UbuntuUpdates.org

Latest Changelogs for all releases

All releases Bionic Focal Jammy Noble Plucky Questing
Include all PPAs Exclude daily builds PPAs Exclude all PPAs
Include levels: securityupdatesbackportsproposedbase

Note: Only updates for "head" packages where the changelog is available are shown on this page (view all).

gnutls28 Feb 16th 18:08
Release: noble Repo: universe Level: updates New version: 3.8.3-1.1ubuntu3.5
Packages in group:  gnutls-bin

  gnutls28 (3.8.3-1.1ubuntu3.5) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via malicious certificates
    - debian/patches/CVE-2025-14831-*.patch: rework processing algorithms
      to exhibit better performance characteristics in
      lib/x509/name_constraints.c, tests/name-constraints-ip.c.
    - CVE-2025-14831
  * SECURITY UPDATE: stack overflow via long token label
    - debian/patches/CVE-2025-9820.patch: avoid stack overwrite when
      initializing a token in lib/pkcs11_write.c, tests/Makefile.am,
      tests/pkcs11/long-label.c.
    - CVE-2025-9820

 -- Marc Deslauriers <email address hidden> Tue, 10 Feb 2026 11:09:12 -0500
CVE-2025-14831 A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via
CVE-2025-9820 A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a tok

linux-xilinx Feb 16th 18:08
Release: noble Repo: universe Level: security New version: 6.8.0-1022.23
Packages in group:  linux-xilinx-headers-6.8.0-1008 linux-xilinx-headers-6.8.0-1009 linux-xilinx-headers-6.8.0-1011 linux-xilinx-headers-6.8.0-1012 linux-xilinx-headers-6.8.0-1013 linux-xilinx-headers-6.8.0-1015 linux-xilinx-headers-6.8.0-1017 linux-xilinx-headers-6.8.0-1018 linux-xilinx-headers-6.8.0-1019 linux-xilinx-headers-6.8.0-1020 linux-xilinx-headers-6.8.0-1021 (... see all)

  linux-xilinx (6.8.0-1022.23) noble; urgency=medium

  * noble/linux-xilinx: 6.8.0-1022.23 -proposed tracker (LP: #2138088)

  * [noble:linux-xilinx] Disable cpu governor in ubuntu-xilinx kernel
    (LP: #2138276)
    - [Config] Disable CPU governor in noble xilinx
    - [Config] Fix config for CPU governor disable

  * [KV260 Rev1, KV260 Rev2][24.04] Found lsusb difference during warm reboot
  test (LP: #2109606)
    - usb: misc: onboard_usb_dev: Fix usb5744 initialization sequence
    - usb: misc: onboard_usb_dev: add I2C readiness test with retry

  [ Ubuntu: 6.8.0-94.96 ]

  * noble/linux: 6.8.0-94.96 -proposed tracker (LP: #2138092)
  * CVE-2025-40019
    - crypto: essiv - Check ssize for decryption and in-place encryption
  * CVE-2025-38561
    - ksmbd: fix Preauh_HashValue race condition
  * CVE-2025-39698
    - io_uring/futex: ensure io_futex_wait() cleans up properly on failure

 -- Stewart Hore <email address hidden> Thu, 22 Jan 2026 10:58:17 +1100
2138276 [noble:linux-xilinx] Disable cpu governor in ubuntu-xilinx kernel
CVE-2025-40019 In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssi
CVE-2025-38561 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue race condition If client send multiple session setu
CVE-2025-39698 In the Linux kernel, the following vulnerability has been resolved: io_uring/futex: ensure io_futex_wait() cleans up properly on failure The io_fut

linux-restricted-signatures-lowlatency Feb 16th 18:08
Release: noble Repo: restricted Level: security New version: 6.8.0-94.96.1+1
Packages in group:  linux-modules-nvidia-535-open-6.8.0-35-lowlatency linux-modules-nvidia-535-open-6.8.0-36-lowlatency linux-modules-nvidia-535-open-6.8.0-38-lowlatency linux-modules-nvidia-535-open-6.8.0-39-lowlatency linux-modules-nvidia-535-open-6.8.0-40-lowlatency linux-modules-nvidia-535-open-6.8.0-41-lowlatency linux-modules-nvidia-535-open-6.8.0-44-lowlatency linux-modules-nvidia-535-open-6.8.0-45-lowlatency linux-modules-nvidia-535-open-6.8.0-47-lowlatency linux-modules-nvidia-535-open-6.8.0-48-lowlatency linux-modules-nvidia-535-open-6.8.0-49-lowlatency (... see all)

  linux-restricted-signatures-lowlatency (6.8.0-94.96.1+1) noble; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/dkms-versions -- update from kernel-versions
      (main/s2025.11.17)

