UbuntuUpdates.org

Latest Changelogs for all releases

All releases Bionic Focal Jammy Noble Plucky
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesbackportsproposedbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

php8.4 Jul 17th 21:28
Release: plucky Repo: universe Level: updates New version: 8.4.5-1ubuntu1.1
Packages in group:  libphp8.4-embed php8.4-bcmath php8.4-bz2 php8.4-dba php8.4-enchant php8.4-fpm php8.4-interbase php8.4-intl php8.4-phpdbg php8.4-soap php8.4-sybase (... see all)

  php8.4 (8.4.5-1ubuntu1.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Null byte termination in hostnames
    - debian/patches/CVE-2025-1220.patch: check hostnames in
      ext/standard/fsock.c,
      ext/standard/tests/network/ghsa-3cr5-j632-f35r.phpt,
      ext/standard/tests/streams/ghsa-3cr5-j632-f35r.phpt,
      main/streams/xp_socket.c.
    - CVE-2025-1220
  * SECURITY UPDATE: pgsql extension does not check for errors during
    escaping
    - debian/patches/CVE-2025-1735.patch: add error checks in
      ext/pdo_pgsql/pgsql_driver.c,
      ext/pdo_pgsql/tests/ghsa-hrwm-9436-5mv3.phpt,
      ext/pgsql/pgsql.c, ext/pgsql/tests/ghsa-hrwm-9436-5mv3.phpt.
    - CVE-2025-1735
  * SECURITY UPDATE: NULL Pointer Dereference in PHP SOAP Extension via
    Large XML Namespace Prefix
    - debian/patches/CVE-2025-6491.patch: handle large names in
      ext/soap/soap.c, ext/soap/tests/soap_qname_crash.phpt.
    - CVE-2025-6491

 -- Marc Deslauriers <email address hidden> Mon, 14 Jul 2025 14:20:32 -0400
CVE-2025-1220 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation th
CVE-2025-1735 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the under
CVE-2025-6491 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly l

ledgersmb Jul 17th 21:28
Release: plucky Repo: universe Level: updates New version: 1.6.33+ds-2.2ubuntu0.25.04.1
Packages in group: 

  ledgersmb (1.6.33+ds-2.2ubuntu0.25.04.1) plucky-security; urgency=medium

  * SECURITY UPDATE: No origin check for HTML fragments
    - debian/patches/CVE-2021-3693.patch: Fix regression of errors not
      creating pop-ups
    - CVE-2021-3693
  * SECURITY UPDATE: Missing secure attribute over HTTPS
    - debian/patches/CVE-2021-3882.patch: Use HTTPS environment setting
      to detect https connections
    - CVE-2021-3882
  * SECURITY UPDATE: Privilege escalation
    - debian/patches/CVE-2024-23831.patch: Fix missing CSRF mitigation
    - CVE-2024-23831

 -- John Breton <email address hidden> Tue, 15 Jul 2025 13:24:29 -0400
CVE-2021-3693 LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, thi
CVE-2021-3882 LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a rev
CVE-2024-23831 LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker

linux-restricted-signatures-oracle Jul 17th 21:28
Release: plucky Repo: restricted Level: updates New version: 6.14.0-1008.8+1
Packages in group:  linux-modules-nvidia-535-server-open-6.14.0-1005-oracle linux-modules-nvidia-535-server-open-6.14.0-1007-oracle linux-modules-nvidia-535-server-open-6.14.0-1008-oracle linux-modules-nvidia-550-server-open-6.14.0-1005-oracle linux-modules-nvidia-550-server-open-6.14.0-1007-oracle linux-modules-nvidia-570-open-6.14.0-1005-oracle linux-modules-nvidia-570-open-6.14.0-1007-oracle linux-modules-nvidia-570-open-6.14.0-1008-oracle linux-modules-nvidia-570-server-open-6.14.0-1005-oracle linux-modules-nvidia-570-server-open-6.14.0-1007-oracle linux-modules-nvidia-570-server-open-6.14.0-1008-oracle (... see all)

  linux-restricted-signatures-oracle (6.14.0-1008.8+1) plucky; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/dkms-versions -- update from kernel-versions
      (adhoc/s2025.05.19)

 -- Andy Whitcroft <email address hidden> Mon, 14 Jul 2025 21:12:25 +0100
1786013 Packaging resync

linux-restricted-modules-oracle Jul 17th 21:28
Release: plucky Repo: restricted Level: updates New version: 6.14.0-1008.8+1
Packages in group:  linux-modules-nvidia-525-server-open-oracle linux-modules-nvidia-525-server-open-oracle-6.14 linux-modules-nvidia-525-server-oracle linux-modules-nvidia-525-server-oracle-6.14 linux-modules-nvidia-535-open-oracle linux-modules-nvidia-535-open-oracle-6.14 linux-modules-nvidia-535-oracle linux-modules-nvidia-535-oracle-6.14 linux-modules-nvidia-535-server-6.14.0-1005-oracle linux-modules-nvidia-535-server-6.14.0-1007-oracle linux-modules-nvidia-535-server-6.14.0-1008-oracle (... see all)

  linux-restricted-modules-oracle (6.14.0-1008.8+1) plucky; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/dkms-versions -- update from kernel-versions
      (adhoc/s2025.05.19)

