{ "summary": { "snap": { "added": [], "removed": [], "diff": [] }, "deb": { "added": [ "linux-headers-6.17.0-8", "linux-headers-6.17.0-8-generic", "linux-image-6.17.0-8-generic", "linux-modules-6.17.0-8-generic", "linux-tools-6.17.0-8", "linux-tools-6.17.0-8-generic" ], "removed": [ "linux-headers-6.17.0-7", "linux-headers-6.17.0-7-generic", "linux-image-6.17.0-7-generic", "linux-modules-6.17.0-7-generic", "linux-tools-6.17.0-7", "linux-tools-6.17.0-7-generic" ], "diff": [ "apparmor", "bpftool", "libapparmor1:armhf", "libnetplan1:armhf", "libpng16-16t64:armhf", "libsframe2:armhf", "linux-headers-generic", "linux-headers-virtual", "linux-image-virtual", "linux-libc-dev:armhf", "linux-tools-common", "linux-virtual", "netplan-generator", "netplan.io", "python-apt-common", "python3-apt", "python3-netplan", "python3-urllib3" ] } }, "diff": { "deb": [ { "name": "apparmor", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8.1", "version": "5.0.0~alpha1-0ubuntu8.1" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8.3", "version": "5.0.0~alpha1-0ubuntu8.3" }, "cves": [], "launchpad_bugs_fixed": [ 2130617, 2127491, 2127111, 2126920, 2129779 ], "changes": [ { "cves": [], "log": [ "", " * This is an SRU, tracked in LP: #2130617", " * Add patch to grant netrc access to tnftp (LP: #2127491):", " - d/p/u/profiles-grant-netrc-read-access-to-tnftp.patch", " * Add patch to fix device tree scan by systemd-detect-virt (LP: #2127111)", " - d/p/u/profiles-systemd-detect-virt-handle-device-tree-folder.patch", " * Add patch to allow lsblk reading of Azure NVMe ACPI (LP: #2126920):", " - d/p/u/lsblk_read_access_azure_acpi.patch", " * Add patch to fix errors in regression tests with Rust coreutils", " (LP: #2129779):", " - d/p/u/regression-fix-for-rust-coreutils.patch", "" ], "package": "apparmor", "version": "5.0.0~alpha1-0ubuntu8.3", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2130617, 2127491, 2127111, 2126920, 2129779 ], "author": "Ryan Lee ", "date": "Mon, 20 Oct 2025 11:10:39 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "bpftool", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": "7.7.0+6.17.0-7.7" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.17.0-8.8", "version": "7.7.0+6.17.0-8.8" }, "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "log": [ "", " * questing/linux: 6.17.0-8.8 -proposed tracker (LP: #2131554)", "", " * crash when reading from /sys/kernel/tracing/rv/enabled_monitors", " (LP: #2131136)", " - rv: Fully convert enabled_monitors to use list_head as iterator", "", " * i40e driver is triggering VF resets on every link state change", " (LP: #2130552)", " - i40e: avoid redundant VF link state updates", "", " * kernel crash on bootup for some arm64 machines (LP: #2129770)", " - KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check", "", " * CVE-2025-40018", " - ipvs: Defer ip_vs_ftp unregister during netns cleanup", "" ], "package": "linux", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 17:53:03 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libapparmor1:armhf", "from_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8.1", "version": "5.0.0~alpha1-0ubuntu8.1" }, "to_version": { "source_package_name": "apparmor", "source_package_version": "5.0.0~alpha1-0ubuntu8.3", "version": "5.0.0~alpha1-0ubuntu8.3" }, "cves": [], "launchpad_bugs_fixed": [ 2130617, 2127491, 2127111, 2126920, 2129779 ], "changes": [ { "cves": [], "log": [ "", " * This is an SRU, tracked in LP: #2130617", " * Add patch to grant netrc access to tnftp (LP: #2127491):", " - d/p/u/profiles-grant-netrc-read-access-to-tnftp.patch", " * Add patch to fix device tree scan by systemd-detect-virt (LP: #2127111)", " - d/p/u/profiles-systemd-detect-virt-handle-device-tree-folder.patch", " * Add patch to allow lsblk reading of Azure NVMe ACPI (LP: #2126920):", " - d/p/u/lsblk_read_access_azure_acpi.patch", " * Add patch to fix errors in regression tests with Rust coreutils", " (LP: #2129779):", " - d/p/u/regression-fix-for-rust-coreutils.patch", "" ], "package": "apparmor", "version": "5.0.0~alpha1-0ubuntu8.3", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2130617, 2127491, 2127111, 2126920, 2129779 ], "author": "Ryan Lee ", "date": "Mon, 20 Oct 2025 11:10:39 -0700" } ], "notes": null, "is_version_downgrade": false }, { "name": "libnetplan1:armhf", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-7ubuntu3", "version": "1.1.2-7ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-8ubuntu1~25.10.1", "version": "1.1.2-8ubuntu1~25.