UbuntuUpdates.org

Latest Changelogs for all releases

All releases Bionic Focal Jammy Noble Plucky Questing Resolute
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesbackportsproposedbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

ruby3.0 Jul 4th 23:07
Release: jammy Repo: main Level: updates New version: 3.0.2-7ubuntu2.13
Packages in group:  libruby3.0 ruby3.0-dev ruby3.0-doc

  ruby3.0 (3.0.2-7ubuntu2.13) jammy-security; urgency=medium

  * SECURITY UPDATE: STARTTLS stripping via pre-injected tagged response
    - debian/patches/CVE-2026-42246.patch: add handled flag in starttls(),
      guard_against_tagged_response_skipping_handler! in send_command, and
      InvalidResponseError class to detect and reject pre-injected OK
      responses before TLS negotiation begins.
    - CVE-2026-42246
  * SECURITY UPDATE: CRLF injection via RawData and setquota command
    - debian/patches/CVE-2026-42257.patch: add CRLF/NUL validation in
      RawData#validate; rewrite setquota to use typed array encoding
      instead of raw string concatenation.
    - CVE-2026-42257

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 17 Jun 2026 08:57:18 -0300

CVE-2026-42246 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man
CVE-2026-42257 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::

ruby3.2 Jul 4th 21:07
Release: noble Repo: main Level: updates New version: 3.2.3-1ubuntu0.24.04.8
Packages in group:  libruby3.2 ruby3.2-dev ruby3.2-doc

  ruby3.2 (3.2.3-1ubuntu0.24.04.8) noble-security; urgency=medium

  * SECURITY UPDATE: STARTTLS stripping via pre-injected tagged response
    - debian/patches/CVE-2026-42246.patch: add handled flag in starttls(),
      guard_against_tagged_response_skipping_handler! in send_command, and
      InvalidResponseError class to detect and reject pre-injected OK
      responses before TLS negotiation begins (net-imap 0.3.4.1).
    - CVE-2026-42246
  * SECURITY UPDATE: CRLF injection via RawData and setquota command
    - debian/patches/CVE-2026-42257.patch: add CRLF/NUL validation in
      RawData#validate in command_data.rb; rewrite setquota to use typed
      array encoding instead of raw string concatenation (net-imap 0.3.4.1).
    - CVE-2026-42257

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 17 Jun 2026 08:29:20 -0300

CVE-2026-42246 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man
CVE-2026-42257 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::

ruby3.2 Jul 4th 18:07
Release: noble Repo: main Level: security New version: 3.2.3-1ubuntu0.24.04.8
Packages in group:  libruby3.2 ruby3.2-dev ruby3.2-doc

  ruby3.2 (3.2.3-1ubuntu0.24.04.8) noble-security; urgency=medium

  * SECURITY UPDATE: STARTTLS stripping via pre-injected tagged response
    - debian/patches/CVE-2026-42246.patch: add handled flag in starttls(),
      guard_against_tagged_response_skipping_handler! in send_command, and
      InvalidResponseError class to detect and reject pre-injected OK
      responses before TLS negotiation begins (net-imap 0.3.4.1).
    - CVE-2026-42246
  * SECURITY UPDATE: CRLF injection via RawData and setquota command
    - debian/patches/CVE-2026-42257.patch: add CRLF/NUL validation in
      RawData#validate in command_data.rb; rewrite setquota to use typed
      array encoding instead of raw string concatenation (net-imap 0.3.4.1).
    - CVE-2026-42257

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 17 Jun 2026 08:29:20 -0300

CVE-2026-42246 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man
CVE-2026-42257 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::

ruby3.0 Jul 4th 18:07
Release: jammy Repo: main Level: security New version: 3.0.2-7ubuntu2.13
Packages in group:  libruby3.0 ruby3.0-dev ruby3.0-doc

  ruby3.0 (3.0.2-7ubuntu2.13) jammy-security; urgency=medium

  * SECURITY UPDATE: STARTTLS stripping via pre-injected tagged response
    - debian/patches/CVE-2026-42246.patch: add handled flag in starttls(),
      guard_against_tagged_response_skipping_handler! in send_command, and
      InvalidResponseError class to detect and reject pre-injected OK
      responses before TLS negotiation begins.
    - CVE-2026-42246
  * SECURITY UPDATE: CRLF injection via RawData and setquota command
    - debian/patches/CVE-2026-42257.patch: add CRLF/NUL validation in
      RawData#validate; rewrite setquota to use typed array encoding
      instead of raw string concatenation.
    - CVE-2026-42257