 -- Andy Whitcroft <email address hidden> Thu, 29 Jan 2026 14:35:58 +0000
1786013 Packaging resync

linux-restricted-modules-lowlatency Feb 16th 18:08
Release: noble Repo: restricted Level: security New version: 6.8.0-94.96.1+1
Packages in group:  linux-modules-nvidia-470-6.8.0-35-lowlatency linux-modules-nvidia-470-6.8.0-36-lowlatency linux-modules-nvidia-470-6.8.0-38-lowlatency linux-modules-nvidia-470-6.8.0-39-lowlatency linux-modules-nvidia-470-6.8.0-40-lowlatency linux-modules-nvidia-470-6.8.0-41-lowlatency linux-modules-nvidia-470-6.8.0-44-lowlatency linux-modules-nvidia-470-6.8.0-45-lowlatency linux-modules-nvidia-470-6.8.0-47-lowlatency linux-modules-nvidia-470-6.8.0-48-lowlatency linux-modules-nvidia-470-6.8.0-49-lowlatency (... see all)

  linux-restricted-modules-lowlatency (6.8.0-94.96.1+1) noble; urgency=medium

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/dkms-versions -- update from kernel-versions
      (main/s2025.11.17)

 -- Andy Whitcroft <email address hidden> Thu, 29 Jan 2026 14:35:58 +0000
1786013 Packaging resync

alsa-lib Feb 16th 18:08
Release: noble Repo: main Level: updates New version: 1.2.11-1ubuntu0.2
Packages in group:  libasound2-data libasound2-dev libasound2-doc libasound2t64 libatopology2t64 libatopology-dev

  alsa-lib (1.2.11-1ubuntu0.2) noble-security; urgency=medium

  * SECURITY UPDATE: heap overflow in topology mixer control decoder
    - debian/patches/CVE-2026-25068.patch: add boundary check for channel
      mixer count in src/topology/ctl.c.
    - CVE-2026-25068

 -- Marc Deslauriers <email address hidden> Fri, 30 Jan 2026 08:11:03 -0500
CVE-2026-25068 alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control dec

gnutls28 Feb 16th 18:08
Release: noble Repo: main Level: updates New version: 3.8.3-1.1ubuntu3.5
Packages in group:  gnutls-doc libgnutls28-dev libgnutls30t64 libgnutls-dane0t64 libgnutls-openssl27t64

  gnutls28 (3.8.3-1.1ubuntu3.5) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via malicious certificates
    - debian/patches/CVE-2025-14831-*.patch: rework processing algorithms
      to exhibit better performance characteristics in
      lib/x509/name_constraints.c, tests/name-constraints-ip.c.
    - CVE-2025-14831
  * SECURITY UPDATE: stack overflow via long token label
    - debian/patches/CVE-2025-9820.patch: avoid stack overwrite when
      initializing a token in lib/pkcs11_write.c, tests/Makefile.am,
      tests/pkcs11/long-label.c.
    - CVE-2025-9820

 -- Marc Deslauriers <email address hidden> Tue, 10 Feb 2026 11:09:12 -0500
CVE-2025-14831 A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via
CVE-2025-9820 A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a tok

linux-signed-lowlatency Feb 16th 18:08
Release: noble Repo: main Level: security New version: 6.8.0-94.96.1
Packages in group:  linux-image-6.8.0-35-lowlatency linux-image-6.8.0-36-lowlatency linux-image-6.8.0-38-lowlatency linux-image-6.8.0-39-lowlatency linux-image-6.8.0-40-lowlatency linux-image-6.8.0-41-lowlatency linux-image-6.8.0-44-lowlatency linux-image-6.8.0-45-lowlatency linux-image-6.8.0-47-lowlatency linux-image-6.8.0-48-lowlatency linux-image-6.8.0-49-lowlatency (... see all)

  linux-signed-lowlatency (6.8.0-94.96.1) noble; urgency=medium

  * Main version: 6.8.0-94.96.1

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/tracking-bug -- resync from main package

