Tuxcare Errata System 0.0.1 5.10 2026-04-16T18:10:07 Ubuntu 18.04 LTS * SECURITY UPDATE: Samba AD DC using Heimdal can be forced to issue rc4-hmac encrypted Kerberos tickets - debian/patches/CVE-2022-45141.patch: fix TGS ticket enc-part key selection and check-des - CVE-2022-45141 Critical TuxCare License Agreement CVE-2022-45141 Ubuntu 18.04 LTS * SECURITY UPDATE: Apache Tomcat request smuggling - debian/patches/CVE-2022-42252.patch: Requests with invalid content-length should always be rejected. - CVE-2022-42252 * SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution - debian/patches/CVE-2020-1938.patch: Add new AJP attribute allowedRequestAttributesPattern. Rename requiredSecret to secret and add secretRequired. Change the default bind address for AJP to the loopback address. - CVE-2020-1938 Critical TuxCare License Agreement CVE-2020-1938 CVE-2022-42252 Ubuntu 18.04 LTS * SECURITY UPDATE: Apache Tomcat request smuggling - debian/patches/CVE-2022-42252.patch: Requests with invalid content-length should always be rejected. - CVE-2022-42252 * SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution - debian/patches/CVE-2020-1938.patch: Add new AJP attribute allowedRequestAttributesPattern. Rename requiredSecret to secret and add secretRequired. Change the default bind address for AJP to the loopback address. - CVE-2020-1938 Critical TuxCare License Agreement CVE-2020-1938 CVE-2022-42252 Ubuntu 18.04 LTS * SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: start stripping C0 control and space chars in `urlsplit` - CVE-2023-24329 Important TuxCare License Agreement CVE-2023-24329 Ubuntu 18.04 LTS * SECURITY UPDATE: urllib.parse space handling CVE-2023-24329 appears unfixed - debian/patches/CVE-2023-24329-2.patch: start stripping C0 control and space chars in `urlsplit` - CVE-2023-24329 Important TuxCare License Agreement CVE-2023-24329 Ubuntu 18.04 LTS * SECURITY UPDATE: a possible overflow because of an incomplete fix of CVE-2022-39377 - debian/patches/CVE-2023-33204.patch: check an overflow and exit if it be - CVE-2023-33204 Important TuxCare License Agreement CVE-2023-33204 Ubuntu 18.04 LTS * SECURITY UPDATE: Apache Tomcat h2c request mix-up - debian/patches/CVE-2021-25122.patch: Simplify the code and fix an edge case for BZ 64830 - CVE-2021-25122 * SECURITY UPDATE: Denial of Service for NIO+OpenSSL or NIO2+OpenSSL TLS configurations - debian/patches/CVE-2021-41079.patch: Improve robustness - CVE-2021-41079 Important TuxCare License Agreement CVE-2021-25122 CVE-2021-41079 Ubuntu 18.04 LTS * SECURITY UPDATE: Response injection (buffering) during MTA SMTP sending - debian/patches/CVE-2021-38371.patch: Enforce STARTTLS sync point, client side in src/transports/smtp.c - CVE-2021-38371 Important TuxCare License Agreement CVE-2021-38371 Ubuntu 18.04 LTS * SECURITY UPDATE: some applets are vulnerable to escape sequence injection when used from an VT compatible terminal - debian/patches/CVE-2022-28391.patch: sockaddr2str: ensure only printable characters are returned for the hostname part - CVE-2022-28391 * Fix cpio.tests - debian/patches/fix-cpio-tests.patch: set a correct owner Important TuxCare License Agreement CVE-2022-28391 Ubuntu 18.04 LTS * SECURITY UPDATE: More POST-after-PUT confusion - debian/patches/CVE-2023-28322.patch: fix mess in upload/method handling - CVE-2023-28322 * SECURITY UPDATE: incorrect IDN wildcard match - debian/patches/CVE-2023-28321.patch: fix erroneous logic in wildcard handling, drop support for wildcards in the middle of domain name - CVE-2023-28321 Moderate TuxCare License Agreement CVE-2023-28321 CVE-2023-28322 Ubuntu 18.04 LTS * SECURITY UPDATE: cache size limit exceeding may cause Denial of Service - debian/patches/CVE-2023-2828.patch: when reaching a limit, free as much space as new header requires. - CVE-2023-2828 Important TuxCare License Agreement CVE-2023-2828 Ubuntu 18.04 LTS * SECURITY UPDATE: heap-buffer-overflow - debian/patches/CVE-2021-45078.patch: fix out-of-bounds write in stab_xcoff_builtin_type (bz: #28694) - CVE-2021-45078 Important TuxCare License Agreement CVE-2021-45078 Ubuntu 18.04 LTS * SECURITY UPDATE: String hashing algorithm collisions - debian/patches/0021-CVE-2021-33582-pre.patch: gracefully handle lookup on zero-sized tables - debian/patches/0022-CVE-2021-33582.patch: replace ad-hoc algorithm with seeded djb2 and use it when hashing - CVE-2021-33582 * Enable the internal cunit tests * CUnit tests: - debian/patches/0023-Add-unit-tests-for-strhash.patch: add unit tests for strhash and hash quality - debian/patches/0024-Skip-several-failed-tests.patch: skip several failed tests Important TuxCare License Agreement CVE-2021-33582 Ubuntu 18.04 LTS * SECURITY UPDATE: Integer overflow in _libcap_strdup() - debian/patches/CVE-2023-2603.patch: enhance libcap's internal strdup code to limit the processing of long strings - CVE-2023-2603 Important TuxCare License Agreement CVE-2023-2603 Ubuntu 18.04 LTS * SECURITY UPDATE: null pointer dereference in ber_memalloc_x() - debian/patches/CVE-2023-2953.patch: added check for strdup failure in ldif_open_url, ldap_url_parsehosts. - CVE-2023-2953 Important TuxCare License Agreement CVE-2023-2953 Ubuntu 18.04 LTS * SECURITY UPDATE: Allows privilege escalation - debian/patches/CVE-2021-41617.patch: Added correct user group initialization. - CVE-2021-41617 Important TuxCare License Agreement CVE-2021-41617 Ubuntu 18.04 LTS * SECURITY UPDATE: privilege escalation via symlinks - debian/patches/CVE-2021-23240.patch: fix opportunity for local unprivileged user to gain file ownership via symlinks. - CVE-2021-23240 Important TuxCare License Agreement CVE-2021-23240 Ubuntu 18.04 LTS * SECURITY UPDATE: local privilege escalation for some Sudo configurations - debian/patches/CVE-2023-26604.patch: set LESSSECURE to 1 - CVE-2023-26604 * test issue: udev-test.pl is stopped by a timeout in a virtual environment - debian/patches/fix-udev-test.patch: skip this test in some cases Important TuxCare License Agreement CVE-2023-26604 Ubuntu 18.04 LTS * SECURITY UPDATE: Out of bounds read due to a lack of return value checks - debian/patches/CVE-2021-40812.patch: Added return value checks following calls to gdPutBuf in src/gd_webp.c and src/gd_bmp.c - CVE-2021-40812 Moderate TuxCare License Agreement CVE-2021-40812 Ubuntu 18.04 LTS * SECURITY UPDATE: EncryptInterceptor only provides partial protection on untrusted network - debian/patches/CVE-2022-29885.patch: Update the documentation to state that the EncryptInterceptor does not provide sufficient protection to run Tomcat clustering over an untrusted network. - CVE-2022-29885 Important TuxCare License Agreement CVE-2022-29885 Ubuntu 18.04 LTS * SECURITY UPDATE: EncryptInterceptor only provides partial protection on untrusted network - debian/patches/CVE-2022-29885.patch: Update the documentation to state that the EncryptInterceptor does not provide sufficient protection to run Tomcat clustering over an untrusted network. - CVE-2022-29885 Important TuxCare License Agreement CVE-2022-29885 Ubuntu 18.04 LTS * SECURITY UPDATE: use after free - debian/patches/CVE-2023-34241.patch: call httpClose() after logging. - CVE-2023-34241 * Fix test/run-stp-tests.sh - debian/patches/waiting-limit.patch: limit the waiting for a server dunring tests. Important TuxCare License Agreement CVE-2023-34241 Ubuntu 18.04 LTS * SECURITY UPDATE: undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546) - debian/patches/CVE-2023-34151.patch: properly cast double to size_t - CVE-2022-37452 Moderate TuxCare License Agreement CVE-2023-34151 Ubuntu 18.04 LTS * SECURITY UPDATE: Redirection vulnerability in http.server - debian/patches/CVE-2021-28861.patch: Fix an open redirection vulnerability in the `http.server` module when an URI path starts with `//` - debian/patches/expat-regression.patch: some tests were fixed - CVE-2021-28861 Important TuxCare License Agreement CVE-2021-28861 Ubuntu 18.04 LTS * SECURITY UPDATE: insecure default TLS configuration in HTTP::Tiny module - debian/patches/CVE-2023-31486.patch: add verify_SSL=>1 to HTTP::Tiny default configuration - CVE-2023-31486 Important TuxCare License Agreement CVE-2023-31486 Ubuntu 18.04 LTS * SECURITY UPDATE: use after free in Samba AD DC RPC server - debian/patches/CVE-2021-3738-pre.patch: prepare service routines before fixing CVE-2021-3738 - debian/patches/CVE-2021-3738.patch: avoids a crash caused by use-after-free in Samba AD DC RPC server - CVE-2021-3738.patch * SECURITY UPDATE: integer overflow in PAC parsing - debian/patches/CVE-2022-42898.patch: catch overflows that result from adding PAC_INFO_BUFFER_SIZE - CVE-2022-42898 Important TuxCare License Agreement CVE-2021-3738 CVE-2022-42898 Ubuntu 18.04 LTS * SECURITY UPDATE: Attacker bypasses redirection using unauthorized CA-signed certificate. - debian/patches/CVE-2021-20230.patch: Patch enhancing certificate verification process to prevent unauthorized redirection with CA-signed certificates by refining session data checks. - CVE-2021-20230 * Fix tests: - debian/patches/renew-cert-script.patch: Add script that re-generate expired test certs. * Repacked orig source tarball with renewed certs. * Removed no longer required patch, that mute tests with expired certificates. Important TuxCare License Agreement CVE-2021-20230 Ubuntu 18.04 LTS * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-3737.patch: Fix http client infinite line reading (DoS) after a HTTP 100 continue in Lib/httplib.py, Lib/test/test_httplib.py. - CVE-2021-3737 * take building tests into account, fix failed tests - debian/patches/expat-regression.patch: fix failed expat tests - debain/patches/fix-test-sysconfig.patch: switch off some tests - debain/patches/fix-test-sysconfig2.patch: switch off some tests Important TuxCare License Agreement CVE-2021-3737 Ubuntu 18.04 LTS * SECURITY UPDATE: improper handling of tower_callback parameter in amazon.aws collection - debian/patches/CVE-2022-3697.patch: ec2_instance - validate options on tower_callback - CVE-2022-3697 * Enable unit testing. Important TuxCare License Agreement CVE-2022-3697 Ubuntu 18.04 LTS * SECURITY UPDATE: Remote Code Execution via session persistence - debian/patches/CVE-2020-9484.patch: Improve validation of storage location when using FileStore. - CVE-2020-9484 * SECURITY UPDATE: Fix for CVE-2020-9484 was incomplete - debian/patches/CVE-2021-25329-pre1.patch: Fix some edge cases where the docBase was not being set using a canonical path which in turn meant resource URLs were not being constructed as expected. - debian/patches/CVE-2021-25329.patch: Use java.nio.file.Path for consistent sub-directory checking. - CVE-2021-25329 * SECURITY UPDATE: Local Privilege Escalation - debian/patches/CVE-2022-23181.patch: Make calculation of session storage location more robust. - CVE-2022-23181 * Update the expired test certificates: - debian/test_certs/*.pem|*.jks: Take the last test certificates from the upstream branch 8.5.x. - debian/source/include-binaries: Specifying the binary *.jks files to prevent build failures. - debian/rules: Before the testing stage, the old certificates in the source code are replaced with the new ones from debian/test_certs. Important TuxCare License Agreement CVE-2021-25329 CVE-2020-9484 CVE-2022-23181 Ubuntu 18.04 LTS * SECURITY UPDATE: helper programs can dlopen()/dlclose() any libraries from /usr/lib - debian/patches/CVE-2023-38408-Ensure-FIDO-PKCS11-libraries-contain-expect.patch: checks libraries before dlopen - debian/patches/CVE-2023-38408-Separate-ssh-pkcs11-helpers-for-each-p11-mo.patch: separate ssh-pkcs11-helpers for each p11 module - CVE-2023-38408 Critical TuxCare License Agreement CVE-2023-38408 Ubuntu 18.04 LTS * SECURITY UPDATE: infinite loop vulnerability in mdssvc RPC service for Spotlight - debian/patches/CVE-2023-34966.patch: prevents an infinite loop by preventing subcount less than 1. Add test for addressed CVE. - CVE-2023-34966 Important TuxCare License Agreement CVE-2023-34966 Ubuntu 18.04 LTS * New microcode update packages from AMD upstream up to 2023-07-19: + New Microcodes for 17h family: sig 0x00800f82, sig 0x00830f10; + New Microcodes for 19h family: sig 0x00a00f10, sig 0x00a00f11, sig 0x00a00f12; + Updated microcodes of 17h family: sig 0x00800f12, sig 0x00800f82; * SECURITY UPDATE: ZenBleed issue for some CPUs: - CPUs firmware updated up to 2023-07-19 - CVE-2023-20593 Moderate TuxCare License Agreement CVE-2023-20593 Ubuntu 18.04 LTS * SECURITY UPDATE: privilege escalation through runtar SUID program - debian/patches/CVE-2023-30577.patch: introduce tar option allow list * Fix changelog installation - CVE-2023-30577 Important TuxCare License Agreement CVE-2023-30577 Ubuntu 18.04 LTS * SECURITY UPDATE: external entity loading in XML without enabling it - debian/patches/CVE-2023-3823.patch: sanitize libxml2 globals before parsing. - CVE-2023-3823 * SECURITY UPDATE: buffer mismanagement in phar_dir_read() - debian/patches/php-upstream-CVE-2023-3824.patch: fix buffer mismanagement in phar_dir_read() - CVE-2023-3824 Critical TuxCare License Agreement CVE-2023-3824 CVE-2023-3823 Ubuntu 18.04 LTS * SECURITY UPDATE: New microcode data file 2023-08-08 - Updated microcodes: sig 0x00050653, pf_mask 0x97, 2023-03-23, rev 0x1000181, size 36864 sig 0x00050654, pf_mask 0xb7, 2023-03-06, rev 0x2007006, size 44032 sig 0x00050656, pf_mask 0xbf, 2023-03-17, rev 0x4003604, size 38912 sig 0x00050657, pf_mask 0xbf, 2023-03-17, rev 0x5003604, size 38912 sig 0x0005065b, pf_mask 0xbf, 2023-03-21, rev 0x7002703, size 30720 sig 0x000606a6, pf_mask 0x87, 2023-03-30, rev 0xd0003a5, size 297984 sig 0x000706e5, pf_mask 0x80, 2023-02-26, rev 0x00bc, size 113664 sig 0x000806c1, pf_mask 0x80, 2023-02-27, rev 0x00ac, size 111616 sig 0x000806c2, pf_mask 0xc2, 2023-02-27, rev 0x002c, size 98304 sig 0x000806d1, pf_mask 0xc2, 2023-02-27, rev 0x0046, size 103424 sig 0x000806e9, pf_mask 0x10, 2023-02-23, rev 0x00f4, size 105472 sig 0x000806e9, pf_mask 0xc0, 2023-02-22, rev 0x00f4, size 106496 sig 0x000806ea, pf_mask 0xc0, 2023-02-23, rev 0x00f4, size 105472 sig 0x000806eb, pf_mask 0xd0, 2023-02-23, rev 0x00f4, size 106496 sig 0x000806ec, pf_mask 0x94, 2023-02-26, rev 0x00f8, size 106496 sig 0x000806f4, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184 sig 0x000806f4, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416 sig 0x000806f5, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184 sig 0x000806f5, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416 sig 0x000806f6, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184 sig 0x000806f6, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416 sig 0x000806f7, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416 sig 0x000806f8, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184 sig 0x000806f8, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416 sig 0x00090672, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160 sig 0x00090675, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160 sig 0x000906a3, pf_mask 0x80, 2023-04-18, rev 0x042c, size 219136 sig 0x000906a4, pf_mask 0x80, 2023-04-18, rev 0x042c, size 219136 sig 0x000906e9, pf_mask 0x2a, 2023-02-23, rev 0x00f4, size 108544 sig 0x000906ea, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 104448 sig 0x000906eb, pf_mask 0x02, 2023-02-23, rev 0x00f4, size 106496 sig 0x000906ec, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 105472 sig 0x000906ed, pf_mask 0x22, 2023-02-27, rev 0x00fa, size 106496 sig 0x000a0652, pf_mask 0x20, 2023-02-23, rev 0x00f8, size 97280 sig 0x000a0653, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280 sig 0x000a0655, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280 sig 0x000a0660, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 97280 sig 0x000a0661, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 96256 sig 0x000a0671, pf_mask 0x02, 2023-02-26, rev 0x0059, size 104448 sig 0x000b0671, pf_mask 0x32, 2023-06-06, rev 0x0119, size 210944 sig 0x000b06a2, pf_mask 0xe0, 2023-06-06, rev 0x4119, size 216064 sig 0x000b06a3, pf_mask 0xe0, 2023-06-06, rev 0x4119, size 216064 sig 0x000b06e0, pf_mask 0x11, 2023-04-12, rev 0x0011, size 136192 sig 0x000b06f2, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160 sig 0x000b06f5, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160 - CVE-2022-40982, INTEL-SA-00828 - CVE-2023-23908, INTEL-SA-00836 - CVE-2022-41804, INTEL-SA-00837 * source: update symlinks to reflect id of the latest release, 20230808 Moderate TuxCare License Agreement CVE-2023-23908 CVE-2022-41804 CVE-2022-40982 Ubuntu 18.04 LTS * SECURITY UPDATE: Checking excessively long DH keys or parameters may be very slow. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. - debian/patches/CVE-2023-3817.patch: Add a prior check and process only a correct DH keys - CVE-2023-3817 Moderate TuxCare License Agreement CVE-2023-3817 Ubuntu 18.04 LTS * Jammy update: v5.15.75 upstream stable release (LP: #1996825) // CVE-url: https://ubuntu.com/security/CVE-2022-1184 - ext4: fix check for block being out of directory size * Jammy update: v5.15.61 upstream stable release (LP: #1990162) // CVE-url: https://ubuntu.com/security/CVE-2022-1184 - ext4: check if directory block is within i_size * Jammy update: v5.15.68 upstream stable release (LP: #1993003) // CVE-url: https://ubuntu.com/security/CVE-2022-3303 - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC * CVE-2023-1670 // CVE-url: https://ubuntu.com/security/CVE-2023-1670 - xirc2ps_cs: Fix use after free bug in xirc2ps_detach * CVE-url: https://ubuntu.com/security/CVE-2023-1989 - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition * Jammy update: v5.15.104 upstream stable release (LP: #2023225) // CVE-url: https://ubuntu.com/security/CVE-2023-1990 - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition * CVE-url: https://ubuntu.com/security/CVE-2023-2007 - scsi: dpt_i2o: Remove obsolete driver * CVE-2023-2124 // CVE-url: https://ubuntu.com/security/CVE-2023-2124 - xfs: verify buffer contents when we skip log replay * CVE-url: https://ubuntu.com/security/CVE-2023-23000 - phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function * CVE-url: https://ubuntu.com/security/CVE-2023-28466 - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() * CVE-url: https://ubuntu.com/security/CVE-2023-3090 - ipvlan:Fix out-of-bounds caused by unclear skb->cb * Jammy update: v5.15.63 upstream stable release (LP: #1990564) // CVE-url: https://ubuntu.com/security/CVE-2023-3111 - btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() * CVE-url: https://ubuntu.com/security/CVE-2023-3111 - btrfs: check return value of btrfs_commit_transaction in relocation * CVE-url: https://ubuntu.com/security/CVE-2023-3141 - memstick: r592: Fix UAF bug in r592_remove due to race condition * CVE-url: https://ubuntu.com/security/CVE-2023-3212 - gfs2: Don't deref jdesc in evict * CVE-url: https://ubuntu.com/security/CVE-2023-3268 - kernel/relay.c: fix read_pos error when multiple readers - relayfs: fix out-of-bounds access in relay_file_read * CVE-url: https://ubuntu.com/security/CVE-2023-3390 - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE * CVE-url: https://ubuntu.com/security/CVE-2023-35823 - media: saa7134: fix use after free bug in saa7134_finidev due to race condition * CVE-url: https://ubuntu.com/security/CVE-2023-35824 - media: dm1105: Fix use after free bug in dm1105_remove due to race condition * Miscellaneous Ubuntu changes - [Config] updateconfigs for SCSI_DPT_I2O * Miscellaneous upstream changes - fixup! UBUNTU: [Packaging]: add tuxcare suffix Important TuxCare License Agreement CVE-2022-3303 CVE-2023-1990 CVE-2023-1989 CVE-2023-23000 CVE-2023-2007 CVE-2023-3141 CVE-2023-3268 CVE-2023-3212 CVE-2023-1670 CVE-2023-35823 CVE-2023-3390 CVE-2023-35824 CVE-2023-3111 CVE-2023-28466 CVE-2022-1184 CVE-2023-2124 CVE-2023-3090 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2023-4128 - net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after- free - net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after- free - net/sched: cls_route: No longer copy tcf_result on update to avoid use- after-free * CVE-url: https://ubuntu.com/security/CVE-2023-40283 - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb * CVE-2023-20593 // CVE-url: https://ubuntu.com/security/CVE-2023-20593 - x86/cpu/amd: Move the errata checking functionality up - x86/cpu/amd: Add a Zenbleed fix * CVE-2023-1859 // CVE-url: https://ubuntu.com/security/CVE-2023-1859 - 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition * CVE-url: https://ubuntu.com/security/CVE-2023-35001 - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval * Jammy update: v5.15.106 upstream stable release (LP: #2023233) // CVE-url: https://ubuntu.com/security/CVE-2023-1611 - btrfs: fix race between quota disable and quota assign ioctls * CVE-2023-3611 // CVE-url: https://ubuntu.com/security/CVE-2023-3611 - net/sched: sch_qfq: account for stab overhead in qfq_enqueue * CVE-2023-3776 // CVE-url: https://ubuntu.com/security/CVE-2023-3776 - net/sched: cls_fw: Fix improper refcount update leads to use-after-free Important TuxCare License Agreement CVE-2023-1859 CVE-2023-20593 CVE-2023-1611 CVE-2023-35001 CVE-2023-3776 CVE-2023-4128 CVE-2023-3611 CVE-2023-40283 Ubuntu 18.04 LTS * Jammy update: v5.15.86 upstream stable release (LP: #2005113) // CVE-url: https://ubuntu.com/security/CVE-2022-3606 - libbpf: Fix null-pointer dereference in find_prog_by_sec_insn() * Jammy update: v5.15.87 upstream stable release (LP: #2007441) // CVE-url: https://ubuntu.com/security/CVE-2023-23454 - net: sched: cbq: dont intepret cls results when asked to drop * Jammy update: v5.15.76 upstream stable release (LP: #1997113) // CVE-url: https://ubuntu.com/security/CVE-2023-0590 - net: sched: fix race condition in qdisc_graft() * Jammy update: v5.15.104 upstream stable release (LP: #2023225) // CVE-url: https://ubuntu.com/security/CVE-2023-1855 - hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition * Jammy update: v5.15.91 upstream stable release (LP: #2011467) // CVE-url: https://ubuntu.com/security/CVE-2022-4129 - l2tp: Serialize access to sk_user_data with sk_callback_lock * Jammy update: v5.15.105 upstream stable release (LP: #2023230) // CVE-url: https://ubuntu.com/security/CVE-2023-30772 - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition * Jammy update: v5.15.105 upstream stable release (LP: #2023230) // CVE-url: https://ubuntu.com/security/CVE-2023-2194 - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() * Jammy update: v5.15.105 upstream stable release (LP: #2023230) // CVE-url: https://ubuntu.com/security/CVE-2023-33203 - net: qcom/emac: Fix use after free bug in emac_remove due to race condition * CVE-2023-31084 // CVE-2023-31084 was assigned to this bug. // CVE-url: https://ubuntu.com/security/CVE-2023-31084 - media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() * Jammy update: v5.15.99 upstream stable release (LP: #2018438) // CVE-url: https://ubuntu.com/security/CVE-2023-2985 - fs: hfsplus: fix UAF issue in hfsplus_put_super * Jammy update: v5.15.111 upstream stable release (LP: #2025095) // CVE-url: https://ubuntu.com/security/CVE-2023-2269 - dm ioctl: fix nested locking in table_clear() to remove deadlock concern Moderate TuxCare License Agreement CVE-2023-0590 CVE-2022-4129 CVE-2023-23454 CVE-2023-2985 CVE-2022-3606 CVE-2023-1855 CVE-2023-2194 CVE-2023-2269 CVE-2023-30772 CVE-2023-31084 CVE-2023-33203 Ubuntu 18.04 LTS * SECURITY UPDATE: unlikely stack overflow vulnerability - debian/patches/CVE-2022-48174.patch: break if a number string containing invalid characters - CVE-2022-48174 Critical TuxCare License Agreement CVE-2022-48174 Ubuntu 18.04 LTS * New microcode update packages from AMD upstream up to 2023-08-08: + New Microcodes for 19h family: sig 0x00a10f11, sig 0x00a10f12, sig 0x00aa0f01, sig 0x00aa0f02; * SECURITY UPDATE: A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result to potential information disclosure. - CPUs firmware updated up to 2023-08-08 - CVE-2023-20569 - CVE-2023-20593 Important TuxCare License Agreement CVE-2023-20593 CVE-2023-20569 Ubuntu 18.04 LTS * SECURITY UPDATE: segmentation fault in objdump.c compare_symbols - debian/patches/CVE-2022-47695.patch: test symbol flags to exclude section and synthetic symbols before attempting to check flavour - CVE-2022-47695 Important TuxCare License Agreement CVE-2021-46174 CVE-2022-44840 CVE-2022-47695 Ubuntu 18.04 LTS * CVE-2022-40433: Segmentation fault in ciMethodBlocks::make_block_at(int) Important TuxCare License Agreement CVE-2022-40433 Ubuntu 18.04 LTS * SECURITY UPDATE: XML vulnerabilities in plist files - debian/patches/CVE-2022-48565.patch: Reject XML entity declarations in plist files - CVE-2022-48565 Critical TuxCare License Agreement CVE-2022-48565 Ubuntu 18.04 LTS * SECURITY UPDATE: DoS in case of malicious entity directives - debian/patches/CVE-2022-48565.patch: Reject XML entity declarations in plist files - CVE-2022-48565 Critical TuxCare License Agreement CVE-2022-48565 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2023-4622 - af_unix: Fix null-ptr-deref in unix_stream_sendpage(). * Jammy update: v5.15.105 upstream stable release (LP: #2023230) // CVE-url: https://ubuntu.com/security/CVE-2022-4269 - net/sched: act_mirred: better wording on protection against excessive stack growth - act_mirred: use the backlog for nested calls to mirred ingress * CVE-url: https://ubuntu.com/security/CVE-2022-4269 - net/sched: user-space can't set unknown tcfa_action values - net/tc: introduce TC_ACT_REINSERT. - act_mirred: use TC_ACT_REINSERT when possible - net: sched: act_mirred method rename for grep-ability and consistency - net: sched: protect against stack overflow in TC act_mirred - net/sched: act_mirred: refactor the handle of xmit - selftests: forwarding: Introduce tc actions tests * Jammy update: v5.15.94 upstream stable release (LP: #2012673) // CVE-url: https://ubuntu.com/security/CVE-2022-27672 - x86/speculation: Identify processors vulnerable to SMT RSB predictions - KVM: x86: Mitigate the cross-thread return address predictions bug - Documentation/hw-vuln: Add documentation for Cross-Thread Return Predictions * CVE-url: https://ubuntu.com/security/CVE-2022-27672 - KVM: x86: drop bogus MWAIT check - KVM: x86: simplify kvm_mwait_in_guest() - KVM: X86: Provide a capability to disable MWAIT intercepts - KVM: X86: Provide a capability to disable HLT intercepts - KVM: VMX: Remove redundant write to set vCPU as active at RESET/INIT - KVM: X86: Provide a capability to disable PAUSE intercepts - x86/headers/UAPI: Move DISABLE_EXITS KVM capability bits to the UAPI - tools headers kvm: Sync uapi/linux/kvm.h with the kernel sources - KVM: X86: Provide a capability to disable cstate msr read intercepts * Jammy update: v5.15.110 upstream stable release (LP: #2025090) // CVE-url: https://ubuntu.com/security/CVE-2023-2002 - bluetooth: Perform careful capability checks in hci_sock_ioctl() * Jammy update: v5.15.80 upstream stable release (LP: #2003122) // CVE-url: https://ubuntu.com/security/CVE-2022-3169 - nvme: ensure subsystem reset is single threaded * CVE-url: https://ubuntu.com/security/CVE-2022-3169 - nvme: host delete_work and reset_work on separate workqueues - PCI/ASPM: Add pcie_aspm_enabled() - nvme-pci: Allow PCI bus-level PM to be used if ASPM is disabled - nvme: Prevent resets during paused controller state - nvme: Add quirk for LiteON CL1 devices running FW 22301111 - nvme: Wait for reset state when required * Jammy update: v5.15.81 upstream stable release (LP: #2003130) // CVE-url: https://ubuntu.com/security/CVE-2022-47519 - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute * CVE-2022-47520 // CVE-url: https://ubuntu.com/security/CVE-2022-47520 - wifi: wilc1000: validate pairwise and authentication suite offsets * CVE-url: https://ubuntu.com/security/CVE-2022-45919 - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 Important TuxCare License Agreement CVE-2022-47519 CVE-2022-3169 CVE-2022-47520 CVE-2022-45919 CVE-2023-4622 CVE-2023-2002 CVE-2022-27672 CVE-2022-4269 Ubuntu 18.04 LTS * SECURITY UPDATE: a heap buffer overflow triggered in display_debug_section() at binutils/readelf.c - debian/patches/CVE-2022-45703.patch: combine sanity checks, calculate element counts, not word counts, fix typo - CVE-2022-45703 Important TuxCare License Agreement CVE-2022-45703 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2023-42753 - netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c * CVE-2022-40982 // CVE-url: https://ubuntu.com/security/CVE-2022-40982 - init: Provide arch_cpu_finalize_init() - x86/cpu: Switch to arch_cpu_finalize_init() - init: Remove check_bugs() leftovers - x86/speculation: Add Gather Data Sampling mitigation - x86/speculation: Add force option to GDS mitigation - x86/speculation: Add Kconfig option for GDS - KVM: Add GDS_NO support to KVM * CVE-url: https://ubuntu.com/security/CVE-2022-40982 - vmlinux.lds.h: Create section for protection against instrumentation - x86/cpu: Move arch_smt_update() to a neutral place * CVE-2023-20588 // CVE-url: https://ubuntu.com/security/CVE-2023-20588 - x86/bugs: Increase the x86 bugs vector size to two u32s - x86/CPU/AMD: Do not leak quotient data after a division by 0 - x86/CPU/AMD: Fix the DIV(0) initial fix attempt * CVE-2023-3863 // CVE-url: https://ubuntu.com/security/CVE-2023-3863 - nfc: llcp: simplify llcp_sock_connect() error paths - net: nfc: Fix use-after-free caused by nfc_llcp_find_local * CVE-url: https://ubuntu.com/security/CVE-2023-3863 - nfc: Fix to check for kmemdup failure * CVE-url: https://ubuntu.com/security/CVE-2023-4921 - net: sched: sch_qfq: Fix UAF in qfq_dequeue() * Miscellaneous Ubuntu changes - [Config] CONFIG_GDS_FORCE_MITIGATION=n Important TuxCare License Agreement CVE-2023-42753 CVE-2022-40982 CVE-2023-20588 CVE-2023-4921 CVE-2023-3863 Ubuntu 18.04 LTS * SECURITY UPDATE: uninitialized-heap vulnerability in function tic4x_print_cond in file opcodes/tic4x-dis.c - debian/patches/CVE-2020-35342.patch: Init all of condtable - CVE-2020-35342 * SECURITY UPDATE: a memory consumption issue in get_data function in binutils/nm.c - debian/patches/CVE-2020-19724.patch: Free dyn_syms - CVE-2020-19724 * SECURITY UPDATE: a memory leak when process microblaze-dis.c - debian/patches/CVE-2020-21490.patch: Use strbuf rather than strdup of local temp - CVE-2020-21490 * SECURITY UPDATE: an issue relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service - debian/patches/CVE-2020-19726.patch: Fix parsing a corrupt PE format file - CVE-2020-19726 Important TuxCare License Agreement CVE-2020-19724 CVE-2020-35342 CVE-2020-19726 CVE-2020-21490 Ubuntu 18.04 LTS * SECURITY UPDATE: a memory leak that allows remote attackers to perform a denial of service via the "identify -help" command - debian/patches/CVE-2022-48541.patch: added missing calls to destroy methods - CVE-2022-48541 Important TuxCare License Agreement CVE-2022-48541 Ubuntu 18.04 LTS * SECURITY UPDATE: denial of service - debian/patches/CVE-2022-48571.patch: fix the crash when receiving multi-packet uploads in UDP - CVE-2022-48571 Important TuxCare License Agreement CVE-2022-48571 Ubuntu 18.04 LTS * SECURITY UPDATE: SQL injection when @extowner@, @extschema@, or @extschema:...