 -- Andy Whitcroft <email address hidden> Mon, 14 Jul 2025 21:12:25 +0100
1786013 Packaging resync

php8.4 Jul 17th 21:28
Release: plucky Repo: main Level: updates New version: 8.4.5-1ubuntu1.1
Packages in group:  libapache2-mod-php8.4 php8.4-cgi php8.4-cli php8.4-common php8.4-curl php8.4-dev php8.4-gd php8.4-gmp php8.4-ldap php8.4-mbstring php8.4-mysql (... see all)

  php8.4 (8.4.5-1ubuntu1.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Null byte termination in hostnames
    - debian/patches/CVE-2025-1220.patch: check hostnames in
      ext/standard/fsock.c,
      ext/standard/tests/network/ghsa-3cr5-j632-f35r.phpt,
      ext/standard/tests/streams/ghsa-3cr5-j632-f35r.phpt,
      main/streams/xp_socket.c.
    - CVE-2025-1220
  * SECURITY UPDATE: pgsql extension does not check for errors during
    escaping
    - debian/patches/CVE-2025-1735.patch: add error checks in
      ext/pdo_pgsql/pgsql_driver.c,
      ext/pdo_pgsql/tests/ghsa-hrwm-9436-5mv3.phpt,
      ext/pgsql/pgsql.c, ext/pgsql/tests/ghsa-hrwm-9436-5mv3.phpt.
    - CVE-2025-1735
  * SECURITY UPDATE: NULL Pointer Dereference in PHP SOAP Extension via
    Large XML Namespace Prefix
    - debian/patches/CVE-2025-6491.patch: handle large names in
      ext/soap/soap.c, ext/soap/tests/soap_qname_crash.phpt.
    - CVE-2025-6491

 -- Marc Deslauriers <email address hidden> Mon, 14 Jul 2025 14:20:32 -0400
CVE-2025-1220 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation th
CVE-2025-1735 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the under
CVE-2025-6491 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly l

linux-signed-oracle Jul 17th 21:28
Release: plucky Repo: main Level: updates New version: 6.14.0-1008.8
Packages in group:  linux-image-6.14.0-1007-oracle linux-image-6.14.0-1008-oracle

  linux-signed-oracle (6.14.0-1008.8) plucky; urgency=medium

  * Main version: 6.14.0-1008.8

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants
    - [Packaging] debian/tracking-bug -- resync from main package

 -- Philip Cox <email address hidden> Mon, 23 Jun 2025 12:43:58 -0400
1786013 Packaging resync

linux-meta-oracle Jul 17th 21:28
Release: plucky Repo: main Level: updates New version: 6.14.0-1008.8
Packages in group:  linux-headers-oracle linux-headers-oracle-6.14 linux-image-oracle linux-image-oracle-6.14 linux-oracle linux-oracle-6.14 linux-tools-oracle linux-tools-oracle-6.14

  linux-meta-oracle (6.14.0-1008.8) plucky; urgency=medium

  * Main version: 6.14.0-1008.8

  * Packaging resync (LP: #1786013)
    - [Packaging] update variants

 -- Philip Cox <email address hidden> Mon, 23 Jun 2025 12:43:51 -0400
1786013 Packaging resync

php8.3 Jul 17th 21:28
Release: noble Repo: universe Level: updates New version: 8.3.6-0ubuntu0.24.04.5
Packages in group:  libphp8.3-embed php8.3-bcmath php8.3-bz2 php8.3-dba php8.3-enchant php8.3-fpm php8.3-imap php8.3-interbase php8.3-intl php8.3-phpdbg php8.3-soap (... see all)

  php8.3 (8.3.6-0ubuntu0.24.04.5) noble-security; urgency=medium

  * SECURITY UPDATE: Null byte termination in hostnames
    - debian/patches/CVE-2025-1220.patch: check hostnames in
      ext/standard/fsock.c,
      ext/standard/tests/network/ghsa-3cr5-j632-f35r.phpt,
      ext/standard/tests/streams/ghsa-3cr5-j632-f35r.phpt,
      main/streams/xp_socket.c.
    - CVE-2025-1220
  * SECURITY UPDATE: pgsql extension does not check for errors during
    escaping
    - debian/patches/CVE-2025-1735.patch: add error checks in
      ext/pdo_pgsql/pgsql_driver.c,
      ext/pdo_pgsql/tests/ghsa-hrwm-9436-5mv3.phpt,
      ext/pgsql/pgsql.c, ext/pgsql/tests/ghsa-hrwm-9436-5mv3.phpt.
    - CVE-2025-1735
  * SECURITY UPDATE: NULL Pointer Dereference in PHP SOAP Extension via
    Large XML Namespace Prefix
    - debian/patches/CVE-2025-6491.patch: handle large names in
      ext/soap/soap.c, ext/soap/tests/soap_qname_crash.phpt.
    - CVE-2025-6491

