UbuntuUpdates.org

Package "libnss-resolve"

Name: libnss-resolve

Description:

nss module to resolve names via systemd-resolved
Latest version: 249.11-0ubuntu3.16
Release: jammy (22.04)
Level: security
Repository: universe
Head package: systemd
Homepage: https://www.freedesktop.org/wiki/Software/systemd

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libnss-resolve"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libnss-resolve" in Jammy

Repository Area Version
base universe 249.11-0ubuntu3
updates universe 249.11-0ubuntu3.16

Changelog

Version: 249.11-0ubuntu3.16 2025-06-09 16:07:25 UTC

  systemd (249.11-0ubuntu3.16) jammy-security; urgency=medium

  * SECURITY UPDATE: race condition in systemd-coredump
    - debian/patches/CVE_2025_4598_1.patch: coredump: get rid of
      _META_MANDATORY_MAX.
    - debian/patches/CVE_2025_4598_2.patch: coredump: use %d in kernel core
      pattern.
    - debian/patches/CVE_2025_4598_3.patch: coredump: get rid of a bogus
      assertion.
    - CVE-2025-4598

 -- Octavio Galland <email address hidden> Wed, 04 Jun 2025 11:17:43 -0300
Source diff to previous version
CVE-2025-4598 A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to

Version: 249.11-0ubuntu3.7 2023-03-07 19:07:13 UTC

  systemd (249.11-0ubuntu3.7) jammy-security; urgency=medium

  * SECURITY UPDATE: buffer overrun vulnerability in format_timespan()
    - debian/patches/CVE-2022-3821.patch: time-util: fix buffer-over-run
    - CVE-2022-3821
  * SECURITY UPDATE: information leak vulnerability in systemd-coredump
    - debian/patches/CVE-2022-4415.patch: do not allow user to access
      coredumps with changed uid/gid/capabilities
    - CVE-2022-4415

 -- Nishit Majithia <email address hidden> Thu, 02 Mar 2023 18:28:02 +0530
CVE-2022-3821 An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time a
CVE-2022-4415 A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpab


About   -   Send Feedback to @ubuntu_updates