.17", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "author": "Nick Rosbrook ", "date": "Tue, 26 Aug 2025 11:23:06 -0400" } ], "notes": null, "is_version_downgrade": false }, { "name": "udev", "from_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.16", "version": "249.11-0ubuntu3.16" }, "to_version": { "source_package_name": "systemd", "source_package_version": "249.11-0ubuntu3.17", "version": "249.11-0ubuntu3.17" }, "cves": [], "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "changes": [ { "cves": [], "log": [ "", " [ Nick Rosbrook ]", " * initramfs-tools: copy hwdb.bin to initramfs (LP: #2112237)", " * d/t/tests-in-lxd: drop patching workaround (LP: #2115263)", " - d/t/control: add Depends: dnsmasq-base", " (Revealed by test progressing past previous failure)", "", " [ Chengen Du ]", " * core/device: fix devlink handling (LP: #2100252)", "" ], "package": "systemd", "version": "249.11-0ubuntu3.17", "urgency": "medium", "distributions": "jammy", "launchpad_bugs_fixed": [ 2112237, 2115263, 2100252 ], "author": "Nick Rosbrook ", "date": "Tue, 26 Aug 2025 11:23:06 -0400" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [], "snap": [] }, "removed": { "deb": [], "snap": [] }, "notes": "Changelog diff for Ubuntu 22.04 jammy image from release image serial 20251001 to 20251113", "from_series": "jammy", "to_series": "jammy", "from_serial": "20251001", "to_serial": "20251113", "from_manifest_filename": "release_manifest.previous", "to_manifest_filename": "manifest.current" }