 -- Marc Deslauriers <email address hidden> Mon, 14 Jul 2025 14:30:55 -0400
CVE-2025-1220 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation th
CVE-2025-1735 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the under
CVE-2025-6491 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly l

ledgersmb Jul 17th 21:28
Release: noble Repo: universe Level: updates New version: 1.6.33+ds-2.1ubuntu0.1
Packages in group: 

  ledgersmb (1.6.33+ds-2.1ubuntu0.1) noble-security; urgency=medium

  * SECURITY UPDATE: No origin check for HTML fragments
    - debian/patches/CVE-2021-3693.patch: Fix regression of errors not
      creating pop-ups
    - CVE-2021-3693
  * SECURITY UPDATE: Missing secure attribute over HTTPS
    - debian/patches/CVE-2021-3882.patch: Use HTTPS environment setting
      to detect https connections
    - CVE-2021-3882
  * SECURITY UPDATE: Privilege escalation
    - debian/patches/CVE-2024-23831.patch: Fix missing CSRF mitigation
    - CVE-2024-23831

 -- John Breton <email address hidden> Tue, 15 Jul 2025 13:27:36 -0400
CVE-2021-3693 LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, thi
CVE-2021-3882 LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a rev
CVE-2024-23831 LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker

linux-qcom Jul 17th 21:28
Release: noble Repo: universe Level: security New version: 6.8.0-1048.48
Packages in group:  linux-libc-dev-qcom linux-qcom-headers-6.8.0-1047 linux-qcom-headers-6.8.0-1048

  linux-qcom (6.8.0-1048.48) noble; urgency=medium

  * noble/linux-qcom: 6.8.0-1048.48 -proposed tracker (LP: #2116048)

  * INVALID or PRIVATE BUG (LP: #2115967)
    - SAUCE: camera_kt: fix double locking in cleanup function

  * CONFIG_MMAP_MIN_ADDR should 32768
    - UBUNTU [Config] set CONFIG_DEFAULT_MMAP_MIN_ADDR=32768

 -- Masahiro Yamada <email address hidden> Mon, 07 Jul 2025 17:13:59 +0900

linux-restricted-signatures-lowlatency Jul 17th 21:28
Release: noble Repo: restricted Level: security New version: 6.8.0-64.67.1+1
Packages in group:  linux-modules-nvidia-535-open-6.8.0-35-lowlatency linux-modules-nvidia-535-open-6.8.0-36-lowlatency linux-modules-nvidia-535-open-6.8.0-38-lowlatency linux-modules-nvidia-535-open-6.8.0-39-lowlatency linux-modules-nvidia-535-open-6.8.0-40-lowlatency linux-modules-nvidia-535-open-6.8.0-41-lowlatency linux-modules-nvidia-535-open-6.8.0-44-lowlatency linux-modules-nvidia-535-open-6.8.0-45-lowlatency linux-modules-nvidia-535-open-6.8.0-47-lowlatency linux-modules-nvidia-535-open-6.8.0-48-lowlatency linux-modules-nvidia-535-open-6.8.0-49-lowlatency (... see all)

  linux-restricted-signatures-lowlatency (6.8.0-64.67.1+1) noble; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/dkms-versions -- update from kernel-versions
      (adhoc/2025.06.16)

 -- Andy Whitcroft <email address hidden> Mon, 14 Jul 2025 21:36:35 +0100
1786013 Packaging resync

linux-restricted-signatures-ibm Jul 17th 21:28
Release: noble Repo: restricted Level: security New version: 6.8.0-1029.29+1
Packages in group:  linux-modules-nvidia-535-open-6.8.0-1006-ibm linux-modules-nvidia-535-open-6.8.0-1007-ibm linux-modules-nvidia-535-open-6.8.0-1008-ibm linux-modules-nvidia-535-open-6.8.0-1009-ibm linux-modules-nvidia-535-open-6.8.0-1010-ibm linux-modules-nvidia-535-open-6.8.0-1011-ibm linux-modules-nvidia-535-open-6.8.0-1012-ibm linux-modules-nvidia-535-open-6.8.0-1013-ibm linux-modules-nvidia-535-open-6.8.0-1014-ibm linux-modules-nvidia-535-open-6.8.0-1015-ibm linux-modules-nvidia-535-open-6.8.0-1016-ibm (... see all)

  linux-restricted-signatures-ibm (6.8.0-1029.29+1) noble; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/dkms-versions -- update from kernel-versions
      (adhoc/2025.06.16)