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2127195 ], "changes": [ { "cves": [], "log": [ "", " * Backport netplan.io 1.1.2-8ubuntu1 (LP: #2127195)", " - Allows non standard OVS setups (e.g. OVS from snap)", " - Test improvements, especially for slower architectures such as riscv64", " - d/t/cloud-init.sh: Adopt for actually generated files instead of dummies", " - d/control: use dbus-daemon instead of dbus-x11 for build-time tests and", " suggests systemd-resolved", " * SRU compatibility", " - d/gbp.conf: Update for Questing", "" ], "package": "netplan.io", "version": "1.1.2-8ubuntu1~25.10.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127195 ], "author": "Lukas Märdian ", "date": "Tue, 25 Nov 2025 13:04:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "libpng16-16t64:armhf", "from_version": { "source_package_name": "libpng1.6", "source_package_version": "1.6.50-1", "version": "1.6.50-1" }, "to_version": { "source_package_name": "libpng1.6", "source_package_version": "1.6.50-1ubuntu0.1", "version": "1.6.50-1ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-64505", "url": "https://ubuntu.com/security/CVE-2025-64505", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-64506", "url": "https://ubuntu.com/security/CVE-2025-64506", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-64720", "url": "https://ubuntu.com/security/CVE-2025-64720", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-65018", "url": "https://ubuntu.com/security/CVE-2025-65018", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-64505", "url": "https://ubuntu.com/security/CVE-2025-64505", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-64506", "url": "https://ubuntu.com/security/CVE-2025-64506", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-64720", "url": "https://ubuntu.com/security/CVE-2025-64720", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" }, { "cve": "CVE-2025-65018", "url": "https://ubuntu.com/security/CVE-2025-65018", "cve_description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.", "cve_priority": "medium", "cve_public_date": "2025-11-25 00:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: buffer overflow issue", " - debian/patches/CVE-2025-64505.patch: Fix a buffer overflow in", " png_do_quantize", " - debian/patches/CVE-2025-64506.patch: Fix a heap buffer overflow in", " png_write_image_8bit", " - debian/patches/CVE-2025-64720.patch: Fix a buffer overflow in", " png_init_read_transformations", " - debian/patches/CVE-2025-65018.patch: Fix a heap buffer overflow in", " png_image_finish_read", " - CVE-2025-64505", " - CVE-2025-64506", " - CVE-2025-64720", " - CVE-2025-65018", "" ], "package": "libpng1.6", "version": "1.6.50-1ubuntu0.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Nishit Majithia ", "date": "Tue, 09 Dec 2025 17:38:32 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "libsframe2:armhf", "from_version": { "source_package_name": "binutils", "source_package_version": "2.45-7ubuntu1.1", "version": "2.45-7ubuntu1.1" }, "to_version": { "source_package_name": "binutils", "source_package_version": "2.45-7ubuntu1.2", "version": "2.45-7ubuntu1.2" }, "cves": [ { "cve": "CVE-2025-11081", "url": "https://ubuntu.com/security/CVE-2025-11081", "cve_description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "cve_priority": "medium", "cve_public_date": "2025-09-27 22:15:00 UTC" }, { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11412", "url": "https://ubuntu.com/security/CVE-2025-11412", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "cve_priority": "medium", "cve_public_date": "2025-10-07 22:15:00 UTC" }, { "cve": "CVE-2025-11413", "url": "https://ubuntu.com/security/CVE-2025-11413", "cve_description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "cve_priority": "medium", "cve_public_date": "2025-10-07 22:15:00 UTC" }, { "cve": "CVE-2025-11414", "url": "https://ubuntu.com/security/CVE-2025-11414", "cve_description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-10-07 23:15:00 UTC" }, { "cve": "CVE-2025-11494", "url": "https://ubuntu.com/security/CVE-2025-11494", "cve_description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "cve_priority": "medium", "cve_public_date": "2025-10-08 20:15:00 UTC" }, { "cve": "CVE-2025-11495", "url": "https://ubuntu.com/security/CVE-2025-11495", "cve_description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "cve_priority": "medium", "cve_public_date": "2025-10-08 20:15:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-11081", "url": "https://ubuntu.com/security/CVE-2025-11081", "cve_description": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.", "cve_priority": "medium", "cve_public_date": "2025-09-27 