@ appeared inside a quoting construct (dollar quoting, '', or "") - debian/patches/CVE-2023-39417: reject substituting extension schemas or owners matching ["$'\]. - CVE-2023-39417 -- Pavel Kopylov <pkopylov@cloudlinux.com> Fri, 15 Sep 2023 10:55:03 +0300 Important TuxCare License Agreement CVE-2023-39417 Ubuntu 18.04 LTS * SECURITY UPDATE: Multiple security issues - debian/patches/CVE-2023-42114.patch: fix possible OOB read in SPA authenticator - CVE-2023-42114 - debian/patches/CVE-2023-42116.patch: fix possible OOB write in SPA authenticator - CVE-2023-42116 Important TuxCare License Agreement CVE-2023-42114 CVE-2023-42116 Ubuntu 18.04 LTS * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2023-4863-pre.patch: prepare sources to be patched - debian/patches/CVE-2023-4863-1.patch: first, BuildHuffmanTable() is called to check if the data is valid. If it is and the table is not big enough, more memory is allocated. This will make sure that valid (but unoptimized because of unbalanced codes) streams are still decodable. - debian/patches/CVE-2023-4863-2.patch: fix memory error - debian/patches/CVE-2023-4863-3.patch: remove unused code - debian/patches/CVE-2023-4863-4.patch: fix pointer offset int overflow - CVE-2023-4836 Important TuxCare License Agreement CVE-2023-4863 Ubuntu 18.04 LTS * SECURITY UPDATE: A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly - debian/patches/CVE-2023-3341.patch: Named and rndc do not need a lot of recursion so the depth is set to 10. - CVE-2023-3341 Important TuxCare License Agreement CVE-2023-3341 Ubuntu 18.04 LTS * SECURITY UPDATE: Constant-time-defeating optimisations issue - debian/patches/CVE-2022-48566.patch: Make compare_digest more constant-time - CVE-2022-48566 Moderate TuxCare License Agreement CVE-2022-48566 Ubuntu 18.04 LTS * SECURITY UPDATE: Constant-time-defeating optimisations issue - debian/patches/CVE-2022-48566.patch: Make compare_digest more constant-time - CVE-2022-48566 Moderate TuxCare License Agreement CVE-2022-48566 Ubuntu 18.04 LTS * SECURITY UPDATE: сookie injection with none file - debian/patches/CVE-2023-38546.patch: remove unnecessary struct fields in lib/cookie.c - CVE-2023-38546 Moderate TuxCare License Agreement CVE-2023-38546 Ubuntu 18.04 LTS * SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2023-4504.patch: check for end of buffer if there is an escaped character - CVE-2023-4504 Important TuxCare License Agreement CVE-2023-4504 Ubuntu 18.04 LTS * SECURITY UPDATE: GVariant security issues - debian/patches/CVE-2023-29499-x-CVE-2023-32665/*.patch: fix multiple GVariant serialization issues - CVE-2023-29499, CVE-2023-32611, CVE-2023-32636, CVE-2023-32643, CVE-2023-32665 * debian/patches/fix-g_test_bug-assertion.patch: Fix g_test_bug assertion in gvariant test * debian/patches/skip-several-failed-tests.patch: Skip several failed tests * debian/patches/libglib2.0-0.symbols: Add new symbol Important TuxCare License Agreement CVE-2023-32636 CVE-2023-32643 CVE-2023-32611 CVE-2023-32665 CVE-2023-29499 Ubuntu 18.04 LTS * SECURITY UPDATE: The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: HTTP/2 - per-iteration stream handling limit. - CVE-2023-44487 Important TuxCare License Agreement CVE-2023-44487 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2023-42755 - net/sched: Retire rsvp classifier * CVE-url: https://ubuntu.com/security/CVE-2023-39194 - net: xfrm: Fix xfrm_address_filter OOB read * CVE-url: https://ubuntu.com/security/CVE-2023-39192 - netfilter: xt_u32: validate user space input * CVE-url: https://ubuntu.com/security/CVE-2023-39193 - netfilter: xt_sctp: validate the flag_info count * CVE-url: https://ubuntu.com/security/CVE-2023-42754 - ipv4: fix null-deref in ipv4_link_failure * CVE-url: https://ubuntu.com/security/CVE-2023-3338 - [Config] updateconfigs for DECNET * Jammy update: v5.15.118 upstream stable release (LP: #2030239) // CVE-url: https://ubuntu.com/security/CVE-2023-3338 - Remove DECnet support from kernel * CVE-2023-1206 // CVE-url: https://ubuntu.com/security/CVE-2023-1206 - tcp: Reduce chance of collisions in inet6_hashfn(). * CVE-url: https://ubuntu.com/security/CVE-2022-45886 - media: dvb-core: Fix use-after-free on race condition at dvb_frontend - media: dvb-core: Fix use-after-free due on race condition at dvb_net * Miscellaneous Ubuntu changes - [Config] updateconfigs for NET_CLS_RSVP Important TuxCare License Agreement CVE-2023-39192 CVE-2023-3338 CVE-2022-45886 CVE-2023-1206 CVE-2023-39194 CVE-2023-42754 CVE-2023-39193 CVE-2023-42755 Ubuntu 18.04 LTS * SECURITY UPDATE: bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation - debian/patches/CVE-2023-41360.patch: don't read the first byte of ORF header if we are ahead of stream. - CVE-2023-41360 * SECURITY UPDATE: bgpd/bgp_packet.c processes NLRIs if the attribute length is zero - debian/patches/CVE-2023-41358.patch: do not process NLRIs if the attribute length is zero - CVE-2023-41358 Critical TuxCare License Agreement CVE-2023-41360 CVE-2023-41358 Ubuntu 18.04 LTS - CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22044, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193. - Release notes: https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-July/024064.html Important TuxCare License Agreement CVE-2023-22049 CVE-2023-22006 CVE-2023-22045 CVE-2023-22041 CVE-2023-25193 CVE-2023-22036 CVE-2023-22044 Ubuntu 18.04 LTS * SECURITY UPDATE: Reject overflows of zip header fields in minizip - debian/patches/CVE-2023-45853.patch: Check length of comment, filename and extra field in zipOpenNewFileInZip4_64 - CVE-2023-45853 Critical TuxCare License Agreement CVE-2023-45853 Ubuntu 18.04 LTS * CVE-2023-0597 // CVE-url: https://ubuntu.com/security/CVE-2023-0597 - x86/kasan: Map shadow for percpu pages on demand - x86/mm: Recompute physical address for every page of per-CPU CEA mapping - x86/mm: Populate KASAN shadow for entire per-CPU range of CPU entry area - x86/mm: Do not shuffle CPU entry areas without KASLR * CVE-url: https://ubuntu.com/security/CVE-2023-0597 - random32: add noise from network and scheduling activity - x86/mm: Randomize per-cpu entry area - x86/cpu_entry_area: Move percpu_setup_debug_store() to __init section - x86/cpu_entry_area: Cleanup setup functions * CVE-2023-42752 // CVE-url: https://ubuntu.com/security/CVE-2023-42752 - igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU * CVE-2023-4623 // CVE-url: https://ubuntu.com/security/CVE-2023-4623 - net/sched: sch_hfsc: Ensure inner classes have fsc curve * CVE-2023-34319 // CVE-url: https://ubuntu.com/security/CVE-2023-34319 - xen/netback: Fix buffer overrun triggered by unusual packet * CVE-2023-4881 // CVE-url: https://ubuntu.com/security/CVE-2023-4881 - netfilter: nftables: exthdr: fix 4-byte stack OOB write * CVE-2023-31083 // CVE-url: https://ubuntu.com/security/CVE-2023-31083 - Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO * CVE-2023-3772 // CVE-url: https://ubuntu.com/security/CVE-2023-3772 - xfrm: add NULL check in xfrm_update_ae_params Important TuxCare License Agreement CVE-2023-42752 CVE-2023-4881 CVE-2023-4623 CVE-2023-3772 CVE-2023-34319 CVE-2023-31083 CVE-2023-0597 Ubuntu 18.04 LTS * SECURITY UPDATE: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: h2: don't accept new streams if conn_streams are still in excess - CVE-2023-44487 Important TuxCare License Agreement CVE-2023-44487 Ubuntu 18.04 LTS * SECURITY UPDATE: The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: Improvements to HTTP/2 overhead protection - CVE-2023-44487 Important TuxCare License Agreement CVE-2023-44487 Ubuntu 18.04 LTS * SECURITY UPDATE: The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly - debian/patches/CVE-2023-44487.patch: Improvements to HTTP/2 overhead protection - CVE-2023-44487 Important TuxCare License Agreement CVE-2023-44487 Ubuntu 18.04 LTS * SECURITY UPDATE: mod_macro buffer over-read - debian/patches/CVE-2023-31122.patch: use our own strncmp function in mod_macro - CVE-2023-31122 Important TuxCare License Agreement CVE-2023-31122 Ubuntu 18.04 LTS * SECURITY UPDATE: fix an attempt to allocate an unreasonably large amount of memory when parsing a corrupt ELF file - debian/patches/CVE-2022-48063.patch: Check for excessively large sections - CVE-2022-48063 Moderate TuxCare License Agreement CVE-2022-48063 Ubuntu 18.04 LTS * SECURITY UPDATE: reachable assertion failure in display_debug_names - debian/patches/CVE-2022-35205.patch: replace assert with a warning message - CVE-2022-35205 * SECURITY UPDATE: memory leak in stab_demangle_v3_arg - debian/patches/CVE-2022-47007.patch: free dt on failure path - CVE-2022-47007 * SECURITY UPDATE: memory leak in make_tempdir - debian/patches/CVE-2022-47008.patch: free template on all failure paths - CVE-2022-47008 * SECURITY UPDATE: memory leak in pr_function_type - debian/patches/CVE-2022-47010.patch: free "s" on failure path - CVE-2022-47010 * SECURITY UPDATE: memory leak in parse_stab_struct_fields - debian/patches/CVE-2022-47011.patch: free "fields" on failure path - CVE-2022-47011 Moderate TuxCare License Agreement CVE-2022-47010 CVE-2022-47007 CVE-2022-47011 CVE-2022-47008 CVE-2022-35205 Ubuntu 18.04 LTS * SECURITY UPDATE: dnsdb out-of-bounds read information disclosure - debian/patches/CVE-2023-42119.patch: harden dnsdb against crafted DNS responses - CVE-2023-42119 Low TuxCare License Agreement CVE-2023-42119 Ubuntu 18.04 LTS * SECURITY UPDATE: Arbitrary code execution vulnerability in ntpq/ntpdc - debian/patches/CVE-2018-12327.patch: fix stack buffer overflow in NTPQ/NTPDC. - CVE-2018-12327 Critical TuxCare License Agreement CVE-2018-12327 Ubuntu 18.04 LTS * SECURITY UPDATE: posible crash in heapq with custom comparison operators - debian/patches/CVE-2022-48560.patch: disallow releasing heap items during a comparison callback - CVE-2022-48560 Important TuxCare License Agreement CVE-2022-48560 Ubuntu 18.04 LTS * SECURITY UPDATE: possible weak randomness in nonce value - debian/patches/php-7.1-CVE-2023-3247.patch: Fix missing randomness check for SOAP HTTP Digest - CVE-2023-3247 Moderate TuxCare License Agreement CVE-2023-3247 Ubuntu 18.04 LTS * SECURITY UPDATE: An unauthenticated user may be able to access recently printed documents. The config file /etc/cups/cupsd.conf should be edited manually in case the cups has been already installed in the system: the <Limit Send-Document> and <Limit CUPS-Get-Document> sections should be changed according to the patch - debian/patches/CVE-2023-32360.patch: Require authentication for CUPS-Get-Document. - CVE-2023-32360 Moderate TuxCare License Agreement CVE-2023-32360 Ubuntu 18.04 LTS * SECURITY UPDATE: Remote code execution because of improper neutralization of special elements - debian/patches/CVE-2023-42117.patch: fix string_is_ip_address() - CVE-2023-42117 Important TuxCare License Agreement CVE-2023-42117 Ubuntu 18.04 LTS * SECURITY UPDATE: Remote authenticated user can trigger a kadmind crash - debian/patches/CVE-2023-36054.patch: ensure array count consistency in kadm5 RPC - CVE-2023-36054 Moderate TuxCare License Agreement CVE-2023-36054 Ubuntu 18.04 LTS * SECURITY UPDATE: Denial of Service in HTTP Digest Authentication - debian/patches/CVE-2023-46847.patch: fix stack buffer overflow when parsing Digest Authorization - CVE-2023-46847 Important TuxCare License Agreement CVE-2023-46847 Ubuntu 18.04 LTS * SECURITY UPDATE: Denial of service could be encountered if a DH key or DH parameters check experience long delays. - debian/patches/CVE-2023-3446.patch: Adds check to prevent the testing of an excessively large modulus in DH_check(). - CVE-2023-3446 Moderate TuxCare License Agreement CVE-2023-3446 Ubuntu 18.04 LTS * SECURITY UPDATE: open socket out of the dedicated directory - debian/patches/CVE-2023-3961.patch: prevents a traversal out the dedicated directory - CVE-2023-3961 Critical TuxCare License Agreement CVE-2023-3961 Ubuntu 18.04 LTS * CVE-2023-31085 // CVE-url: https://ubuntu.com/security/CVE-2023-31085 - ubi: Refuse attaching if mtd's erasesize is 0 * Jammy update: v5.15.121 upstream stable release (LP: #2032689) // CVE-url: https://ubuntu.com/security/CVE-2023-4132 - media: usb: siano: Fix warning due to null work_func_t function pointer * Jammy update: v5.15.99 upstream stable release (LP: #2018438) // CVE-url: https://ubuntu.com/security/CVE-2023-4132 - media: usb: siano: Fix use after free bugs caused by do_submit_urb * CVE-2023-5717 // CVE-url: https://ubuntu.com/security/CVE-2023-5717 - perf: Disallow mis-matched inherited group reads * CVE-url: https://ubuntu.com/security/CVE-2023-1838 - Fix double fget() in vhost_net_set_backend() * Jammy update: v5.15.99 upstream stable release (LP: #2018438) // CVE-url: https://ubuntu.com/security/CVE-2023-1077 - sched/rt: pick_next_rt_entity(): check list_entry * Jammy update: v5.15.99 upstream stable release (LP: #2018438) // CVE-url: https://ubuntu.com/security/CVE-2023-1076 - net: add sock_init_data_uid() - tun: tun_chr_open(): correctly initialize socket uid - tap: tap_open(): correctly initialize socket uid * CVE-url: https://ubuntu.com/security/CVE-2023-45863 - kobject: Fix slab-out-of-bounds in fill_kobj_path() * CVE-url: https://ubuntu.com/security/CVE-2023-45871 - igb: set max size RX buffer when store bad packet is enabled * Jammy update: v5.15.100 upstream stable release (LP: #2020387) // CVE-url: https://ubuntu.com/security/CVE-2023-45862 - USB: ene_usb6250: Allocate enough memory for full object * CVE-url: https://ubuntu.com/security/CVE-2023-39189 - netfilter: nfnetlink_osf: avoid OOB read Critical TuxCare License Agreement CVE-2023-45871 CVE-2023-45863 CVE-2023-39189 CVE-2023-31085 CVE-2023-1838 CVE-2023-45862 CVE-2023-1076 CVE-2023-1077 CVE-2023-4132 CVE-2023-5717 Ubuntu 18.04 LTS * SECURITY UPDATE: Ability to write almost unlimited amounts of unfiltered data into the process heap - debian/patches/CVE-2023-4016.patch: ps: fix possible buffer overflow in -C option. - CVE-2023-4016 Moderate TuxCare License Agreement CVE-2023-4016 Ubuntu 18.04 LTS * SECURITY UPDATE: potential DoS attack via CPU and RAM exhaustion - debian/patches/CVE-2022-48564.patch: Improve validation of Plist files that prevent DoS when processing malformed Apple Property List files in binary format - CVE-2022-48564 * SECURITY UPDATE: TLS handshake bypass - debian/patches/CVE-2023-40217.patch: Check for & avoid the ssl pre-close flaw. Update SSL tests - CVE-2023-40217 Moderate TuxCare License Agreement CVE-2022-48564 CVE-2023-40217 Ubuntu 18.04 LTS * SECURITY UPDATE: TLS handshake bypass - debian/patches/CVE-2023-40217.patch: Check for & avoid the ssl pre-close flaw. Update SSL tests - CVE-2023-40217 Moderate TuxCare License Agreement CVE-2023-40217 Ubuntu 18.04 LTS * SECURITY UPDATE: New microcode data file 2023-11-14 - Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008 sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816 sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664 sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616 sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304 sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448 sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184 sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416 sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160 sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760 sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160 sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448 sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944 sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064 sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064 sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192 sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208 - CVE-2023-23583, INTEL-SA-00950 * source: update symlinks to reflect id of the latest release, 20231114 Important TuxCare License Agreement CVE-2023-23583 Ubuntu 18.04 LTS * SECURITY UPDATE: Denial of Service attack against Squid’s Gopher gateway due to a NULL pointer dereference bug - debian/patches/CVE-2023-46728.patch: Remove support for Gopher protocol - CVE-2023-46728 Important TuxCare License Agreement CVE-2023-46728 Ubuntu 18.04 LTS * SECURITY UPDATE: Update to 5.7.44 to fix security issues - CVE-2023-22053, CVE-2023-22084, CVE-2023-22015, CVE-2023-22026, CVE-2023-22028 * debian/patches/off_root_tests.patch: disable mysqld_daemon and mysqld_safe tests under root due to known issues with these tests. Moderate TuxCare License Agreement CVE-2023-22026 CVE-2023-22015 CVE-2023-22028 CVE-2023-22084 CVE-2023-22053 Ubuntu 18.04 LTS * SECURITY UPDATE: Posible crash in heapq with custom comparison operators - debian/patches/CVE-2022-48560.patch: Disallow releasing heap items during a comparison callback - CVE-2022-48560 Important TuxCare License Agreement CVE-2022-48560 Ubuntu 18.04 LTS * SECURITY UPDATE: A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal - debian/patches/CVE-2022-3437-1.patch: third_party/heimdal: use constant-time memcmp() for arcfour unwrap - debian/patches/CVE-2022-3437-3.patch: third_party/heimdal: check buffer length against overflow for DES{,3} unwrap - debian/patches/CVE-2022-3437-4.patch: third_party/heimdal: don't pass NULL pointers to memcpy() in DES unwrap - debian/patches/CVE-2022-3437-5.patch: third_party/heimdal: use constant-time memcmp() in unwrap_des3() - debian/patches/CVE-2022-3437-7.patch: third_party/heimdal: pass correct length to _gssapi_verify_pad() - debian/patches/CVE-2022-3437-8.patch: third_party/heimdal: check the result of _gsskrb5_get_mech() - debian/patches/CVE-2022-3437-9.patch: third_party/heimdal: remove __func__ compatibility workaround - debian/patches/CVE-2022-3437-10.patch: third_party/heimdal: check for overflow in _gsskrb5_get_mech() - debian/patches/CVE-2022-3437-11.patch: third_party/heimdal: avoid undefined behaviour in _gssapi_verify_pad() - CVE-2022-3437 Moderate TuxCare License Agreement CVE-2022-3437 Ubuntu 18.04 LTS * SECURITY UPDATE: Buffer OverRead in RFC 1123 date/time - debian/patches/CVE-2023-49285.patch: Fix date parsing in RFC 1123 - CVE-2023-49285 * SECURITY UPDATE: Denial of Service attack against Helper process management - debian/patches/CVE-2023-49286.patch: Add exit without asserting when helper process startup fails - CVE-2023-49286 Important TuxCare License Agreement CVE-2023-49285 CVE-2023-49286 Ubuntu 18.04 LTS * SECURITY UPDATE: Buffer overrun from integer overflow in array modification - debian/patches/CVE-2023-5869.patch: detect integer overflow while computing new array dimensions. - CVE-2023-5869 -- Pavel Mayorov <pmayorov@cloudlinux.com> Thu, 21 Dec 2023 14:36:00 +0100 Important TuxCare License Agreement CVE-2023-5869 Ubuntu 18.04 LTS * SECURITY UPDATE: possible OS command injection - debian/patches/CVE-2023-51385.patch: ban user/hostnames with most shell metacharacters in command line - CVE-2023-51385 Critical TuxCare License Agreement CVE-2023-51385 Ubuntu 18.04 LTS * Backport upstream releases 8u392 to 18.04 LTS * CVEs fixed in 8u392: - CVE-2023-22067: IOR deserialization issue in CORBA - CVE-2023-22081: Certificate path validation issue * CVEs fixed in 8u382: - CVE-2023-22045: OpenJDK incorrectly handled array accesses. - CVE-2023-22049: OpenJDK incorrectly sanitized URIs strings. * Drop applied CVE-2022-40433.patch (changes are already in the sources) Moderate TuxCare License Agreement CVE-2023-22067 CVE-2023-22081 CVE-2023-22045 CVE-2023-22049 Ubuntu 18.04 LTS * SECURITY UPDATE: Accepting '#' as part of the URI component might allow remote attackers to obtain sensitive information or have unspecified other impact - debian/patches/CVE-2023-45539.patch: h1: do not accept '#' as part of the URI component; h2: reject more chars from the :path pseudo header - CVE-2023-45539 Important TuxCare License Agreement CVE-2023-45539 Ubuntu 18.04 LTS * SECURITY UPDATE: Request smuggling - debian/patches/CVE-2023-46589-pre1.patch: Correct a regression in the error page handling that prevented error pages from issuing redirects or taking other action that required the response status code to be changed - debian/patches/CVE-2023-46589-pre2.patch: Align processing of trailer headers with standard processing - debian/patches/CVE-2023-46589-pre3.patch: Differentiate request cancellation from a bad request - debian/patches/CVE-2023-46589-pre4.patch: Use application provided status code for error page if present - debian/patches/CVE-2023-46589.patch: Ensure IOException on request read always triggers error handling - CVE-2023-46589 * Internal tests: - debian/patches/0100-stop-testing-if-a-failure-occurs.patch: Stop testing if a failure occurs - debian/patches/0101-skipping-tests-incompatible-with-firewall.patch: Skipping tests incompatible with the firewall settings of the build system - debian/test_certs/user1.jks: Update the keystore file from the upstream branch 8.5.x Important TuxCare License Agreement CVE-2023-46589 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2023-7192 - netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() * CVE-url: https://ubuntu.com/security/CVE-2023-6610 - smb: client: fix potential OOB in smb2_dump_detail() * CVE-url: https://ubuntu.com/security/CVE-2023-6606 - smb: client: fix OOB in smbCalcSize() * CVE-url: https://ubuntu.com/security/CVE-2023-6546 - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux * CVE-url: https://ubuntu.com/security/CVE-2023-6932 - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet * CVE-url: https://ubuntu.com/security/CVE-2023-6931 - perf: Fix perf_event_validate_size() - perf: Fix perf_event_validate_size() lockdep splat * CVE-2023-4244 // CVE-url: https://ubuntu.com/security/CVE-2023-4244 - netfilter: nf_tables: don't skip expired elements during walk - netfilter: nf_tables: GC transaction API to avoid race with control plane - netfilter: nf_tables: adapt set backend to use GC transaction API - netfilter: nf_tables: remove busy mark and gc batch API - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path - netfilter: nf_tables: GC transaction race with netns dismantle - netfilter: nf_tables: GC transaction race with abort path - netfilter: nft_dynset: disallow object maps * CVE-url: https://ubuntu.com/security/CVE-2023-4244 - netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() - netfilter: nf_tables: use net_generic infra for transaction data - netfilter: nftables: add nft_pernet() helper function - netfilter: nftables: rename set element data activation/deactivation functions - netfilter: nf_tables: fix chain dependency validation - netfilter: nf_tables: place all set backends in one single module - netfilter: nf_tables: make sets built-in * Miscellaneous Ubuntu changes - [Config] updateconfigs for CONFIG_NFT_SET_RBTREE CONFIG_NFT_SET_HASH CONFIG_NFT_SET_BITMAP Important TuxCare License Agreement CVE-2023-6606 CVE-2023-6610 CVE-2023-6546 CVE-2023-7192 CVE-2023-6931 CVE-2023-6932 CVE-2023-4244 Ubuntu 18.04 LTS * SECURITY UPDATE: Denial of Service in HTTP Request parsing - debian/patches/CVE-2023-50269.patch: Limit the number of allowed X-Forwarded-For hops - CVE-2023-50269 Important TuxCare License Agreement CVE-2023-50269 Ubuntu 18.04 LTS * SECURITY UPDATE: Heap-based buffer overflow in sessionReadRecord function of make alltest Handler - debian/patches/CVE-2023-7104.patch: Fix buffer overread in sessions extension when processing corrupt changeset. - CVE-2023-7104 Important TuxCare License Agreement CVE-2023-7104 Ubuntu 18.04 LTS * Jammy update: v5.15.140 upstream stable release (LP: #2050038) // CVE-url: https://ubuntu.com/security/CVE-2024-0607 - netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() * CVE-url: https://ubuntu.com/security/CVE-2024-0607 - netfilter: nf_tables: Introduce new 64-bit helper register functions * Focal update: Focal update: v5.4.235 upstream stable release (LP: #2017706) // CVE-url: https://ubuntu.com/security/CVE-2023-1079 - HID: asus: Remove check for same LED brightness on set - HID: asus: use spinlock to protect concurrent accesses - HID: asus: use spinlock to safely schedule workers * CVE-url: https://ubuntu.com/security/CVE-2022-36402 - drm/vmwgfx: Add SM4_1 flag - drm/vmwgfx: Add support for SVGA3dCmdDefineGBSurface_v3 - drm/vmwgfx: Add CAP2 support in vmwgfx - drm/vmwgfx: Bump version patchlevel and date - drm/vmwgfx: Expose SM4_1 param to user space - drm/vmwgfx: Update the device headers - drm/vmwgfx: Fix shader stage validation * CVE-url: https://ubuntu.com/security/CVE-2024-0639 - sctp: fix potential deadlock on &net->sctp.addr_wq_lock * CVE-url: https://ubuntu.com/security/CVE-2023-6915 - ida: Fix crash in ida_free when the bitmap is empty * CVE-url: https://ubuntu.com/security/CVE-2023-6040 - netfilter: nf_tables: Reject tables of unsupported family * CVE-url: https://ubuntu.com/security/CVE-2023-51780 - atm: Fix Use-After-Free in do_vcc_ioctl * CVE-url: https://ubuntu.com/security/CVE-2023-51782 - net/rose: Fix Use-After-Free in rose_ioctl * CVE-url: https://ubuntu.com/security/CVE-2023-51781 - appletalk: Fix Use-After-Free in atalk_ioctl * CVE-url: https://ubuntu.com/security/CVE-2024-0340 - vhost: use kzalloc() instead of kmalloc() followed by memset() * CVE-2023-51779 // CVE-url: https://ubuntu.com/security/CVE-2023-51779 - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg * Jammy update: v5.15.135 upstream stable release (LP: #2045809) // CVE-url: https://ubuntu.com/security/CVE-2023-34324 - xen/events: replace evtchn_rwlock with RCU * Miscellaneous upstream changes - drm/vmwgfx: Use enum to represent graphics context capabilities Important TuxCare License Agreement CVE-2023-51779 CVE-2023-6915 CVE-2023-51782 CVE-2024-0340 CVE-2023-34324 CVE-2023-1079 CVE-2023-51780 CVE-2023-51781 CVE-2023-6040 CVE-2024-0639 CVE-2024-0607 CVE-2022-36402 Ubuntu 18.04 LTS * OpenJDK 11.0.21 release, build 9. - CVE-2023-22081 - Release notes: https://mail.openjdk.org/pipermail/jdk-updates-dev/2023-October/026351.html - adjust debian/pathes/exclude-broken-tests.patch Moderate TuxCare License Agreement CVE-2023-22081 Ubuntu 18.04 LTS * SECURITY UPDATE: timing side-channel in the RSA-PSK ClientKeyExchange - debian/patches/nettle-pk-randomness-level.patch: (nettle/pk) use the appropriate level of randomness for each operation. - debian/patches/pk-_gnutls_switch_lib_state.patch: (pk) always use _gnutls_switch_lib_state. - debian/patches/constant-time-cache-pkcs-1-rsa-decryption.patch: Constant time/cache PKCS#1 RSA decryption. - debian/patches/auth-rsa_psk-side-channel.patch: (auth/rsa_psk) side-step potential side-channel. - debian/libgnutls30.symbols: add gnutls_privkey_decrypt_data2. - CVE-2023-5981 Moderate TuxCare License Agreement CVE-2023-5981 Ubuntu 18.04 LTS * SECURITY UPDATE: it's possible to remove the initial messages on the secure channel without causing a MAC failure - debian/patches/CVE-2023-48795.patch: implement "strict key exchange" in ssh and sshd - CVE-2023-48795 Moderate TuxCare License Agreement CVE-2023-48795 Ubuntu 18.04 LTS * SECURITY UPDATE: Incorrect parsing of HTTP trailer headers - debian/patches/CVE-2023-46589.patch: Ensure IOException on request read always triggers error handling - CVE-2023-46589 * Internal tests: - debian/patches/0100-stop-testing-if-a-failure-occurs.patch: Stop testing if a failure occurs - debian/patches/0101-skipping-tests-incompatible-with-firewall.patch: Skipping tests incompatible with the firewall settings of the build system - debian/test_certs/*, debian/source/include-binaries, debian/rules: Update the keystore files and certificates from the upstream branch 9.0.x to fix internal tests Important TuxCare License Agreement CVE-2023-46589 Ubuntu 18.04 LTS * SECURITY UPDATE: Memory disclosure in aggregate function calls - debian/patches/CVE-2023-5868.patch: Compute aggregate argument types correctly in transformAggregateCall(). - CVE-2023-5868 * SECURITY UPDATE: Role "pg_signal_backend" can signal certain superuser processes - debian/patches/CVE-2023-5870.patch: Ban role pg_signal_backend from more superuser backend. - CVE-2023-5870 -- Vladimir D. Seleznev <vseleznev@cloudlinux.com> Thu, 25 Jan 2024 21:31:25 +0200 Moderate TuxCare License Agreement CVE-2023-5868 CVE-2023-5870 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-23851 - dm: limit the number of targets and parameter size area * CVE-url: https://ubuntu.com/security/CVE-2024-23849 - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv * CVE-url: https://ubuntu.com/security/CVE-2024-1086 - netfilter: nf_tables: reject QUEUE/DROP verdict parameters * CVE-url: https://ubuntu.com/security/CVE-2023-35827 - ravb: Fix use-after-free issue in ravb_tx_timeout_work() * CVE-url: https://ubuntu.com/security/CVE-2023-46838 - xen-netback: don't produce zero-size SKB frags * CVE-url: https://ubuntu.com/security/CVE-2024-22705 - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() * CVE-url: https://ubuntu.com/security/CVE-2023-46343 - nfc: nci: fix possible NULL pointer dereference in send_acknowledge() * CVE-url: https://ubuntu.com/security/CVE-2023-51042 - drm/amdgpu: Fix potential fence use-after-free v2 * CVE-url: https://ubuntu.com/security/CVE-2024-0775 - ext4: improve error recovery code paths in __ext4_remount() * CVE-url: https://ubuntu.com/security/CVE-2023-51043 - drm/atomic: Fix potential use-after-free in nonblocking commits Important TuxCare License Agreement CVE-2023-46343 CVE-2024-23851 CVE-2023-51043 CVE-2023-51042 CVE-2024-1086 CVE-2023-46838 CVE-2024-23849 CVE-2024-22705 CVE-2024-0775 CVE-2023-35827 Ubuntu 18.04 LTS * SECURITY UPDATE: Use-after-free in xmlValidatePopElement() - debian/patches/CVE-2024-25062.patch: Fix use-after-free if XML Reader with DTD validation and XInclude expansion by not expanding XIncludes when backtracking - CVE-2024-25062 Important TuxCare License Agreement CVE-2024-25062 Ubuntu 18.04 LTS * SECURITY UPDATE: A flaw fixed when the getaddrinfo function may access memory that has been freed, resulting in an application crash - debian/patches/any/CVE-2023-4806.patch: fix the flaw - CVE-2023-4806 * SECURITY UPDATE: In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash - debian/patches/any/CVE-2023-4813.patch: fix the flaw - CVE-2023-4813 Moderate TuxCare License Agreement CVE-2023-4806 CVE-2023-4813 Ubuntu 18.04 LTS * SECURITY UPDATE: Denial of service could be encountered when generating excessively long DH keys or checking excessively long DH keys or parameters. - debian/patches/CVE-2023-5678.patch: Make DH_check_pub_key() and DH_generate_key() safer yet. - CVE-2023-5678. Moderate TuxCare License Agreement CVE-2023-5678 Ubuntu 18.04 LTS * SECURITY UPDATE: KeyTrap denial of service vulnerability - debian/patches/CVE-2023-50387-20230-50868.patch: Fix DNSSEC verification complexity issue by updating verification function signatures. - debian/patches/CVE-2023-50387-fix-1.patch: Allow the original CVE-2023-50387 patch to work if multiple threads support is disabled. - debian/patches/CVE-2023-50387-fix-2.patch: Fix a leak. - CVE-2023-50387 - CVE-2023-50868 * a test suite was activated. Important TuxCare License Agreement CVE-2023-50868 CVE-2023-50387 Ubuntu 18.04 LTS * SECURITY UPDATE: SMTP smuggling because of <LF>.