 -- Edoardo Canepa <email address hidden> Mon, 19 Jan 2026 09:56:15 +0100
1786013 Packaging resync

linux-meta-lowlatency Feb 16th 18:08
Release: noble Repo: main Level: security New version: 6.8.0-94.96.1
Packages in group:  linux-cloud-tools-lowlatency linux-cloud-tools-lowlatency-6.8 linux-cloud-tools-lowlatency-hwe-20.04 linux-cloud-tools-lowlatency-hwe-20.04-edge linux-cloud-tools-lowlatency-hwe-22.04 linux-cloud-tools-lowlatency-hwe-22.04-edge linux-headers-lowlatency linux-headers-lowlatency-6.8 linux-headers-lowlatency-hwe-20.04 linux-headers-lowlatency-hwe-20.04-edge linux-headers-lowlatency-hwe-22.04 (... see all)

  linux-meta-lowlatency (6.8.0-94.96.1) noble; urgency=medium

  * Main version: 6.8.0-94.96.1

 -- Edoardo Canepa <email address hidden> Mon, 19 Jan 2026 09:56:03 +0100

alsa-lib Feb 16th 18:08
Release: jammy Repo: universe Level: updates New version: 1.2.6.1-1ubuntu1.1
Packages in group:  libasound2-plugin-smixer

  alsa-lib (1.2.6.1-1ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: heap overflow in topology mixer control decoder
    - debian/patches/CVE-2026-25068.patch: add boundary check for channel
      mixer count in src/topology/ctl.c.
    - CVE-2026-25068

 -- Marc Deslauriers <email address hidden> Fri, 30 Jan 2026 08:11:38 -0500
CVE-2026-25068 alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control dec

gnutls28 Feb 16th 18:08
Release: jammy Repo: universe Level: updates New version: 3.7.3-4ubuntu1.8
Packages in group:  gnutls-bin guile-gnutls

  gnutls28 (3.7.3-4ubuntu1.8) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via malicious certificates
    - debian/patches/CVE-2025-14831-*.patch: rework processing algorithms
      to exhibit better performance characteristics in
      lib/x509/name_constraints.c, tests/name-constraints-ip.c.
    - CVE-2025-14831
  * SECURITY UPDATE: stack overflow via long token label
    - debian/patches/CVE-2025-9820.patch: avoid stack overwrite when
      initializing a token in lib/pkcs11_write.c, tests/Makefile.am,
      tests/pkcs11/long-label.c.
    - CVE-2025-9820

 -- Marc Deslauriers <email address hidden> Tue, 10 Feb 2026 12:28:21 -0500
CVE-2025-14831 A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via
CVE-2025-9820 A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a tok

linux-restricted-signatures-oracle Feb 16th 18:08
Release: jammy Repo: restricted Level: security New version: 5.15.0-1097.103
Packages in group:  linux-modules-nvidia-525-open-5.15.0-1030-oracle linux-modules-nvidia-525-open-5.15.0-1032-oracle linux-modules-nvidia-525-open-5.15.0-1033-oracle linux-modules-nvidia-525-open-5.15.0-1034-oracle linux-modules-nvidia-525-open-5.15.0-1035-oracle linux-modules-nvidia-525-open-5.15.0-1036-oracle linux-modules-nvidia-525-open-5.15.0-1037-oracle linux-modules-nvidia-525-open-5.15.0-1038-oracle linux-modules-nvidia-525-open-5.15.0-1039-oracle linux-modules-nvidia-525-open-5.15.0-1040-oracle linux-modules-nvidia-525-open-5.15.0-1041-oracle (... see all)

  linux-restricted-signatures-oracle (5.15.0-1097.103) jammy; urgency=medium

  * Main version: 5.15.0-1097.103

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/tracking-bug -- resync from main package