22:15:00 UTC" }, { "cve": "CVE-2025-11082", "url": "https://ubuntu.com/security/CVE-2025-11082", "cve_description": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11083", "url": "https://ubuntu.com/security/CVE-2025-11083", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".", "cve_priority": "medium", "cve_public_date": "2025-09-27 23:15:00 UTC" }, { "cve": "CVE-2025-11412", "url": "https://ubuntu.com/security/CVE-2025-11412", "cve_description": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.", "cve_priority": "medium", "cve_public_date": "2025-10-07 22:15:00 UTC" }, { "cve": "CVE-2025-11413", "url": "https://ubuntu.com/security/CVE-2025-11413", "cve_description": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.", "cve_priority": "medium", "cve_public_date": "2025-10-07 22:15:00 UTC" }, { "cve": "CVE-2025-11414", "url": "https://ubuntu.com/security/CVE-2025-11414", "cve_description": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.", "cve_priority": "medium", "cve_public_date": "2025-10-07 23:15:00 UTC" }, { "cve": "CVE-2025-11494", "url": "https://ubuntu.com/security/CVE-2025-11494", "cve_description": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.", "cve_priority": "medium", "cve_public_date": "2025-10-08 20:15:00 UTC" }, { "cve": "CVE-2025-11495", "url": "https://ubuntu.com/security/CVE-2025-11495", "cve_description": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.", "cve_priority": "medium", "cve_public_date": "2025-10-08 20:15:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Out-of-Bounds Read", " - debian/patches/CVE-2025-11081.patch: PR 33406 SEGV in", " dump_dwarf_section", " - CVE-2025-11081", " * SECURITY UPDATE: Heap-Based Buffer Overflow", " - debian/patches/CVE-2025-11082.patch: elf: Don't read beyond", " .eh_frame section size", " - CVE-2025-11082", " * SECURITY UPDATE: Heap-Based Buffer Overflow", " - debian/patches/CVE-2025-11083.patch: elf: Don't match corrupt", " section header in linker input", " - CVE-2025-11083", " * SECURITY UPDATE: Out-of-Bounds Read", " - debian/patches/CVE-2025-11412.patch: PR 33452 SEGV in", " bfd_elf_gc_record_vtentry", " - CVE-2025-11412", " * SECURITY UPDATE: Out-of-Bounds Read", " - debian/patches/CVE-2025-11413.patch: Re: elf: Disallow the empty", " global symbol name", " - CVE-2025-11413", " * SECURITY UPDATE: Out-of-Bounds Read", " - debian/patches/CVE-2025-11414.patch: elf: Return error on unsorted", " symbol table if not allowed", " - CVE-2025-11414", " * SECURITY UPDATE: Out-of-Bounds Read", " - debian/patches/CVE-2025-11494.patch: x86: Keep", " _GLOBAL_OFFSET_TABLE_ for .eh_frame", " - CVE-2025-11494", " * SECURITY UPDATE: Heap-Based Buffer Overflow", " - debian/patches/CVE-2025-11495.patch: x86: Disallow TLS relocation", " in non executable section", " - CVE-2025-11495", "" ], "package": "binutils", "version": "2.45-7ubuntu1.2", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "John Breton ", "date": "Wed, 03 Dec 2025 09:27:38 -0500" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-generic", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.17.0-8.8", "" ], "package": "linux-meta", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 18:18:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.17.0-8.8", "" ], "package": "linux-meta", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 18:18:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.17.0-8.8", "" ], "package": "linux-meta", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 18:18:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-libc-dev:armhf", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "log": [ "", " * questing/linux: 6.17.0-8.8 -proposed tracker (LP: #2131554)", "", " * crash when reading from /sys/kernel/tracing/rv/enabled_monitors", " (LP: #2131136)", " - rv: Fully convert enabled_monitors to use list_head as iterator", "", " * i40e driver is triggering VF resets on every link state change", " (LP: #2130552)", " - i40e: avoid redundant VF link state updates", "", " * kernel crash on bootup for some arm64 machines (LP: #2129770)", " - KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check", "", " * CVE-2025-40018", " - ipvs: Defer ip_vs_ftp unregister during netns cleanup", "" ], "package": "linux", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 17:53:03 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-common", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": "linux", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "log": [ "", " * questing/linux: 6.17.0-8.8 -proposed tracker (LP: #2131554)", "", " * crash when reading from /sys/kernel/tracing/rv/enabled_monitors", " (LP: #2131136)", " - rv: Fully convert enabled_monitors to use list_head as iterator", "", " * i40e driver is triggering VF resets on every link state change", " (LP: #2130552)", " - i40e: avoid redundant VF link state updates", "", " * kernel crash on bootup for some arm64 machines (LP: #2129770)", " - KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check", "", " * CVE-2025-40018", " - ipvs: Defer ip_vs_ftp unregister during netns cleanup", "" ], "package": "linux", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 17:53:03 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "linux-virtual", "from_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": "linux-meta", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [], "launchpad_bugs_fixed": [], "changes": [ { "cves": [], "log": [ "", " * Main version: 6.17.0-8.8", "" ], "package": "linux-meta", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 18:18:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "netplan-generator", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-7ubuntu3", "version": "1.1.2-7ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-8ubuntu1~25.10.1", "version": "1.1.2-8ubuntu1~25.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2127195 ], "changes": [ { "cves": [], "log": [ "", " * Backport netplan.io 1.1.2-8ubuntu1 (LP: #2127195)", " - Allows non standard OVS setups (e.g. OVS from snap)", " - Test improvements, especially for slower architectures such as riscv64", " - d/t/cloud-init.sh: Adopt for actually generated files instead of dummies", " - d/control: use dbus-daemon instead of dbus-x11 for build-time tests and", " suggests systemd-resolved", " * SRU compatibility", " - d/gbp.conf: Update for Questing", "" ], "package": "netplan.io", "version": "1.1.2-8ubuntu1~25.10.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127195 ], "author": "Lukas Märdian ", "date": "Tue, 25 Nov 2025 13:04:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "netplan.io", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-7ubuntu3", "version": "1.1.2-7ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-8ubuntu1~25.10.1", "version": "1.1.2-8ubuntu1~25.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2127195 ], "changes": [ { "cves": [], "log": [ "", " * Backport netplan.io 1.1.2-8ubuntu1 (LP: #2127195)", " - Allows non standard OVS setups (e.g. OVS from snap)", " - Test improvements, especially for slower architectures such as riscv64", " - d/t/cloud-init.sh: Adopt for actually generated files instead of dummies", " - d/control: use dbus-daemon instead of dbus-x11 for build-time tests and", " suggests systemd-resolved", " * SRU compatibility", " - d/gbp.conf: Update for Questing", "" ], "package": "netplan.io", "version": "1.1.2-8ubuntu1~25.10.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127195 ], "author": "Lukas Märdian ", "date": "Tue, 25 Nov 2025 13:04:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python-apt-common", "from_version": { "source_package_name": "python-apt", "source_package_version": "3.0.0ubuntu1", "version": "3.0.0ubuntu1" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "3.0.0ubuntu1.1", "version": "3.0.0ubuntu1.1" }, "cves": [ { "cve": "CVE-2025-6966", "url": "https://ubuntu.com/security/CVE-2025-6966", "cve_description": "NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.", "cve_priority": "medium", "cve_public_date": "2025-12-05 13:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2091865 ], "changes": [ { "cves": [ { "cve": "CVE-2025-6966", "url": "https://ubuntu.com/security/CVE-2025-6966", "cve_description": "NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.", "cve_priority": "medium", "cve_public_date": "2025-12-05 13:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: NULL pointer dereference (LP: #2091865)", " - python/tag.cc: check for NULL pointer before dereferencing", " - CVE-2025-6966", "" ], "package": "python-apt", "version": "3.0.0ubuntu1.