<CR><LF> support - debian/patches/CVE-2023-51766.patch: reject "dot, LF" as ending data phase. Testcase for "smtp smuggling". - CVE-2023-51766 Moderate TuxCare License Agreement CVE-2023-51766 Ubuntu 18.04 LTS * SECURITY UPDATE: ProxyCommand/ProxyJump features allow injection of malicious code through hostname - debian/patches/CVE-2023-6004-pre1.patch: move common parser functions to config_parser.c - debian/patches/CVE-2023-6004-pre2.patch: prevent possible segmentation fault - debian/patches/CVE-2023-6004-02.patch: allow multiple '@' in usernames - debian/patches/CVE-2023-6004-03.patch: simplify the hostname parsing in ssh_options_set - debian/patches/CVE-2023-6004-04.patch: add function to check allowed characters of a hostname - debian/patches/CVE-2023-6004-05.patch: add test for ssh_check_hostname_syntax - debian/patches/CVE-2023-6004-06.patch: check for valid syntax of a hostname if it is a domain name - debian/patches/CVE-2023-6004-07.patch: add test for proxycommand injection - debian/patches/CVE-2023-6004-08.patch: add test for ssh_is_ipaddr - debian/patches/CVE-2023-6004-09.patch: add ipv6 link-local check for an ip address - debian/patches/CVE-2023-6004-10.patch: add tests for ipv6 link-local - debian/patches/CVE-2023-6004-regression1.patch: fix regression in IPv6 addresses in hostname parsing - debian/patches/CVE-2023-6004-regression2.patch: increase test coverage for IPv6 address parsing as hostnames - CVE-2023-6004 * SECURITY UPDATE: Unchecked return values for digests may cause DoS - debian/patches/CVE-2023-6918-1.patch: systematically check return values when calculating digests - debian/patches/CVE-2023-6918-2.patch: detect context init failures - debian/patches/CVE-2023-6918-3.patch: code coverage for ssh_get_pubkey_hash() - CVE-2023-6918 Moderate TuxCare License Agreement CVE-2023-6918 CVE-2023-6004 Ubuntu 18.04 LTS * SECURITY UPDATE: Heap use-after-free flaw in BMP coder - debian/patches/CVE-2023-5341.patch: Check BMP file size to fix ImproperImageHeader issue caused by a provided poc - CVE-2023-5341 Moderate TuxCare License Agreement CVE-2023-5341 Ubuntu 18.04 LTS * SECURITY UPDATE: Potential Denial of Service via maliciously formatted PKCS12 file - debian/patches/CVE-2024-0727.patch: Fix decode error in PKCS12_unpack_p7data, PKCS12_unpack_p7encdata, and PKCS12_unpack_authsafes functions - CVE-2024-0727 Moderate TuxCare License Agreement CVE-2024-0727 Ubuntu 18.04 LTS * SECURITY UPDATE: Insecure cookie domain verification - debian/patches/CVE-2023-46218.patch: lowercase domain names before PSL checks to fix cookie domain validation - CVE-2023-46218 Moderate TuxCare License Agreement CVE-2023-46218 Ubuntu 18.04 LTS * SECURITY UPDATE: denial of service attack - debian/patches/CVE-2023-39804.patch: Fix handling of extended header prefixes. - CVE-2023-39804 Low TuxCare License Agreement CVE-2023-39804 Ubuntu 18.04 LTS * SECURITY UPDATE: Denial of Service attack against HTTP header parsing - debian/patches/CVE-2024-25617.patch: Improve handling of expanding HTTP header values - CVE-2024-25617 Important TuxCare License Agreement CVE-2024-25617 Ubuntu 18.04 LTS * OpenJDK 11.0.22 release, build 7. - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952. - Release notes: https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029215.html Important TuxCare License Agreement CVE-2024-20918 CVE-2024-20919 CVE-2024-20926 CVE-2024-20952 CVE-2024-20945 CVE-2024-20921 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2023-52449 - mtd: Fix gluebi NULL pointer dereference caused by ftl notifier * CVE-url: https://ubuntu.com/security/CVE-2023-39197 - netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one * CVE-url: https://ubuntu.com/security/CVE-2023-34256 - ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum * CVE-url: https://ubuntu.com/security/CVE-2024-24855 - scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() * CVE-url: https://ubuntu.com/security/CVE-2024-26602 - locking: Introduce __cleanup() based infrastructure - dmaengine: ioat: Free up __cleanup() name - sched/membarrier: reduce the ability to hammer on sys_membarrier * CVE-url: https://ubuntu.com/security/CVE-2023-52435 - net: prevent mss overflow in skb_segment() * CVE-url: https://ubuntu.com/security/CVE-2023-52445 - media: pvrusb2: fix use after free on context disconnection * CVE-url: https://ubuntu.com/security/CVE-2023-52444 - f2fs: fix to avoid dirent corruption * CVE-url: https://ubuntu.com/security/CVE-2023-52443 - apparmor: avoid crash when parsed profile name is empty * CVE-url: https://ubuntu.com/security/CVE-2021-44879 - f2fs: fix to do sanity check on inode type during garbage collection * CVE-url: https://ubuntu.com/security/CVE-2023-6121 - nvmet: nul-terminate the NQNs passed in the connect command * CVE-url: https://ubuntu.com/security/CVE-2024-24860 - Bluetooth: Move {min,max}_key_size debugfs into hci_debugfs_create_le - Bluetooth: Fix atomicity violation in {min,max}_key_size_set Important TuxCare License Agreement CVE-2024-26602 CVE-2023-39197 CVE-2023-52449 CVE-2024-24855 CVE-2023-52445 CVE-2023-6121 CVE-2021-44879 CVE-2023-52443 CVE-2024-24860 CVE-2023-52444 CVE-2023-52435 CVE-2023-34256 Ubuntu 18.04 LTS * OpenJDK 8u402 release, build 6. - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921: Unauthorized access in Hotspot. - CVE-2024-20926: Unauthorized access in Scripting. - CVE-2024-20945, CVE-2024-20952: Unauthorized access in Security. - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2024-January/017883.html Important TuxCare License Agreement CVE-2024-20918 CVE-2024-20926 CVE-2024-20952 CVE-2024-20945 CVE-2024-20921 CVE-2024-20919 Ubuntu 18.04 LTS * SECURITY UPDATE: - debian/patches/CVE-2024-2398.patch: http2: push headers better cleanup provide common cleanup method for push headers - CVE-2024-2398 Important TuxCare License Agreement CVE-2024-2398 Ubuntu 18.04 LTS * Backport 031bb5a5d0d950253b68138b498dc93be69a64cb: fix CVE-2024-22365 - debian/patches-applied/CVE-2024-22365.patch: pam_namespace: protect_dir(): use O_DIRECTORY to prevent local DoS situations - CVE-2024-22365 Moderate TuxCare License Agreement CVE-2024-22365 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2021-46925 - net/smc: get rid of tx_pend waits in socket closing - net/smc: fix kernel panic caused by race of smc_sock * CVE-url: https://ubuntu.com/security/CVE-2024-23307 - md/raid5: fix atomicity violation in raid5_cache_count * CVE-url: https://ubuntu.com/security/CVE-2021-46941 - usb: dwc3: Add splitdisable quirk for Hisilicon Kirin Soc - usb: dwc3: core: Do core softreset when switch mode * CVE-url: https://ubuntu.com/security/CVE-2023-52469 - drivers/amd/pm: fix a use-after-free in kv_parse_power_table * CVE-url: https://ubuntu.com/security/CVE-2024-26633 - ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() * CVE-url: https://ubuntu.com/security/CVE-2023-52439 - uio: Fix use-after-free in uio_open * CVE-url: https://ubuntu.com/security/CVE-2023-52612 - crypto: scomp - fix req->dst buffer overflow * CVE-url: https://ubuntu.com/security/CVE-2023-52340 - net: add a route cache full diagnostic message - net/dst: use a smaller percpu_counter batch for dst entries accounting - ipv6: remove max_size check inline with ipv4 * CVE-url: https://ubuntu.com/security/CVE-2023-52436 - f2fs: explicitly null-terminate the xattr list * CVE-url: https://ubuntu.com/security/CVE-2023-52470 - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() * CVE-url: https://ubuntu.com/security/CVE-2023-52464 - EDAC/thunderx: Fix possible out-of-bounds string access * CVE-url: https://ubuntu.com/security/CVE-2022-45884 - media: dvbdev: remove double-unlock - media: media/dvb: Use kmemdup rather than duplicating its implementation - media: dvbdev: Fix memleak in dvb_register_device - media: dvbdev: fix error logic at dvb_register_device() - media: dvb-core: Fix use-after-free due to race at dvb_register_device() Important TuxCare License Agreement CVE-2021-46925 CVE-2023-52612 CVE-2024-23307 CVE-2023-52464 CVE-2021-46941 CVE-2023-52469 CVE-2024-26633 CVE-2023-52439 CVE-2023-52340 CVE-2023-52436 CVE-2023-52470 CVE-2022-45884 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2023-1998 - x86/speculation: Allow enabling STIBP with legacy IBRS * CVE-url: https://ubuntu.com/security/CVE-2021-47193 - scsi: pm80xx: Tie the interrupt name to the module instance - scsi: pm80xx: Deal with kexec reboots - scsi: pm80xx: Increase number of supported queues - scsi: pm80xx: Remove DMA memory allocation for ccb and device structures - scsi: pm80xx: Increase the number of outstanding I/O supported to 1024 - scsi: pm80xx: Fix memory leak during rmmod * CVE-url: https://ubuntu.com/security/CVE-2021-47198 - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine * CVE-url: https://ubuntu.com/security/CVE-2023-52458 - block: add check that partition length needs to be aligned with block size * CVE-url: https://ubuntu.com/security/CVE-2023-52600 - jfs: fix uaf in jfs_evict_inode * CVE-url: https://ubuntu.com/security/CVE-2023-24023 - Bluetooth: Add debug setting for changing minimum encryption key size - Bluetooth: Add more enc key size check * CVE-url: https://ubuntu.com/security/CVE-2023-52603 - UBSAN: array-index-out-of-bounds in dtSplitRoot * Jammy update: v5.15.81 upstream stable release (LP: #2003130) // CVE-url: https://ubuntu.com/security/CVE-2023-1382 - tipc: set con sock in tipc_conn_alloc - tipc: add an extra conn_get in tipc_conn_alloc * CVE-url: https://ubuntu.com/security/CVE-2024-26600 - phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Important TuxCare License Agreement CVE-2023-1382 CVE-2021-47193 CVE-2023-52600 CVE-2021-47198 CVE-2023-52603 CVE-2023-24023 CVE-2023-52458 CVE-2024-26600 CVE-2023-1998 Ubuntu 18.04 LTS * SECURITY UPDATE: shell-quote filenames when invoking LESSCLOSE. - debian/patches/CVE-2022-48624.patch: Fix close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE. - CVE-2022-48624 Important TuxCare License Agreement CVE-2022-48624 Ubuntu 18.04 LTS * SECURITY UPDATE: security vulnerability in package - debian/patches/CVE-2024-3096.patch: Disallow null character in bcrypt password to fix bug causing password_verify to erroneously return true - CVE-2024-3096 Moderate TuxCare License Agreement CVE-2024-3096 Ubuntu 18.04 LTS * SECURITY UPDATE: Denial of Service attack against HTTP header parsing - debian/patches/CVE-2023-49288.patch: fix unintention freeing in TRACE request handler - CVE-2023-49288 Important TuxCare License Agreement CVE-2023-49288 Ubuntu 18.04 LTS * SECURITY UPDATE: PostgreSQL driver: Fix incompatible pointer-to-integer types - debian/patches/CVE-2024-1013.patch: Fix out-of-bounds stack write by adjusting byte size in callee function - CVE-2024-1013 Important TuxCare License Agreement CVE-2024-1013 Ubuntu 18.04 LTS * SECURITY UPDATE: possible insecure cookie abuse - debian/patches/php-7.3-CVE-2024-2756.patch: fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix - CVE-2024-2756 Moderate TuxCare License Agreement CVE-2024-2756 Ubuntu 18.04 LTS * SECURITY UPDATE: quoting is mishandled in filename.c. - debian/patches/CVE-2024-32487.patch: Fix bug when viewing a file whose name contains a newline. - CVE-2024-32487 Important TuxCare License Agreement CVE-2024-32487 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2023-47233 - wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach * CVE-url: https://ubuntu.com/security/CVE-2023-52601 - jfs: Fix memleak in dbAdjCtl * CVE-url: https://ubuntu.com/security/CVE-2024-26801 - Bluetooth: Avoid potential use-after-free in hci_error_reset * CVE-url: https://ubuntu.com/security/CVE-2024-26805 - netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter * CVE-url: https://ubuntu.com/security/CVE-2024-26735 - ipv6: sr: fix possible use-after-free and null-ptr-deref * CVE-url: https://ubuntu.com/security/CVE-2023-52566 - nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() * CVE-url: https://ubuntu.com/security/CVE-2021-46981 - nbd: Fix NULL pointer in flush_workqueue * CVE-url: https://ubuntu.com/security/CVE-2024-26622 - tomoyo: fix UAF write bug in tomoyo_write_control() * CVE-url: https://ubuntu.com/security/CVE-2024-26614 - tcp: make sure init the accept_queue's spinlocks once - ipv6: init the accept_queue's spinlocks in inet6_create * CVE-url: https://ubuntu.com/security/CVE-2023-52530 - wifi: mac80211: fix potential key use-after-free * CVE-url: https://ubuntu.com/security/CVE-2023-52524 - net: nfc: llcp: Add lock when modifying device list * CVE-url: https://ubuntu.com/security/CVE-2021-47173 - misc/uss720: fix memory leak in uss720_probe * CVE-url: https://ubuntu.com/security/CVE-2024-26910 - timers: Get rid of del_singleshot_timer_sync() - timers: Update kernel-doc for various functions - timers: Use del_timer_sync() even on UP - timers: Rename del_timer_sync() to timer_delete_sync() - timers: Rename del_timer() to timer_delete() - timers: Silently ignore timers with a NULL function - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode - timers: Add shutdown mechanism to the internal functions - timers: Provide timer_shutdown[_sync]() - netfilter: ipset: fix performance regression in swap operation * CVE-url: https://ubuntu.com/security/CVE-2023-52595 - rt2x00: clear IV's on start to fix AP mode regression - wifi: rt2x00: restart beacon queue when hardware reset * CVE-url: https://ubuntu.com/security/CVE-2023-52617 - switchtec: Improve MRPC efficiency by enabling write combining - switchtec: Add MRPC DMA mode support - PCI: switchtec: Fix stdev_release() crash after surprise hot remove * CVE-url: https://ubuntu.com/security/CVE-2024-26696 - nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() * CVE-url: https://ubuntu.com/security/CVE-2024-26685 - nilfs2: fix potential bug in end_buffer_async_write * CVE-url: https://ubuntu.com/security/CVE-2024-26625 - llc: call sock_orphan() at release time * CVE-url: https://ubuntu.com/security/CVE-2023-52615 - hwrng: core - Fix page fault dead lock on mmap-ed hwrng * CVE-url: https://ubuntu.com/security/CVE-2023-52486 - drm: Don't unref the same fb many times by mistake due to deadlock handling * CVE-url: https://ubuntu.com/security/CVE-2024-26920 - tracing/trigger: Fix to return error if failed to alloc snapshot * CVE-url: https://ubuntu.com/security/CVE-2024-26697 - nilfs2: fix data corruption in dsync block recovery for small block sizes * CVE-url: https://ubuntu.com/security/CVE-2024-26679 - inet: read sk->sk_family once in inet_recv_error() * CVE-url: https://ubuntu.com/security/CVE-2023-52622 - ext4: remove unnecessary check from alloc_flex_gd() - ext4: avoid online resizing failures due to oversized flex bg * CVE-url: https://ubuntu.com/security/CVE-2024-26635 - llc: Drop support for ETH_P_TR_802_2. * CVE-url: https://ubuntu.com/security/CVE-2023-52594 - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() * CVE-url: https://ubuntu.com/security/CVE-2023-52583 - ceph: fix deadlock or deadcode of misusing dget() * CVE-url: https://ubuntu.com/security/CVE-2024-26720 - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again * CVE-url: https://ubuntu.com/security/CVE-2024-26825 - nfc: nci: free rx_data_reassembly skb on NCI device cleanup * CVE-url: https://ubuntu.com/security/CVE-2024-26671 - blk-mq: fix IO hang from sbitmap wakeup race * CVE-url: https://ubuntu.com/security/CVE-2024-26675 - ppp_async: limit MRU to 64K * CVE-url: https://ubuntu.com/security/CVE-2024-26663 - tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() * CVE-url: https://ubuntu.com/security/CVE-2023-52602 - jfs: fix slab-out-of-bounds Read in dtSearch * CVE-url: https://ubuntu.com/security/CVE-2024-26704 - ext4: fix double-free of blocks due to wrong extents moved_len * CVE-url: https://ubuntu.com/security/CVE-2023-52619 - pstore/ram: Fix crash when setting number of cpus to an odd number * CVE-url: https://ubuntu.com/security/CVE-2024-26636 - llc: make llc_ui_sendmsg() more