 -- Andy Whitcroft <email address hidden> Mon, 14 Jul 2025 21:39:43 +0100
1786013 Packaging resync

linux-restricted-modules-lowlatency Jul 17th 21:28
Release: noble Repo: restricted Level: security New version: 6.8.0-64.67.1+1
Packages in group:  linux-modules-nvidia-470-6.8.0-35-lowlatency linux-modules-nvidia-470-6.8.0-36-lowlatency linux-modules-nvidia-470-6.8.0-38-lowlatency linux-modules-nvidia-470-6.8.0-39-lowlatency linux-modules-nvidia-470-6.8.0-40-lowlatency linux-modules-nvidia-470-6.8.0-41-lowlatency linux-modules-nvidia-470-6.8.0-44-lowlatency linux-modules-nvidia-470-6.8.0-45-lowlatency linux-modules-nvidia-470-6.8.0-47-lowlatency linux-modules-nvidia-470-6.8.0-48-lowlatency linux-modules-nvidia-470-6.8.0-49-lowlatency (... see all)

  linux-restricted-modules-lowlatency (6.8.0-64.67.1+1) noble; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/dkms-versions -- update from kernel-versions
      (adhoc/2025.06.16)

 -- Andy Whitcroft <email address hidden> Mon, 14 Jul 2025 21:36:35 +0100
1786013 Packaging resync

linux-restricted-modules-ibm Jul 17th 21:28
Release: noble Repo: restricted Level: security New version: 6.8.0-1029.29+1
Packages in group:  linux-modules-nvidia-470-6.8.0-1006-ibm linux-modules-nvidia-470-6.8.0-1007-ibm linux-modules-nvidia-470-6.8.0-1008-ibm linux-modules-nvidia-470-6.8.0-1009-ibm linux-modules-nvidia-470-6.8.0-1010-ibm linux-modules-nvidia-470-6.8.0-1011-ibm linux-modules-nvidia-470-6.8.0-1012-ibm linux-modules-nvidia-470-6.8.0-1013-ibm linux-modules-nvidia-470-6.8.0-1014-ibm linux-modules-nvidia-470-6.8.0-1015-ibm linux-modules-nvidia-470-6.8.0-1016-ibm (... see all)

  linux-restricted-modules-ibm (6.8.0-1029.29+1) noble; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/dkms-versions -- update from kernel-versions
      (adhoc/2025.06.16)

 -- Andy Whitcroft <email address hidden> Mon, 14 Jul 2025 21:39:43 +0100
1786013 Packaging resync

php8.3 Jul 17th 21:28
Release: noble Repo: main Level: updates New version: 8.3.6-0ubuntu0.24.04.5
Packages in group:  libapache2-mod-php8.3 php8.3-cgi php8.3-cli php8.3-common php8.3-curl php8.3-dev php8.3-gd php8.3-gmp php8.3-ldap php8.3-mbstring php8.3-mysql (... see all)

  php8.3 (8.3.6-0ubuntu0.24.04.5) noble-security; urgency=medium

  * SECURITY UPDATE: Null byte termination in hostnames
    - debian/patches/CVE-2025-1220.patch: check hostnames in
      ext/standard/fsock.c,
      ext/standard/tests/network/ghsa-3cr5-j632-f35r.phpt,
      ext/standard/tests/streams/ghsa-3cr5-j632-f35r.phpt,
      main/streams/xp_socket.c.
    - CVE-2025-1220
  * SECURITY UPDATE: pgsql extension does not check for errors during
    escaping
    - debian/patches/CVE-2025-1735.patch: add error checks in
      ext/pdo_pgsql/pgsql_driver.c,
      ext/pdo_pgsql/tests/ghsa-hrwm-9436-5mv3.phpt,
      ext/pgsql/pgsql.c, ext/pgsql/tests/ghsa-hrwm-9436-5mv3.phpt.
    - CVE-2025-1735
  * SECURITY UPDATE: NULL Pointer Dereference in PHP SOAP Extension via
    Large XML Namespace Prefix
    - debian/patches/CVE-2025-6491.patch: handle large names in
      ext/soap/soap.c, ext/soap/tests/soap_qname_crash.phpt.
    - CVE-2025-6491

 -- Marc Deslauriers <email address hidden> Mon, 14 Jul 2025 14:30:55 -0400
CVE-2025-1220 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation th
CVE-2025-1735 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the under
CVE-2025-6491 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly l


About   -   Send Feedback to @ubuntu_updates