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [ 2091865 ], "author": "Sudhakar Verma ", "date": "Fri, 05 Dec 2025 22:27:55 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-apt", "from_version": { "source_package_name": "python-apt", "source_package_version": "3.0.0ubuntu1", "version": "3.0.0ubuntu1" }, "to_version": { "source_package_name": "python-apt", "source_package_version": "3.0.0ubuntu1.1", "version": "3.0.0ubuntu1.1" }, "cves": [ { "cve": "CVE-2025-6966", "url": "https://ubuntu.com/security/CVE-2025-6966", "cve_description": "NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.", "cve_priority": "medium", "cve_public_date": "2025-12-05 13:16:00 UTC" } ], "launchpad_bugs_fixed": [ 2091865 ], "changes": [ { "cves": [ { "cve": "CVE-2025-6966", "url": "https://ubuntu.com/security/CVE-2025-6966", "cve_description": "NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.", "cve_priority": "medium", "cve_public_date": "2025-12-05 13:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: NULL pointer dereference (LP: #2091865)", " - python/tag.cc: check for NULL pointer before dereferencing", " - CVE-2025-6966", "" ], "package": "python-apt", "version": "3.0.0ubuntu1.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [ 2091865 ], "author": "Sudhakar Verma ", "date": "Fri, 05 Dec 2025 22:27:55 +0530" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-netplan", "from_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-7ubuntu3", "version": "1.1.2-7ubuntu3" }, "to_version": { "source_package_name": "netplan.io", "source_package_version": "1.1.2-8ubuntu1~25.10.1", "version": "1.1.2-8ubuntu1~25.10.1" }, "cves": [], "launchpad_bugs_fixed": [ 2127195 ], "changes": [ { "cves": [], "log": [ "", " * Backport netplan.io 1.1.2-8ubuntu1 (LP: #2127195)", " - Allows non standard OVS setups (e.g. OVS from snap)", " - Test improvements, especially for slower architectures such as riscv64", " - d/t/cloud-init.sh: Adopt for actually generated files instead of dummies", " - d/control: use dbus-daemon instead of dbus-x11 for build-time tests and", " suggests systemd-resolved", " * SRU compatibility", " - d/gbp.conf: Update for Questing", "" ], "package": "netplan.io", "version": "1.1.2-8ubuntu1~25.10.1", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2127195 ], "author": "Lukas Märdian ", "date": "Tue, 25 Nov 2025 13:04:37 +0100" } ], "notes": null, "is_version_downgrade": false }, { "name": "python3-urllib3", "from_version": { "source_package_name": "python-urllib3", "source_package_version": "2.3.0-3", "version": "2.3.0-3" }, "to_version": { "source_package_name": "python-urllib3", "source_package_version": "2.3.0-3ubuntu0.1", "version": "2.3.0-3ubuntu0.1" }, "cves": [ { "cve": "CVE-2025-66418", "url": "https://ubuntu.com/security/CVE-2025-66418", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.", "cve_priority": "medium", "cve_public_date": "2025-12-05 16:15:00 UTC" }, { "cve": "CVE-2025-66471", "url": "https://ubuntu.com/security/CVE-2025-66471", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.", "cve_priority": "medium", "cve_public_date": "2025-12-05 17:16:00 UTC" } ], "launchpad_bugs_fixed": [], "changes": [ { "cves": [ { "cve": "CVE-2025-66418", "url": "https://ubuntu.com/security/CVE-2025-66418", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.", "cve_priority": "medium", "cve_public_date": "2025-12-05 16:15:00 UTC" }, { "cve": "CVE-2025-66471", "url": "https://ubuntu.com/security/CVE-2025-66471", "cve_description": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.", "cve_priority": "medium", "cve_public_date": "2025-12-05 17:16:00 UTC" } ], "log": [ "", " * SECURITY UPDATE: Denial of service due to unbounded decompression chain.", " - debian/patches/CVE-2025-66418.patch: Add max_decode_links limit and", " checks in src/urllib3/response.py. Add test in test/test_response.py.", " - CVE-2025-66418", " * SECURITY UPDATE: Denial of service due to decompression bomb.", " - debian/patches/CVE-2025-66471.patch: Fix decompression bomb in", " src/urllib3/response.py. Add tests in test/test_response.py.", " - debian/patches/CVE-2025-66471-post1.patch: Remove brotli version warning", " due to intrusive backport for brotli fixes and upstream version warning", " not being appropriate for distro backporting.", " - CVE-2025-66471", "" ], "package": "python-urllib3", "version": "2.3.0-3ubuntu0.1", "urgency": "medium", "distributions": "questing-security", "launchpad_bugs_fixed": [], "author": "Hlib Korzhynskyy ", "date": "Wed, 10 Dec 2025 12:29:16 -0330" } ], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "added": { "deb": [ { "name": "linux-headers-6.17.0-8", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "log": [ "", " * questing/linux: 6.17.0-8.8 -proposed tracker (LP: #2131554)", "", " * crash when reading from /sys/kernel/tracing/rv/enabled_monitors", " (LP: #2131136)", " - rv: Fully convert enabled_monitors to use list_head as iterator", "", " * i40e driver is triggering VF resets on every link state change", " (LP: #2130552)", " - i40e: avoid redundant VF link state updates", "", " * kernel crash on bootup for some arm64 machines (LP: #2129770)", " - KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check", "", " * CVE-2025-40018", " - ipvs: Defer ip_vs_ftp unregister during netns cleanup", "" ], "package": "linux", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 17:53:03 +0100" } ], "notes": "linux-headers-6.17.0-8 version '6.17.0-8.8' (source package linux version '6.17.0-8.8') was added. linux-headers-6.17.0-8 version '6.17.0-8.8' has the same source package name, linux, as removed package linux-headers-6.17.0-7. As such we can use the source package version of the removed package, '6.17.0-7.7', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-headers-6.17.0-8-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "log": [ "", " * questing/linux: 6.17.0-8.8 -proposed tracker (LP: #2131554)", "", " * crash when reading from /sys/kernel/tracing/rv/enabled_monitors", " (LP: #2131136)", " - rv: Fully convert enabled_monitors to use list_head as iterator", "", " * i40e driver is triggering VF resets on every link state change", " (LP: #2130552)", " - i40e: avoid redundant VF link state updates", "", " * kernel crash on bootup for some arm64 machines (LP: #2129770)", " - KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check", "", " * CVE-2025-40018", " - ipvs: Defer ip_vs_ftp unregister during netns cleanup", "" ], "package": "linux", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 17:53:03 +0100" } ], "notes": "linux-headers-6.17.0-8-generic version '6.17.0-8.8' (source package linux version '6.17.0-8.8') was added. linux-headers-6.17.0-8-generic version '6.17.0-8.8' has the same source package name, linux, as removed package linux-headers-6.17.0-7. As such we can use the source package version of the removed package, '6.17.0-7.7', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-image-6.17.0-8-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "log": [ "", " * questing/linux: 6.17.0-8.8 -proposed tracker (LP: #2131554)", "", " * crash when reading from /sys/kernel/tracing/rv/enabled_monitors", " (LP: #2131136)", " - rv: Fully convert enabled_monitors to use list_head as iterator", "", " * i40e driver is triggering VF resets on every link state change", " (LP: #2130552)", " - i40e: avoid redundant VF link state updates", "", " * kernel crash on bootup for some arm64 machines (LP: #2129770)", " - KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check", "", " * CVE-2025-40018", " - ipvs: Defer ip_vs_ftp unregister during netns cleanup", "" ], "package": "linux", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 17:53:03 +0100" } ], "notes": "linux-image-6.17.0-8-generic version '6.17.0-8.8' (source package linux version '6.17.0-8.8') was added. linux-image-6.17.0-8-generic version '6.17.0-8.8' has the same source package name, linux, as removed package linux-headers-6.17.0-7. As such we can use the source package version of the removed package, '6.17.0-7.7', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-modules-6.17.0-8-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "log": [ "", " * questing/linux: 6.17.0-8.8 -proposed tracker (LP: #2131554)", "", " * crash when reading from /sys/kernel/tracing/rv/enabled_monitors", " (LP: #2131136)", " - rv: Fully convert enabled_monitors to use list_head as iterator", "", " * i40e driver is triggering VF resets on every link state change", " (LP: #2130552)", " - i40e: avoid redundant VF link state updates", "", " * kernel crash on bootup for some arm64 machines (LP: #2129770)", " - KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check", "", " * CVE-2025-40018", " - ipvs: Defer ip_vs_ftp unregister during netns cleanup", "" ], "package": "linux", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 17:53:03 +0100" } ], "notes": "linux-modules-6.17.0-8-generic version '6.17.0-8.8' (source package linux version '6.17.0-8.8') was added. linux-modules-6.17.0-8-generic version '6.17.0-8.8' has the same source package name, linux, as removed package linux-headers-6.17.0-7. As such we can use the source package version of the removed package, '6.17.0-7.7', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-tools-6.17.0-8", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "log": [ "", " * questing/linux: 6.17.0-8.8 -proposed tracker (LP: #2131554)", "", " * crash