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 17 Jun 2026 08:57:18 -0300

CVE-2026-42246 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man
CVE-2026-42257 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::

vim Jul 4th 16:07
Release: resolute Repo: universe Level: security New version: 2:9.1.2141-1ubuntu4.6
Packages in group:  vim-gtk3 vim-gui-common vim-motif vim-nox

  vim (2:9.1.2141-1ubuntu4.6) resolute-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write.
    - debian/patches/CVE-2026-55693.patch: only descend while
      depth < MAXWLEN - 1 in src/spellfile.c.
    - debian/patches/CVE-2026-55892.patch: only descend while
      depth < MAXWLEN - 1 in src/spell.c.
    - CVE-2026-55693
    - CVE-2026-55892
  * SECURITY UPDATE: Code injection in local file deletion.
    - debian/patches/CVE-2026-55895.patch: Use fnameescape() to escape
      file name in runtime/pack/dist/opt/netrw/autoload/netrw.vim.
    - CVE-2026-55895
  * SECURITY UPDATE: Out-of-bounds read with sodium encrypted files.
    - debian/patches/CVE-2026-57452.patch: Verify that there is enough space
      before function call in src/crypt.c.
    - CVE-2026-57452
  * SECURITY UPDATE: Powershell code execution in zip.vim.
    - debian/patches/CVE-2026-57453.patch: Escape powershell code in
      runtime/autoload/zip.vim.
    - CVE-2026-57453
  * SECURITY UPDATE: Out-of-bounds write with soundfold().
    - debian/patches/CVE-2026-57455.patch: Add an abort condition to validate
      buffer in src/spell.c.
    - CVE-2026-57455
  * SECURITY UPDATE: Code execution with python complete.
    - debian/patches/CVE-2026-57456.patch: Use repr() to quote the doc strings
      in runtime/autoload/python3complete.vim and ../pythoncomplete.vim.
    - CVE-2026-57456

 -- Kyle Kernick <email address hidden> Tue, 30 Jun 2026 11:00:04 -0600

CVE-2026-55693 Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields
CVE-2026-55892 Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iterat
CVE-2026-55895 Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the ne
CVE-2026-57452 Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xch
CVE-2026-57453 Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShell
More...

cifs-utils Jul 3rd 23:07
Release: questing Repo: main Level: updates New version: 2:7.4-1ubuntu0.25.10.2
Packages in group: 

  cifs-utils (2:7.4-1ubuntu0.25.10.2) questing-security; urgency=medium

  * SECURITY REGRESSION: regression with kerberos mounts (LP: #2159053)
    - debian/patches/CVE-2026-12505.patch: disable until a fix is available
      from cifs-utils developers.

 -- Marc Deslauriers <email address hidden> Fri, 03 Jul 2026 12:54:52 -0400

2159053 fix for CVE-2026-12505 introduced regression with kerberos mounts
CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information

cifs-utils Jul 3rd 22:07
Release: resolute Repo: main Level: updates New version: 2:7.4-1ubuntu0.26.04.2
Packages in group: 

  cifs-utils (2:7.4-1ubuntu0.26.04.2) resolute-security; urgency=medium

  * SECURITY REGRESSION: regression with kerberos mounts (LP: #2159053)
    - debian/patches/CVE-2026-12505.patch: disable until a fix is available
      from cifs-utils developers.