robust against bonding changes * CVE-url: https://ubuntu.com/security/CVE-2023-52587 - IB/ipoib: Fix mcast list locking * CVE-url: https://ubuntu.com/security/CVE-2023-52601 // CVE-url: https://ubuntu.com/security/CVE-2023-52604 - jfs: fix array-index-out-of-bounds in dbAdjTree * CVE-url: https://ubuntu.com/security/CVE-2023-52604 - FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree * CVE-url: https://ubuntu.com/security/CVE-2023-52623 - SUNRPC: Fix a suspicious RCU usage warning * CVE-url: https://ubuntu.com/security/CVE-2023-52599 - jfs: fix array-index-out-of-bounds in diNewExt * CVE-url: https://ubuntu.com/security/CVE-2024-26884 - bpf: Fix hashtab overflow check on 32-bit arches * CVE-url: https://ubuntu.com/security/CVE-2024-26883 - bpf: Fix stackmap overflow check on 32-bit arches * CVE-url: https://ubuntu.com/security/CVE-2024-26882 - net: add atomic_long_t to net_device_stats fields - net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() * CVE-url: https://ubuntu.com/security/CVE-2024-26908 - x86/xen: Add some null pointer checking to smp.c * CVE-url: https://ubuntu.com/security/CVE-2024-26904 - btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve * CVE-url: https://ubuntu.com/security/CVE-2024-26903 - Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security * CVE-url: https://ubuntu.com/security/CVE-2024-26901 - do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak * CVE-url: https://ubuntu.com/security/CVE-2024-26898 - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts Important TuxCare License Agreement CVE-2023-47233 CVE-2024-26805 CVE-2021-46981 CVE-2024-26614 CVE-2024-26882 CVE-2024-26883 CVE-2024-26901 CVE-2024-26910 CVE-2024-26884 CVE-2024-26903 CVE-2024-26904 CVE-2024-26622 CVE-2023-52602 CVE-2023-52601 CVE-2024-26635 CVE-2023-52583 CVE-2023-52587 CVE-2023-52619 CVE-2023-52615 CVE-2023-52617 CVE-2023-52595 CVE-2024-26920 CVE-2024-26675 CVE-2023-52623 CVE-2024-26720 CVE-2023-52622 CVE-2024-26685 CVE-2024-26663 CVE-2024-26825 CVE-2024-26636 CVE-2024-26625 CVE-2023-52486 CVE-2024-26679 CVE-2024-26697 CVE-2023-52599 CVE-2023-52530 CVE-2023-52524 CVE-2024-26735 CVE-2023-52566 CVE-2021-47173 CVE-2024-26801 CVE-2024-26696 CVE-2023-52594 CVE-2024-26704 CVE-2024-26671 CVE-2023-52604 CVE-2024-26908 CVE-2024-26898 Ubuntu 18.04 LTS * SECURITY UPDATE: template injection allows code injection through specially crafted files - debian/patches/CVE-2023-5764.patch: avoid evaluate unsafe conditions - debian/patches/CVE-2023-5764-ext-tests.patch: addional tests - CVE-2023-5764 Important TuxCare License Agreement CVE-2023-5764 Ubuntu 18.04 LTS * SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2023-6992.patch: in deflace.c fix incorrectly calculated min size of block. - CVE-2023-6992 Moderate TuxCare License Agreement CVE-2023-6992 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2022-48673 - net/smc: Fix possible access to freed memory in link clear * CVE-url: https://ubuntu.com/security/CVE-2024-35997 - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up * CVE-url: https://ubuntu.com/security/CVE-2023-52752 - smb: client: fix use-after-free bug in cifs_debug_data_proc_show() * CVE-url: https://ubuntu.com/security/CVE-2022-48687 - ipv6: sr: fix out-of-bounds read when setting HMAC data. * CVE-url: https://ubuntu.com/security/CVE-2024-27013 - tun: limit printing rate when illegal packet received by tun dev * CVE-url: https://ubuntu.com/security/CVE-2024-27019 - netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() * CVE-url: https://ubuntu.com/security/CVE-2023-52809 - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() * CVE-url: https://ubuntu.com/security/CVE-2024-26934 - USB: core: Fix deadlock in usb_deauthorize_interface() * CVE-url: https://ubuntu.com/security/CVE-2024-35978 - Bluetooth: Fix memory leak in hci_req_sync_complete() * CVE-url: https://ubuntu.com/security/CVE-2023-52753 - drm/amd/display: Avoid NULL dereference of timing generator * CVE-url: https://ubuntu.com/security/CVE-2023-52806 - ALSA: hda: Fix possible null-ptr-deref when assigning a stream * CVE-url: https://ubuntu.com/security/CVE-2024-35984 - i2c: smbus: fix NULL function pointer dereference * CVE-url: https://ubuntu.com/security/CVE-2023-52817 - drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL * CVE-url: https://ubuntu.com/security/CVE-2024-27020 - netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() * CVE-url: https://ubuntu.com/security/CVE-2024-35982 - batman-adv: Avoid infinite loop trying to resize local TT * CVE-url: https://ubuntu.com/security/CVE-2024-26929 - scsi: qla2xxx: Fix double free of fcport * CVE-url: https://ubuntu.com/security/CVE-2023-52802 - iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe() Important TuxCare License Agreement CVE-2024-27013 CVE-2023-52817 CVE-2024-35982 CVE-2024-26934 CVE-2024-35978 CVE-2023-52802 CVE-2024-35997 CVE-2022-48687 CVE-2022-48673 CVE-2024-27019 CVE-2023-52752 CVE-2023-52809 CVE-2023-52753 CVE-2023-52806 CVE-2024-35984 CVE-2024-26929 CVE-2024-27020 Ubuntu 18.04 LTS * SECURITY UPDATE: Ability to write almost unlimited amounts of unfiltered data into the process heap - debian/patches/CVE-2023-4016-2.patch: ps: extended fix of the CVE-2023-4016 - fix possible buffer overflow in -C option. - CVE-2023-4016 Low TuxCare License Agreement CVE-2023-4016 Ubuntu 18.04 LTS * SECURITY UPDATE: filter bypass in filter_var FILTER_VALIDATE_URL - debian/patches/CVE-2024-5458.patch: Fix early-out for ipv6 hostname validation, ensure full check is performed - CVE-2024-5458 Moderate TuxCare License Agreement CVE-2024-5458 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-26764 - aio: remove an outdated BUG_ON and comment in aio_complete - aio: remove the extra get_file/fput pair in io_submit_one - aio: refactor read/write iocb setup - fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio * CVE-url: https://ubuntu.com/security/CVE-2024-36971 - net: fix __dst_negative_advice() race * CVE-url: https://ubuntu.com/security/CVE-2024-26840 - cachefiles: fix memory leak in cachefiles_add_cache() * CVE-url: https://ubuntu.com/security/CVE-2021-47543 - perf report: Fix memory leaks around perf_tip() * CVE-url: https://ubuntu.com/security/CVE-2024-27405 - usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call - usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs * CVE-url: https://ubuntu.com/security/CVE-2024-26779 - wifi: mac80211: fix race condition on enabling fast-xmit * CVE-url: https://ubuntu.com/security/CVE-2024-26772 - ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() * CVE-url: https://ubuntu.com/security/CVE-2024-26845 - scsi: target: core: Add TMF to tmr_list handling * CVE-url: https://ubuntu.com/security/CVE-2021-47063 - drm: bridge/panel: Cleanup connector on bridge detach * CVE-url: https://ubuntu.com/security/CVE-2024-26804 - net: ip_tunnel: prevent perpetual headroom growth * CVE-url: https://ubuntu.com/security/CVE-2024-27410 - wifi: nl80211: reject iftype change with mesh ID change * CVE-url: https://ubuntu.com/security/CVE-2024-26793 - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() * CVE-url: https://ubuntu.com/security/CVE-2024-26754 - gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() * CVE-url: https://ubuntu.com/security/CVE-2024-26839 - IB/hfi1: Fix a memleak in init_credit_return * CVE-url: https://ubuntu.com/security/CVE-2024-26773 - ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() * CVE-url: https://ubuntu.com/security/CVE-2024-27413 - efi/capsule-loader: fix incorrect allocation size * CVE-url: https://ubuntu.com/security/CVE-2024-26736 - afs: Increase buffer size in afs_update_volume_status() * CVE-url: https://ubuntu.com/security/CVE-2024-26777 - fbdev: sis: Error out if pixclock equals zero * CVE-url: https://ubuntu.com/security/CVE-2024-26778 - fbdev: savage: Error out if pixclock equals zero * CVE-url: https://ubuntu.com/security/CVE-2024-26763 - dm-crypt: don't modify the data when using authenticated encryption * CVE-url: https://ubuntu.com/security/CVE-2024-26733 - arp: Prevent overflow in arp_req_get(). * CVE-url: https://ubuntu.com/security/CVE-2024-26791 - btrfs: dev-replace: properly validate device names Important TuxCare License Agreement CVE-2024-36971 CVE-2021-47063 CVE-2024-27405 CVE-2024-26754 CVE-2024-26793 CVE-2024-26778 CVE-2024-26839 CVE-2024-26777 CVE-2024-26763 CVE-2024-26840 CVE-2024-26764 CVE-2024-26779 CVE-2024-26804 CVE-2024-26772 CVE-2024-27410 CVE-2024-26736 CVE-2024-26791 CVE-2024-26733 CVE-2024-26845 CVE-2024-27413 CVE-2024-26773 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-2201 - x86/cpufeatures: Add new word for scattered features - x86/cpufeatures: Add CPUID_LNX_5 to track recently added Linux-defined word - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file - x86/bhi: Add support for clearing branch history at syscall entry - x86/bhi: Define SPEC_CTRL_BHI_DIS_S - x86/bhi: Enumerate Branch History Injection (BHI) bug - x86/bhi: Add BHI mitigation knob - x86/bhi: Mitigate KVM by default - x86/bugs: Fix BHI documentation - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' - x86/bugs: Fix BHI handling of RRSBA - x86/bugs: Clarify that syscall hardening isn't a BHI mitigation - x86/bugs: Fix BHI retpoline check * CVE-url: https://ubuntu.com/security/CVE-2024-26922 - drm/amdgpu: validate the parameters of bo mapping operations more clearly * CVE-url: https://ubuntu.com/security/CVE-2024-26642 - netfilter: nf_tables: disallow anonymous set with timeout flag * CVE-url: https://ubuntu.com/security/CVE-2021-33631 - ext4: fix kernel BUG in 'ext4_write_inline_data_end()' * CVE-url: https://ubuntu.com/security/CVE-2024-36902 - ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() * CVE-url: https://ubuntu.com/security/CVE-2024-36901 - ipv6: prevent NULL dereference in ip6_output() * Miscellaneous upstream changes - media: xc4000: Fix atomicity violation in xc4000_get_frequency - [Config] updateconfigs for CONFIG_BHI_{AUTO|OFF|ON} Important TuxCare License Agreement CVE-2024-36902 CVE-2024-2201 CVE-2021-33631 CVE-2024-36901 CVE-2024-26922 CVE-2024-26642 Ubuntu 18.04 LTS * SECURITY UPDATE: Buffer overflow in iconv() function when converting to ISO-2022-CN-EXT character set - debian/patches/any/CVE-2024-2961.patch: Fix out-of-bound writes in ISO-2022-CN-EXT escape sequences - CVE-2024-2961 * SECURITY UPDATE: stack-based buffer overflow in netgroup cache - debian/patches/any/CVE-2024-33599.patch: fix buffer overflow in netgroup cache - CVE-2024-33599 Important TuxCare License Agreement CVE-2024-33599 CVE-2024-2961 Ubuntu 18.04 LTS * SECURITY UPDATE: Potential arbitrary code execution - debian/patches/CVE-2024-32004.patch: Enhance ownership checks to detect dubious local repositories during cloning, warning users of potential risks. This change affects multiple Git commands to improve overall security. - CVE-2024-32004 Important TuxCare License Agreement CVE-2024-32004 Ubuntu 18.04 LTS * SECURITY UPDATE: New microcode data file 2024-05-14 - New microcodes: sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192 sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160 sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960 sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960 - Updated microcodes: sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864 sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912 sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888 sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720 sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552 sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264 sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200 sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008 sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800 sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800 sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688 sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616 sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304 sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448 sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496 sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400 sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632 sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400 sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632 sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400 sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632 sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632 sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400 sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632 sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480 sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256 sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256 sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208 sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808 sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208 sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480 sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544 sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472 sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496 sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496 sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280 sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280 sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280 sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280 sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256 sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544 sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040 sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160 sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160 sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240 sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256 sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256 * source: update symlinks to reflect id of the latest release, 20240514 Important TuxCare License Agreement CVE-2023-39368 CVE-2023-22655 CVE-2023-47855 CVE-2023-38575 CVE-2023-43490 CVE-2023-28746 CVE-2023-46103 CVE-2023-45733 CVE-2023-45745 Ubuntu 18.04 LTS * SECURITY UPDATE: eval() on content received via HTTP in test suite - debian/patches/CVE-2020-27619.patch: No longer call eval() on content received via HTTP in the CJK codec tests - CVE-2020-27619 Critical TuxCare License Agreement CVE-2020-27619 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-35902 - net/rds: fix possible cp null dereference * CVE-url: https://ubuntu.com/security/CVE-2024-38587 - speakup: Fix sizeof() vs ARRAY_SIZE() bug * CVE-url: https://ubuntu.com/security/CVE-2024-39493 - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak * CVE-url: https://ubuntu.com/security/CVE-2024-38381 - nfc: nci: Fix uninit-value in nci_rx_work * CVE-url: https://ubuntu.com/security/CVE-2024-26810 - vfio/pci: Lock external INTx masking ops * CVE-url: https://ubuntu.com/security/CVE-2024-26687 - xen/events: close evtchn after mapping cleanup * CVE-url: https://ubuntu.com/security/CVE-2024-35893 - net: sched: change type of reference and bind counters - net: sched: act_skbmod: remove dependency on rtnl lock - net/sched: act_skbmod: prevent kernel-infoleak * CVE-url: https://ubuntu.com/security/CVE-2024-35823 - vt: preserve unicode values corresponding to screen characters - vt: fix unicode buffer corruption when deleting characters * CVE-url: https://ubuntu.com/security/CVE-2024-35805 - dm snapshot: Replace mutex with rw semaphore - dm snapshot: fix lockup in dm_exception_table_exit * CVE-url: https://ubuntu.com/security/CVE-2024-27004 - clk: core: clarify the check for runtime PM - clk: Get runtime PM before walking tree during disable_unused * CVE-url: https://ubuntu.com/security/CVE-2024-26852 - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() * CVE-url: https://ubuntu.com/security/CVE-2023-52620 - netfilter: nf_tables: disallow timeout for anonymous sets * CVE-url: https://ubuntu.com/security/CVE-2024-25739 - ubi: Check for too small LEB size in VTBL code * CVE-url: https://ubuntu.com/security/CVE-2024-27437 - genirq: Add IRQF_NO_AUTOEN for request_irq/nmi() - vfio/pci: Disable auto-enable of exclusive INTx IRQ * CVE-url: https://ubuntu.com/security/CVE-2022-48627 - vc: separate state - vt: fix memory overlapping when deleting chars in the buffer * CVE-url: https://ubuntu.com/security/CVE-2024-35910 - mptcp: add sk_stop_timer_sync helper - tcp: properly terminate timers for kernel sockets * CVE-url: https://ubuntu.com/security/CVE-2024-35969 - ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr * CVE-url: https://ubuntu.com/security/CVE-2024-27024 - RDS: RDMA: Fix the NULL-ptr deref in rds_ib_get_mr - net/rds: fix WARNING in rds_conn_connect_if_down * CVE-url: https://ubuntu.com/security/CVE-2024-26863 - hsr: Fix uninit-value access in hsr_get_node() * CVE-url: https://ubuntu.com/security/CVE-2024-26984 - nouveau: fix instmem race condition around ptr stores * CVE-url: https://ubuntu.com/security/CVE-2024-36020 - i40e: fix vf may be used uninitialized in this function warning * CVE-url: https://ubuntu.com/security/CVE-2024-35849 - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() * CVE-url: https://ubuntu.com/security/CVE-2024-27388 - SUNRPC: fix some memleaks in gssx_dec_option_array * CVE-url: https://ubuntu.com/security/CVE-2024-35886 - ipv6: Fix infinite recursion in fib6_dump_done(). * CVE-url: https://ubuntu.com/security/CVE-2024-35809 - PCI/PM: Drain runtime-idle callbacks before driver removal * CVE-url: https://ubuntu.com/security/CVE-2024-26875 - media: pvrusb2: fix uaf in pvr2_context_set_notify * CVE-url: https://ubuntu.com/security/CVE-2024-26851 - netfilter: nf_conntrack_h323: Add protection for bmp length out of range * CVE-url: https://ubuntu.com/security/CVE-2024-26999 - serial/pmac_zilog: Remove flawed mitigation for rx irq flood * CVE-url: https://ubuntu.com/security/CVE-2024-35819 - soc: fsl: qbman: Use raw spinlock for cgr_lock * CVE-url: https://ubuntu.com/security/CVE-2024-35806 - soc: fsl: qbman: Always disable interrupts when taking cgr_lock * CVE-url: https://ubuntu.com/security/CVE-2023-52699 - sysv: don't call sb_bread() with pointers_lock held * CVE-url: https://ubuntu.com/security/CVE-2024-35828 - wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() * CVE-url: https://ubuntu.com/security/CVE-2024-27001 - comedi: vmk80xx: fix incomplete endpoint checking * CVE-url: https://ubuntu.com/security/CVE-2024-26878 - quota: Fix potential NULL pointer dereference * CVE-url: https://ubuntu.com/security/CVE-2024-27008 - drm: nv04: Fix out of bounds access * CVE-url: https://ubuntu.com/security//CVE-2024-35825 - usb: gadget: ncm: Fix handling of zero block length packets * CVE-url: https://ubuntu.com/security/CVE-2024-35935 - btrfs: send: handle path ref underflow in header iterate_inode_ref() * CVE-url: https://ubuntu.com/security/CVE-2024-26957 - s390/zcrypt: fix reference counting on zcrypt card objects * CVE-url: https://ubuntu.com/security/CVE-2024-35973 - geneve: fix header validation in geneve[6]_xmit_skb * CVE-url: https://ubuntu.com/security/CVE-2024-26965 - clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays * CVE-url: https://ubuntu.com/security/CVE-2024-26931 - scsi: qla2xxx: Fix command flush on cable pull * CVE-url: https://ubuntu.com/security/CVE-2024-35944 - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() * CVE-url: https://ubuntu.com/security/CVE-2024-27028 - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler * CVE-url: https://ubuntu.com/security/CVE-2024-35830 - media: tc358743: register v4l2 async device only after successful setup * CVE-url: https://ubuntu.com/security/CVE-2024-26956 - nilfs2: fix failure to detect DAT corruption in btree and direct mappings * CVE-url: https://ubuntu.com/security/CVE-2024-35807 - ext4: fix corruption during on-line resize * CVE-url: https://ubuntu.com/security/CVE-2024-26813 - vfio/platform: Create persistent IRQ handlers * CVE-url: https://ubuntu.com/security/CVE-2023-52644 - wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled * CVE-url: https://ubuntu.com/security/CVE-2024-26966 - clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays * CVE-url: https://ubuntu.com/security/CVE-2024-26654 - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs * CVE-url: https://ubuntu.com/security/CVE-2024-27073 - media: ttpci: fix two memleaks in budget_av_attach * CVE-url: https://ubuntu.com/security/CVE-2023-52880 - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc * CVE-url: https://ubuntu.com/security/CVE-2023-52650 - drm/tegra: dsi: Add missing check for of_find_device_by_node * CVE-url: https://ubuntu.com/security/CVE-2024-35822 - usb: udc: remove warning when queue disabled ep * CVE-url: https://ubuntu.com/security/CVE-2024-35933 - Bluetooth: btintel: Fix null ptr deref in btintel_read_version * CVE-url: https://ubuntu.com/security/CVE-2024-26857 - geneve: make sure to pull inner header in geneve_rx() * CVE-url: https://ubuntu.com/security/CVE-2024-35925 - block: prevent division by zero in blk_rq_stat_sum() * CVE-url: https://ubuntu.com/security/CVE-2024-35930 - scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() * CVE-url: https://ubuntu.com/security/CVE-2024-27419 - netrom: Fix data-races around sysctl_net_busy_read * CVE-url: https://ubuntu.com/security/CVE-2024-35955 - kprobes: Fix possible use-after-free issue on kprobe registration * CVE-url: https://ubuntu.com/security/CVE-2024-27074 - media: go7007: fix a memleak in go7007_load_encoder * CVE-url: https://ubuntu.com/security/CVE-2024-35847 - irqchip/gic-v3-its: Prevent double free on error * CVE-url: https://ubuntu.com/security/CVE-2024-35936 - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() * CVE-url: https://ubuntu.com/security/CVE-2024-35821 - ubifs: Set page uptodate in the correct place * CVE-url: https://ubuntu.com/security/CVE-2024-27075 - media: dvb-frontends: avoid stack overflow warnings with clang * CVE-url: https://ubuntu.com/security/CVE-2024-26651 - sr9800: Add check for usbnet_get_endpoints * CVE-url: https://ubuntu.com/security/CVE-2024-27043 - media: edia: dvbdev: fix a use-after-free * CVE-url: https://ubuntu.com/security/CVE-2024-26976 - KVM: Always flush async #PF workqueue when vCPU is being destroyed * CVE-url: https://ubuntu.com/security/CVE-2024-27000 - serial: mxs-auart: add spinlock around changing cts state * CVE-url: https://ubuntu.com/security/CVE-2024-35815 - fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion * CVE-url: https://ubuntu.com/security/CVE-2024-27396 - net: gtp: Fix Use-After-Free in gtp_dellink * CVE-url: https://ubuntu.com/security/CVE-2024-26874 - drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip * CVE-url: https://ubuntu.com/security/CVE-2024-35922 - fbmon: prevent division by zero in fb_videomode_from_videomode() * CVE-url: https://ubuntu.com/security/CVE-2024-27078 - media: v4l2-tpg: fix some memleaks in tpg_alloc * CVE-url: https://ubuntu.com/security/CVE-2024-26981 - nilfs2: fix OOB in nilfs_set_de_type * CVE-url: https://ubuntu.com/security/CVE-2024-26816 - x86, relocs: Ignore relocations in .notes section * CVE-url: https://ubuntu.com/security/CVE-2024-26880 - dm: call the resume method on internal suspend * CVE-url: https://ubuntu.com/security/CVE-2024-26994 - speakup: Avoid crash on very long word * CVE-url: https://ubuntu.com/security/CVE-2024-26955 - nilfs2: prevent kernel bug at submit_bh_wbc() * CVE-url: https://ubuntu.com/security/CVE-2024-36004 - i40e: Do not use WQ_MEM_RECLAIM flag for workqueue * CVE-url: https://ubuntu.com/security/CVE-2024-35789 - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes * CVE-url: https://ubuntu.com/security/CVE-2024-26974 - crypto: qat - resolve race condition during AER recovery * CVE-url: https://ubuntu.com/security/CVE-2024-26859 - net/bnx2x: Prevent access to a freed page in page_pool * CVE-url: https://ubuntu.com/security/CVE-2024-35960 - net/mlx5: Properly link new fs rules into the tree * CVE-url: https://ubuntu.com/security/CVE-2024-27059 - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command * CVE-url: https://ubuntu.com/security/CVE-2024-26993 - fs: sysfs: Fix reference leak in sysfs_break_active_protection() * CVE-url: https://ubuntu.com/security/CVE-2024-24857 // CVE-url: https://ubuntu.com/security/CVE-2024-24858 // CVE-url: https://ubuntu.com/security/CVE-2024-24859 - Bluetooth: Fix TOCTOU in HCI debugfs implementation * CVE-url: https://ubuntu.com/security/CVE-2024-26894 - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() * CVE-url: https://ubuntu.com/security/CVE-2024-27436 - ALSA: usb-audio: Stop parsing channels bits when all channels are found. * CVE-url: https://ubuntu.com/security/CVE-2024-35915 - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet * CVE-url: https://ubuntu.com/security/CVE-2024-26973 - fat: fix uninitialized field in nostale filehandles * CVE-url: https://ubuntu.com/security/CVE-2024-26923 - af_unix: Fix garbage collector racing against connect() * CVE-url: https://ubuntu.com/security/CVE-2024-26643 - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout * CVE-url: https://ubuntu.com/security/CVE-2024-26886 - Bluetooth: af_bluetooth: Fix deadlock Important TuxCare License Agreement CVE-2023-52644 CVE-2023-52880 CVE-2023-52650 CVE-2024-26857 CVE-2024-26976 CVE-2024-27000 CVE-2024-26994 CVE-2022-48627 CVE-2023-52620 CVE-2024-35789 CVE-2024-36004 CVE-2024-35828 CVE-2024-26880 CVE-2024-26981 CVE-2024-27078 CVE-2024-27396 CVE-2024-26651 CVE-2024-35821 CVE-2024-35819 CVE-2024-27419 CVE-2024-35925 CVE-2024-35933 CVE-2024-27073 CVE-2024-35830 CVE-2024-27028 CVE-2024-26931 CVE-2024-35973 CVE-2024-26965 CVE-2024-26957 CVE-2024-35825 CVE-2023-52699 CVE-2024-35806 CVE-2024-27388 CVE-2024-35886 CVE-2024-26687 CVE-2024-26984 CVE-2024-35969 CVE-2024-35809 CVE-2024-27004 CVE-2024-26852 CVE-2024-27024 CVE-2024-35815 CVE-2024-26875 CVE-2024-27008 CVE-2024-35935 CVE-2024-26810 CVE-2024-35823 CVE-2024-35805 CVE-2024-27075 CVE-2024-27043 CVE-2024-26956 CVE-2024-27437 CVE-2024-26878 CVE-2024-25739 CVE-2024-39493 CVE-2024-38587 CVE-2024-38381 CVE-2024-35902 CVE-2024-26863 CVE-2024-36020 CVE-2024-35849 CVE-2024-26851 CVE-2024-26999 CVE-2024-27001 CVE-2024-35893 CVE-2024-35910 CVE-2024-35944 CVE-2024-35807 CVE-2024-26813 CVE-2024-26966 CVE-2024-26654 CVE-2024-35822 CVE-2024-35930 CVE-2024-35955 CVE-2024-27074 CVE-2024-35847 CVE-2024-35936 CVE-2024-26874 CVE-2024-35922 CVE-2024-26816 CVE-2024-26955 Ubuntu 18.04 LTS * SECURITY UPDATE: stack buffer overflow in ada_decode - debian/patches/CVE-2023-39128.patch: Fix stack buffer overflow - CVE-2023-39128 * SECURITY UPDATE: stack buffer overflow - debian/patches/CVE-2023-39129.patch: Verify COFF symbol stringtab offset and fix problem with 32bit architecture build - CVE-2023-39129 * SECURITY UPDATE: heap buffer overflow - debian/patches/CVE-2023-39130.patch: bfd IO functions give warnings - CVE-2023-39130 Moderate TuxCare License Agreement CVE-2023-39129 CVE-2023-39130 CVE-2023-39128 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-25744 - x86/sev: Rename mem_encrypt.c to mem_encrypt_amd.c - x86: Introduce ia32_enabled() - x86/coco: Disable 32-bit emulation by default on TDX and SEV * CVE-url: https://ubuntu.com/security/CVE-2024-36016 - tty: n_gsm: fix frame reception handling - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() * CVE-url: https://ubuntu.com/security/CVE-2023-52474 - IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order - IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests * CVE-url: https://ubuntu.com/security/CVE-2024-26907 - stddef: Introduce DECLARE_FLEX_ARRAY() helper - RDMA/mlx5: Fix fortify source warning while accessing Eth segment * CVE-url: https://ubuntu.com/security/CVE-2024-39495 - greybus: Fix use-after-free bug in gb_interface_release due to race condition. * CVE-url: https://ubuntu.com/security/CVE-2024-39494 - ima: Fix use-after-free on a dentry's dname.name * CVE-url: https://ubuntu.com/security/CVE-2024-40902 - jfs: xattr: fix buffer overflow for invalid xattr * CVE-url: https://ubuntu.com/security/CVE-2022-48865 - tipc: fix kernel panic when enabling bearer * CVE-url: https://ubuntu.com/security/CVE-2022-48863 - mISDN: Fix memory leak in dsp_pipeline_build() * CVE-url: https://ubuntu.com/security/CVE-2024-35950 - drm/client: Fully protect modes[] with dev->mode_config.mutex Important TuxCare License Agreement CVE-2024-26907 CVE-2023-52474 CVE-2024-39495 CVE-2022-48865 CVE-2024-25744 CVE-2024-35950 CVE-2022-48863 CVE-2024-36016 CVE-2024-39494 CVE-2024-40902 Ubuntu 18.04 LTS * SECURITY UPDATE: Regular Expression Denial of Service - debian/patches/CVE-2021-3733.patch: Fix ReDoS vulnerability in AbstractBasicAuthHandler class of Lib/urllib2.py - CVE-2021-3733 Moderate TuxCare License Agreement CVE-2021-3733 Ubuntu 18.04 LTS * SECURITY UPDATE: Insecure behavior with semicolons in URI userinfo - debian/patches/CVE-2024-38428.patch: Properly re-implement userinfo parsing (rfc2396) to fix outdated RFC implementation - CVE-2024-38428 Critical TuxCare License Agreement CVE-2024-38428 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-42236 - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() * CVE-url: https://ubuntu.com/security/CVE-2024-41095 - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes * CVE-url: https://ubuntu.com/security/CVE-2024-41098 - ata: libata-core: Fix null pointer dereference on error * CVE-url: https://ubuntu.com/security/CVE-2024-42244 - USB: serial: mos7840: fix crash on resume * CVE-url: https://ubuntu.com/security/CVE-2024-41089 - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes * CVE-url: https://ubuntu.com/security/CVE-2024-42232 - libceph: fix race between delayed_work() and ceph_monc_stop() * CVE-url: https://ubuntu.com/security/CVE-2024-42153 - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr * CVE-url: https://ubuntu.com/security/CVE-2022-48791 - scsi: pm80xx: Fix TMF task completion race condition - scsi: pm8001: Fix use-after-free for aborted TMF sas_task * CVE-url: https://ubuntu.com/security/CVE-2022-48788 - nvme-rdma: fix possible use-after-free in transport error_recovery work * CVE-url: https://ubuntu.com/security/CVE-2022-48792 - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task * CVE-url: https://ubuntu.com/security/CVE-2022-48790 - nvme: fix a possible use-after-free in controller reset during load * CVE-url: https://ubuntu.com/security/CVE-2024-42154 - tcp_metrics: validate source addr length * CVE-url: https://ubuntu.com/security/CVE-2024-38596 - af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg * CVE-url: https://ubuntu.com/security/CVE-2024-36270 - netfilter: tproxy: bail out if IP has been disabled on the device * CVE-url: https://ubuntu.com/security/CVE-2024-38780 - dma-buf/sw-sync: don't enable IRQ from sync_print_obj() * CVE-url: https://ubuntu.com/security/CVE-2024-36886 - tipc: fix UAF in error path * CVE-url: https://ubuntu.com/security/CVE-2024-42068 - bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() * CVE-url: https://ubuntu.com/security/CVE-2024-42156 - s390/pkey: Wipe copies of clear-key structures on failure * CVE-url: https://ubuntu.com/security/CVE-2024-42079 - gfs2: Fix NULL