when reading from /sys/kernel/tracing/rv/enabled_monitors", " (LP: #2131136)", " - rv: Fully convert enabled_monitors to use list_head as iterator", "", " * i40e driver is triggering VF resets on every link state change", " (LP: #2130552)", " - i40e: avoid redundant VF link state updates", "", " * kernel crash on bootup for some arm64 machines (LP: #2129770)", " - KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check", "", " * CVE-2025-40018", " - ipvs: Defer ip_vs_ftp unregister during netns cleanup", "" ], "package": "linux", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 17:53:03 +0100" } ], "notes": "linux-tools-6.17.0-8 version '6.17.0-8.8' (source package linux version '6.17.0-8.8') was added. linux-tools-6.17.0-8 version '6.17.0-8.8' has the same source package name, linux, as removed package linux-headers-6.17.0-7. As such we can use the source package version of the removed package, '6.17.0-7.7', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false }, { "name": "linux-tools-6.17.0-8-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": null }, "to_version": { "source_package_name": "linux", "source_package_version": "6.17.0-8.8", "version": "6.17.0-8.8" }, "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "changes": [ { "cves": [ { "cve": "CVE-2025-40018", "url": "https://ubuntu.com/security/CVE-2025-40018", "cve_description": "In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-free. Fix this by introducing a global `exiting_module` flag, set to true in ip_vs_ftp_exit() before unregistering the pernet subsystem. In __ip_vs_ftp_exit(), skip ip_vs_ftp unregister if called during netns cleanup (when exiting_module is false) and defer it to __ip_vs_cleanup_batch(), which unregisters all apps after all connections are flushed. If called during module exit, unregister ip_vs_ftp immediately.", "cve_priority": "medium", "cve_public_date": "2025-10-24 12:15:00 UTC" } ], "log": [ "", " * questing/linux: 6.17.0-8.8 -proposed tracker (LP: #2131554)", "", " * crash when reading from /sys/kernel/tracing/rv/enabled_monitors", " (LP: #2131136)", " - rv: Fully convert enabled_monitors to use list_head as iterator", "", " * i40e driver is triggering VF resets on every link state change", " (LP: #2130552)", " - i40e: avoid redundant VF link state updates", "", " * kernel crash on bootup for some arm64 machines (LP: #2129770)", " - KVM: arm64: Guard PMSCR_EL1 initialization with SPE presence check", "", " * CVE-2025-40018", " - ipvs: Defer ip_vs_ftp unregister during netns cleanup", "" ], "package": "linux", "version": "6.17.0-8.8", "urgency": "medium", "distributions": "questing", "launchpad_bugs_fixed": [ 2131554, 2131136, 2130552, 2129770 ], "author": "Manuel Diewald ", "date": "Fri, 14 Nov 2025 17:53:03 +0100" } ], "notes": "linux-tools-6.17.0-8-generic version '6.17.0-8.8' (source package linux version '6.17.0-8.8') was added. linux-tools-6.17.0-8-generic version '6.17.0-8.8' has the same source package name, linux, as removed package linux-headers-6.17.0-7. As such we can use the source package version of the removed package, '6.17.0-7.7', as the starting point in our changelog diff. Kernel packages are an example of where the binary package name changes for the same source package. Using the removed package source package version as our starting point means we can still get meaningful changelog diffs even for what appears to be a new package.", "is_version_downgrade": false } ], "snap": [] }, "removed": { "deb": [ { "name": "linux-headers-6.17.0-7", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-headers-6.17.0-7-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-image-6.17.0-7-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-modules-6.17.0-7-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-6.17.0-7", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false }, { "name": "linux-tools-6.17.0-7-generic", "from_version": { "source_package_name": "linux", "source_package_version": "6.17.0-7.7", "version": "6.17.0-7.7" }, "to_version": { "source_package_name": null, "source_package_version": null, "version": null }, "cves": [], "launchpad_bugs_fixed": [], "changes": [], "notes": null, "is_version_downgrade": false } ], "snap": [] }, "notes": "Changelog diff for Ubuntu 25.10 questing image from daily image serial 20251202 to 20251212", "from_series": "questing", "to_series": "questing", "from_serial": "20251202", "to_serial": "20251212", "from_manifest_filename": "daily_manifest.previous", "to_manifest_filename": "manifest.current" }