 -- Marc Deslauriers <email address hidden> Fri, 03 Jul 2026 12:52:00 -0400

2159053 fix for CVE-2026-12505 introduced regression with kerberos mounts
CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information

cifs-utils Jul 3rd 22:07
Release: noble Repo: main Level: updates New version: 2:7.0-2ubuntu0.4
Packages in group: 

  cifs-utils (2:7.0-2ubuntu0.4) noble-security; urgency=medium

  * SECURITY REGRESSION: regression with kerberos mounts (LP: #2159053)
    - debian/patches/CVE-2026-12505.patch: disable until a fix is available
      from cifs-utils developers.

 -- Marc Deslauriers <email address hidden> Fri, 03 Jul 2026 12:55:30 -0400

2159053 fix for CVE-2026-12505 introduced regression with kerberos mounts
CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information

cifs-utils Jul 3rd 22:07
Release: jammy Repo: main Level: updates New version: 2:6.14-1ubuntu0.5
Packages in group: 

  cifs-utils (2:6.14-1ubuntu0.5) jammy-security; urgency=medium

  * SECURITY REGRESSION: regression with kerberos mounts (LP: #2159053)
    - debian/patches/CVE-2026-12505.patch: disable until a fix is available
      from cifs-utils developers.

 -- Marc Deslauriers <email address hidden> Fri, 03 Jul 2026 12:55:58 -0400

2159053 fix for CVE-2026-12505 introduced regression with kerberos mounts
CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information

vim Jul 3rd 21:07
Release: questing Repo: main Level: security New version: 2:9.1.0967-1ubuntu6.8
Packages in group:  vim-common vim-doc vim-runtime vim-tiny xxd

  vim (2:9.1.0967-1ubuntu6.8) questing-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds write.
    - debian/patches/CVE-2026-55693.patch: only descend while
      depth < MAXWLEN - 1 in src/spellfile.c.
    - debian/patches/CVE-2026-55892.patch: only descend while
      depth < MAXWLEN - 1 in src/spell.c.
    - CVE-2026-55693
    - CVE-2026-55892
  * SECURITY UPDATE: Code injection in local file deletion.
    - debian/patches/CVE-2026-55895.patch: Use fnameescape() to escape
      file name in runtime/autoload/netrw.vim.
    - CVE-2026-55895
  * SECURITY UPDATE: Out-of-bounds read with sodium encrypted files.
    - debian/patches/CVE-2026-57452.patch: Verify that there is enough space
      before function call in src/crypt.c.
    - CVE-2026-57452
  * SECURITY UPDATE: Out-of-bounds write with soundfold().
    - debian/patches/CVE-2026-57455.patch: Add an abort condition to validate
      buffer in src/spell.c.
    - CVE-2026-57455
  * SECURITY UPDATE: Code execution with python complete.
    - debian/patches/CVE-2026-57456.patch: Use repr() to quote the doc strings
      in runtime/autoload/python3complete.vim and ../pythoncomplete.vim.
    - CVE-2026-57456

 -- Kyle Kernick <email address hidden> Tue, 30 Jun 2026 11:36:30 -0600

CVE-2026-55693 Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields
CVE-2026-55892 Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iterat
CVE-2026-55895 Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the ne
CVE-2026-57452 Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xch
CVE-2026-57455 Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word
More...

cifs-utils Jul 3rd 21:07
Release: questing Repo: main Level: security New version: 2:7.4-1ubuntu0.25.10.2
Packages in group: 

  cifs-utils (2:7.4-1ubuntu0.25.10.2) questing-security; urgency=medium

  * SECURITY REGRESSION: regression with kerberos mounts (LP: #2159053)
    - debian/patches/CVE-2026-12505.patch: disable until a fix is available
      from cifs-utils developers.

 -- Marc Deslauriers <email address hidden> Fri, 03 Jul 2026 12:54:52 -0400

2159053 fix for CVE-2026-12505 introduced regression with kerberos mounts
CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information

cifs-utils Jul 3rd 20:07
Release: resolute Repo: main Level: security New version: 2:7.4-1ubuntu0.26.04.2
Packages in group: 

  cifs-utils (2:7.4-1ubuntu0.26.04.2) resolute-security; urgency=medium

  * SECURITY REGRESSION: regression with kerberos mounts (LP: #2159053)
    - debian/patches/CVE-2026-12505.patch: disable until a fix is available
      from cifs-utils developers.