 -- Austin Rhodes <email address hidden> Thu, 29 Jan 2026 16:46:55 -0500
1786013 Packaging resync

linux-restricted-modules-oracle Feb 16th 18:08
Release: jammy Repo: restricted Level: security New version: 5.15.0-1097.103
Packages in group:  linux-modules-nvidia-390-5.15.0-1003-oracle linux-modules-nvidia-390-5.15.0-1006-oracle linux-modules-nvidia-390-5.15.0-1009-oracle linux-modules-nvidia-390-5.15.0-1011-oracle linux-modules-nvidia-390-5.15.0-1013-oracle linux-modules-nvidia-390-5.15.0-1016-oracle linux-modules-nvidia-390-5.15.0-1017-oracle linux-modules-nvidia-390-5.15.0-1018-oracle linux-modules-nvidia-390-5.15.0-1019-oracle linux-modules-nvidia-390-5.15.0-1021-oracle linux-modules-nvidia-390-5.15.0-1022-oracle (... see all)

  linux-restricted-modules-oracle (5.15.0-1097.103) jammy; urgency=medium

  * Main version: 5.15.0-1097.103

  * Packaging resync (LP: #1786013)
    - [Packaging] debian/tracking-bug -- resync from main package

 -- Austin Rhodes <email address hidden> Thu, 29 Jan 2026 16:46:55 -0500
1786013 Packaging resync

alsa-lib Feb 16th 18:08
Release: jammy Repo: main Level: updates New version: 1.2.6.1-1ubuntu1.1
Packages in group:  libasound2 libasound2-data libasound2-dev libasound2-doc libatopology2 libatopology-dev

  alsa-lib (1.2.6.1-1ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: heap overflow in topology mixer control decoder
    - debian/patches/CVE-2026-25068.patch: add boundary check for channel
      mixer count in src/topology/ctl.c.
    - CVE-2026-25068

 -- Marc Deslauriers <email address hidden> Fri, 30 Jan 2026 08:11:38 -0500
CVE-2026-25068 alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control dec

gnutls28 Feb 16th 18:08
Release: jammy Repo: main Level: updates New version: 3.7.3-4ubuntu1.8
Packages in group:  gnutls-doc libgnutls28-dev libgnutls30 libgnutls-dane0 libgnutls-openssl27 libgnutlsxx28

  gnutls28 (3.7.3-4ubuntu1.8) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via malicious certificates
    - debian/patches/CVE-2025-14831-*.patch: rework processing algorithms
      to exhibit better performance characteristics in
      lib/x509/name_constraints.c, tests/name-constraints-ip.c.
    - CVE-2025-14831
  * SECURITY UPDATE: stack overflow via long token label
    - debian/patches/CVE-2025-9820.patch: avoid stack overwrite when
      initializing a token in lib/pkcs11_write.c, tests/Makefile.am,
      tests/pkcs11/long-label.c.
    - CVE-2025-9820

 -- Marc Deslauriers <email address hidden> Tue, 10 Feb 2026 12:28:21 -0500
CVE-2025-14831 A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via
CVE-2025-9820 A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a tok

linux-nvidia-tegra-igx-modules-signed Feb 16th 18:08
Release: jammy Repo: main Level: security New version: 5.15.0-1041.41+1
Packages in group:  linux-nvidia-tegra-igx-rt-tegra-igpu-jetson-defaults linux-nvidia-tegra-igx-rt-tegra-igpu-lws-defaults linux-nvidia-tegra-igx-rt-tegra-igpu-r36.3.1-defaults linux-nvidia-tegra-igx-rt-tegra-igpu-r36.4.1-defaults linux-nvidia-tegra-igx-tegra-igpu-igx-defaults linux-nvidia-tegra-igx-tegra-igpu-jetson-defaults linux-nvidia-tegra-igx-tegra-igpu-lws-defaults linux-nvidia-tegra-igx-tegra-igpu-r36.3.1-defaults linux-nvidia-tegra-igx-tegra-igpu-r36.4.1-defaults linux-nvidia-tegra-igx-tegra-oot-jetson-defaults linux-nvidia-tegra-igx-tegra-oot-jetson-uc-defaults (... see all)

  linux-nvidia-tegra-igx-modules-signed (5.15.0-1041.41+1) jammy; urgency=medium

  * Main version: 5.15.0-1041.41


About   -   Send Feedback to @ubuntu_updates