 -- Marc Deslauriers <email address hidden> Fri, 03 Jul 2026 12:52:00 -0400

2159053 fix for CVE-2026-12505 introduced regression with kerberos mounts
CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information

cifs-utils Jul 3rd 20:07
Release: noble Repo: main Level: security New version: 2:7.0-2ubuntu0.4
Packages in group: 

  cifs-utils (2:7.0-2ubuntu0.4) noble-security; urgency=medium

  * SECURITY REGRESSION: regression with kerberos mounts (LP: #2159053)
    - debian/patches/CVE-2026-12505.patch: disable until a fix is available
      from cifs-utils developers.

 -- Marc Deslauriers <email address hidden> Fri, 03 Jul 2026 12:55:30 -0400

2159053 fix for CVE-2026-12505 introduced regression with kerberos mounts
CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information

vim Jul 3rd 20:07
Release: jammy Repo: main Level: security New version: 2:8.2.3995-1ubuntu2.33
Packages in group:  vim-common vim-doc vim-runtime vim-tiny xxd

  vim (2:8.2.3995-1ubuntu2.33) jammy-security; urgency=medium

  * SECURITY UPDATE: Path Traversal in zip.vim
    - debian/patches/CVE-2026-35177.patch: Detect malicious zip files before
      writing in runtime/autoload/zip.vim
    - CVE-2026-35177
  * SECURITY UPDATE: Out-of-bounds write.
    - debian/patches/CVE-2026-55693.patch: only descend while
      depth < MAXWLEN - 1 in src/spellfile.c.
    - debian/patches/CVE-2026-55892.patch: only descend while
      depth < MAXWLEN - 1 in src/spell.c.
    - CVE-2026-55693
    - CVE-2026-55892
  * SECURITY UPDATE: Code injection in local file deletion.
    - debian/patches/CVE-2026-55895.patch: Use fnameescape() to escape
      file name in runtime/autoload/netrw.vim.
    - CVE-2026-55895
  * SECURITY UPDATE: Out-of-bounds read with sodium encrypted files.
    - debian/patches/CVE-2026-57452.patch: Verify that there is enough space
      before function call in src/crypt.c.
    - CVE-2026-57452
  * SECURITY UPDATE: Out-of-bounds write with soundfold().
    - debian/patches/CVE-2026-57455.patch: Add an abort condition to validate
      buffer in src/spell.c.
    - CVE-2026-57455
  * SECURITY UPDATE: Code execution with python complete.
    - debian/patches/CVE-2026-57456.patch: Use repr() to quote the doc strings
      in runtime/autoload/python3complete.vim and ../pythoncomplete.vim.
    - CVE-2026-57456

 -- Kyle Kernick <email address hidden> Tue, 30 Jun 2026 11:46:22 -0600

CVE-2026-35177 Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary f
CVE-2026-55693 Vim is an open source, command line text editor. Prior to 9.2.0653, the tree_count_words() function in src/spellfile.c fills in the word-count fields
CVE-2026-55892 Vim is an open source, command line text editor. Prior to 9.2.0662, the dump_prefixes() function in src/spell.c walks a spell-file prefix trie iterat
CVE-2026-55895 Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile() in the ne
CVE-2026-57452 Vim is an open source, command line text editor. Prior to 9.2.0671, when Vim opens a file encrypted with the VimCrypt~04! or VimCrypt~05! method (xch
More...

cifs-utils Jul 3rd 20:07
Release: jammy Repo: main Level: security New version: 2:6.14-1ubuntu0.5
Packages in group: 

  cifs-utils (2:6.14-1ubuntu0.5) jammy-security; urgency=medium

  * SECURITY REGRESSION: regression with kerberos mounts (LP: #2159053)
    - debian/patches/CVE-2026-12505.patch: disable until a fix is available
      from cifs-utils developers.

 -- Marc Deslauriers <email address hidden> Fri, 03 Jul 2026 12:55:58 -0400

2159053 fix for CVE-2026-12505 introduced regression with kerberos mounts
CVE-2026-12505 A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information



About   -   Send Feedback to @ubuntu_updates