pointer dereference in gfs2_log_flush * CVE-url: https://ubuntu.com/security/CVE-2024-42223 - media: dvb-frontends: tda10048: Fix integer overflow * CVE-url: https://ubuntu.com/security/CVE-2024-42157 - s390/pkey: Wipe sensitive data on failure * CVE-url: https://ubuntu.com/security/CVE-2024-42160 - f2fs: indicate shutdown f2fs to allow unmount successfully - f2fs: support fault_type mount option - f2fs: check validation of fault attrs in f2fs_build_fault_attr() * CVE-url: https://ubuntu.com/security/CVE-2024-42224 - net: dsa: mv88e6xxx: Correct check for empty list * CVE-url: https://ubuntu.com/security/CVE-2024-38570 - gfs2: Rename sd_{ glock => kill }_wait - gfs2: Fix potential glock use-after-free on unmount * CVE-url: https://ubuntu.com/security/CVE-2024-38583 - nilfs2: fix use-after-free of timer for log writer thread - nilfs2: fix unexpected freezing of nilfs_segctor_sync() - nilfs2: fix potential hang in nilfs_detach_log_writer() * CVE-url: https://ubuntu.com/security/CVE-2024-42070 - netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers * CVE-url: https://ubuntu.com/security/CVE-2024-42077 - ocfs2: fix DIO failure due to insufficient transaction credits * CVE-url: https://ubuntu.com/security/CVE-2024-42226 - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB * CVE-url: https://ubuntu.com/security/CVE-2024-42228 - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Critical TuxCare License Agreement CVE-2024-42077 CVE-2024-42228 CVE-2024-42068 CVE-2024-42226 CVE-2024-42160 CVE-2024-42156 CVE-2024-38596 CVE-2024-36886 CVE-2024-38780 CVE-2024-42244 CVE-2024-42232 CVE-2024-42153 CVE-2022-48792 CVE-2022-48791 CVE-2022-48790 CVE-2022-48788 CVE-2024-41098 CVE-2024-41095 CVE-2024-42236 CVE-2024-41089 CVE-2024-42154 CVE-2024-36270 CVE-2024-42223 CVE-2024-42224 CVE-2024-42157 CVE-2024-38570 CVE-2024-38583 CVE-2024-42070 CVE-2024-42079 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-39467 - f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() * CVE-url: https://ubuntu.com/security/CVE-2024-36940 - pinctrl: core: delete incorrect free in pinctrl_enable() * CVE-url: https://ubuntu.com/security/CVE-2024-38659 - enic: Validate length of nl attributes in enic_set_vf_port * CVE-url: https://ubuntu.com/security/CVE-2024-38560 - scsi: bfa: Ensure the copied buf is NUL terminated * CVE-url: https://ubuntu.com/security/CVE-2024-36941 - wifi: nl80211: don't free NULL coalescing rule * CVE-url: https://ubuntu.com/security/CVE-2024-27401 - firewire: nosy: ensure user_length is taken into account when fetching packet contents * CVE-url: https://ubuntu.com/security/CVE-2024-39276 - ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() * CVE-url: https://ubuntu.com/security/CVE-2024-27398 - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout * CVE-url: https://ubuntu.com/security/CVE-2024-36964 - fs/9p: only translate RWX permissions for plain 9P2000 * CVE-url: https://ubuntu.com/security/CVE-2024-38601 - ring-buffer: Fix a race between readers and resize checks * CVE-url: https://ubuntu.com/security/CVE-2024-39475 - fbdev: savage: Handle err return when savagefb_check_var failed * CVE-url: https://ubuntu.com/security/CVE-2024-38578 - ecryptfs: Fix buffer size for tag 66 packet * CVE-url: https://ubuntu.com/security/CVE-2024-36950 - firewire: ohci: mask bus reset interrupts between ISR and bottom half * CVE-url: https://ubuntu.com/security/CVE-2024-38589 - netrom: fix possible dead-lock in nr_rt_ioctl() * CVE-url: https://ubuntu.com/security/CVE-2024-38627 - stm class: Fix a double free in stm_register_device() * CVE-url: https://ubuntu.com/security/CVE-2024-38612 - ipv6: sr: fix invalid unregister error path * CVE-url: https://ubuntu.com/security/CVE-2024-36905 - tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets * CVE-url: https://ubuntu.com/security/CVE-2024-38559 - scsi: qedf: Ensure the copied buf is NUL terminated * CVE-url: https://ubuntu.com/security/CVE-2024-33621 - ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound * CVE-url: https://ubuntu.com/security/CVE-2024-38637 - greybus: lights: check return of get_channel_from_mode * CVE-url: https://ubuntu.com/security/CVE-2024-38567 - wifi: carl9170: add a proper sanity check for endpoints * CVE-url: https://ubuntu.com/security/CVE-2024-39301 - net/9p: fix uninit-value in p9_client_rpc() * CVE-url: https://ubuntu.com/security/CVE-2024-36919 - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload * CVE-url: https://ubuntu.com/security/CVE-2022-48772 - media: lgdt3306a: Add a check against null-pointer-def * CVE-url: https://ubuntu.com/security/CVE-2024-36017 - rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation * CVE-url: https://ubuntu.com/security/CVE-2024-36934 - bna: ensure the copied buf is NUL terminated * CVE-url: https://ubuntu.com/security/CVE-2024-38558 - net: openvswitch: fix overwriting ct original tuple for ICMPv6 * CVE-url: https://ubuntu.com/security/CVE-2024-38565 - USB: core: Add routines for endpoint checks in old drivers - wifi: ar5523: enable proper endpoint verification * CVE-url: https://ubuntu.com/security/CVE-2024-38600 - ALSA: control: Add verification for kctl accesses - ALSA: control: Track in-flight control read/write/tlv accesses - ALSA: Fix deadlocks with kctl removals at disconnection * CVE-url: https://ubuntu.com/security/CVE-2024-31076 - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline * CVE-url: https://ubuntu.com/security/CVE-2024-36015 - ida: Add new API - ppdev: Remove usage of the deprecated ida_simple_xx() API - ppdev: Add an error check in register_device * CVE-url: https://ubuntu.com/security/CVE-2024-38621 - media: stk1160: fix bounds checking in stk1160_copy_video() * CVE-url: https://ubuntu.com/security/CVE-2024-38549 - drm/mediatek: Add 0 size check to mtk_drm_gem_obj * CVE-url: https://ubuntu.com/security/CVE-2024-35947 - dyndbg: fix old BUG_ON in >control parser * CVE-url: https://ubuntu.com/security/CVE-2024-37353 - virtio: delete vq in vp_find_vqs_msix() when request_irq() fails * CVE-url: https://ubuntu.com/security/CVE-2024-27399 - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout * CVE-url: https://ubuntu.com/security/CVE-2024-38618 - ALSA: timer: Simplify timer hw resolution calls - ALSA: timer: Set lower bound of start tick time * CVE-url: https://ubuntu.com/security/CVE-2024-38579 - crypto: bcm - Fix pointer arithmetic * CVE-url: https://ubuntu.com/security/CVE-2024-36286 - netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() * CVE-url: https://ubuntu.com/security/CVE-2024-39488 - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY * CVE-url: https://ubuntu.com/security/CVE-2024-38607 - macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" * CVE-url: https://ubuntu.com/security/CVE-2024-37356 - params: lift param_set_uint_minmax to common code - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). * CVE-url: https://ubuntu.com/security/CVE-2024-38613 - m68k: Fix spinlock race in kernel thread creation * CVE-url: https://ubuntu.com/security/CVE-2024-36954 - tipc: fix a possible memleak in tipc_buf_append * CVE-url: https://ubuntu.com/security/CVE-2024-38661 - s390/ap: Fix crash in AP internal function modify_bitmap() * CVE-url: https://ubuntu.com/security/CVE-2024-38599 - jffs2: prevent xattr node from overflowing the eraseblock * CVE-url: https://ubuntu.com/security/CVE-2024-38633 - serial: core: Provide port lock wrappers - serial: max3100: Update uart_driver_registered on driver removal * CVE-url: https://ubuntu.com/security/CVE-2024-39292 - um: Add winch to winch_handlers before registering winch IRQ * CVE-url: https://ubuntu.com/security/CVE-2024-36939 - NFS: Cleanup - add nfs_clients_exit to mirror nfs_clients_init - nfs: expose /proc/net/sunrpc/nfs in net namespaces - sunrpc: add a struct rpc_stats arg to rpc_create_args - nfs: make the rpc_stat per net namespace - nfs: Handle error of rpc_proc_register() in nfs_net_init(). * CVE-url: https://ubuntu.com/security/CVE-2024-38634 - serial: max3100: Lock port->lock when calling uart_handle_cts_change() * CVE-url: https://ubuntu.com/security/CVE-2024-36933 - nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). * CVE-url: https://ubuntu.com/security/CVE-2024-36883 - net: fix out-of-bounds access in ops_init * CVE-url: https://ubuntu.com/security/CVE-2024-39480 - kdb: Fix buffer overflow during tab-complete * CVE-url: https://ubuntu.com/security/CVE-2024-36960 - drm/vmwgfx: Fix invalid reads in fence signaled events * CVE-url: https://ubuntu.com/security/CVE-2024-36946 - phonet: fix rtm_phonet_notify() skb allocation Important TuxCare License Agreement CVE-2024-38659 CVE-2024-39475 CVE-2024-36883 CVE-2024-38567 CVE-2024-39301 CVE-2024-38634 CVE-2024-39292 CVE-2022-48772 CVE-2024-38600 CVE-2024-31076 CVE-2024-38565 CVE-2024-36934 CVE-2024-36017 CVE-2024-36960 CVE-2024-38599 CVE-2024-36939 CVE-2024-36919 CVE-2024-39488 CVE-2024-33621 CVE-2024-38578 CVE-2024-27401 CVE-2024-27398 CVE-2024-38601 CVE-2024-38612 CVE-2024-38637 CVE-2024-36933 CVE-2024-38607 CVE-2024-35947 CVE-2024-38560 CVE-2024-36941 CVE-2024-36964 CVE-2024-36940 CVE-2024-36950 CVE-2024-38589 CVE-2024-38627 CVE-2024-36905 CVE-2024-38559 CVE-2024-39467 CVE-2024-38633 CVE-2024-36954 CVE-2024-38579 CVE-2024-39480 CVE-2024-37356 CVE-2024-37353 CVE-2024-27399 CVE-2024-36946 CVE-2024-38558 CVE-2024-36015 CVE-2024-38549 CVE-2024-38661 CVE-2024-38618 CVE-2024-38613 CVE-2024-36286 CVE-2024-38621 CVE-2024-39276 Ubuntu 18.04 LTS * SECURITY UPDATE: Prevent Quoted-Overlap Zip-Bombs - debian/patches/CVE-2024-0450.patch: Protect zipfile from quoted-overlap zipbomb by raising BadZipFile when trying to read an entry that overlaps with other entry or central directory - CVE-2024-0450 Moderate TuxCare License Agreement CVE-2024-0450 Ubuntu 18.04 LTS * SECURITY UPDATE: Degraded performance issue in resolver caches and authoritative zone databases - debian/patches/CVE-2024-1737-1.patch: Mark certain RRTypes as priority, limit the number of RRs in RRSets and RR types for single name - debian/patches/CVE-2024-1737-2.patch: Smarter approach that considers priority types when enforcing limits - CVE-2024-1737 Important TuxCare License Agreement CVE-2024-1737 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-39487 - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() * CVE-url: https://ubuntu.com/security/CVE-2023-52760 - gfs2: Fix slab-use-after-free in gfs2_qd_dealloc * CVE-url: https://ubuntu.com/security/CVE-2024-39484 - mmc: davinci: Don't strip remove function when driver is builtin * CVE-url: https://ubuntu.com/security/CVE-2024-35835 - net/mlx5: Use kfree(ft->g) in arfs_create_groups() - net/mlx5e: fix a double-free in arfs_create_groups * Miscellaneous upstream changes - fixup! blk-mq: fix IO hang from sbitmap wakeup race - Revert "block: add check that partition length needs to be aligned with block size" Important TuxCare License Agreement CVE-2024-39487 CVE-2024-35835 CVE-2023-52760 CVE-2024-39484 Ubuntu 18.04 LTS * SECURITY UPDATE: http server use exploitable/malicious backend application - debian/patches/CVE-2024-38476.patch: prevent server usage of exploitable/malicious backend application output to run local handlers via internal redirect - CVE-2024-38476 * SECURITY UPDATE: modules regression introduced by CVE-2024-38476 fix - debian/patches/CVE-2024-39884.patch: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-38476 fix - CVE-2024-39884 * SECURITY UPDATE: modules regression introduced by CVE-2024-39884 fix - debian/patches/CVE-2024-40725.patch: source code disclosure with handlers configured via AddType. Resolving regression introduced by CVE-2024-39884 fix - CVE-2024-40725 * SECURITY UPDATE: attacker allowed to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI - debian/patches/CVE-2024-38474-38475.patch: server weakness with encoded question marks in backreferences - CVE-2024-38474 - debian/patches/CVE-2024-38474-38475.patch: server weakness in mod_rewrite when first segment of substitution matches filesystem path - CVE-2024-38475 Critical TuxCare License Agreement CVE-2024-38476 CVE-2024-38475 CVE-2024-38474 CVE-2024-40725 CVE-2024-39884 Ubuntu 18.04 LTS * SECURITY UPDATE: null pointer dereference in mod_proxy - debian/patches/CVE-2024-38477.patch: prevent crash resulting in Denial of Service in mod_proxy via a malicious request - CVE-2024-38477 Important TuxCare License Agreement CVE-2024-38477 Ubuntu 18.04 LTS * SECURITY UPDATE: Memory Corruption via Out-of-bounds Write in ESI variable assignment - debian/patches/CVE-2024-37894.patch: fix incorrect type declaration in TrieNode.cc to prevent potential type conversion issues - CVE-2024-37894 Moderate TuxCare License Agreement CVE-2024-37894 Ubuntu 18.04 LTS * SECURITY UPDATE: time of check to time of use vulnerability - debian/patches/CVE-2022-23181.patch: make calculation of session storage location more robust - CVE-2022-23181 Important TuxCare License Agreement CVE-2022-23181 Ubuntu 18.04 LTS * SECURITY UPDATE: CPU resource exhaustion with SIG(0) - debian/patches/CVE-2024-1975.patch: Remove support for SIG(0) verification - debian/patches/CVE-2024-1975-tests.patch: Adapt tests to SIG(0) removal - CVE-2024-1975 Important TuxCare License Agreement CVE-2024-1975 Ubuntu 18.04 LTS * SECURITY UPDATE: integer overflow - debian/patches/CVE-2024-45491.patch: prevent integer overflow in dtdCopy - CVE-2024-45491 * SECURITY UPDATE: integer overflow - debian/patches/CVE-2024-45492.patch: prevent integer overflow in nextScaffoldPart - CVE-2024-45492 Critical TuxCare License Agreement CVE-2024-45492 CVE-2024-45491 CVE-2024-45490 Ubuntu 18.04 LTS * SECURITY UPDATE: Heap Buffer Overflow in ASN.1 Parser - debian/patches/CVE-2024-7264.patch: Clean up GTime2str function to handle optional fractional seconds properly. Fix GTime2str() issues and add unit tests to verify correct behaviour - CVE-2024-7264 Moderate TuxCare License Agreement CVE-2024-7264 Ubuntu 18.04 LTS * Backport upstream's fixes from OpenJDK 11.0.23 release. - CVE-2024-21011: possible crash on long exception message in Hotspot. - CVE-2024-21012: incorrect performing a reverse DNS query in ConnectionPool class. - CVE-2024-21068: incorrect applying an unsigned integer left shift in Hotspot. - CVE-2024-21085: incorrect memory size validation by the NativeUnpack class. - CVE-2024-21094: possible C2 compilation error due to incorrect size validation and out of bounds array access in Hotspot. Low TuxCare License Agreement CVE-2024-21094 CVE-2024-21068 CVE-2024-21012 CVE-2024-21085 CVE-2024-21011 Ubuntu 18.04 LTS * Backport upstream's fixes from OpenJDK 8u412 release. - CVE-2024-21011: possible crash on long exception message in Hotspot. - CVE-2024-21068: incorrect applying an unsigned integer left shift in Hotspot. - CVE-2024-21085: incorrect memory size validation by the NativeUnpack class. - CVE-2024-21094: possible C2 compilation error due to incorrect size validation and out of bounds array access in Hotspot. Low TuxCare License Agreement CVE-2024-21094 CVE-2024-21085 CVE-2024-21068 CVE-2024-21011 Ubuntu 18.04 LTS * SECURITY UPDATE: fix GSS vulnerabilities - debian/patches/CVE-2021-37370.patch: prevent modification of Extra Count field in GSS krb5 wrap CFX wrap token to avoid appearing truncated to application header - debian/patches/CVE-2021-37371.patch: fix invalid memory reads during GSS message token handling - CVE-2024-37370 - CVE-2024-37371 Critical TuxCare License Agreement CVE-2024-37370 CVE-2024-37371 Ubuntu 18.04 LTS * SECURITY UPDATE: TOCTOU race condition in pg_dump - debian/patches/CVE-2024-7348.patch: Fix TOCTOU race condition in pg_dump. - CVE-2024-7348 Important TuxCare License Agreement CVE-2024-7348 Ubuntu 18.04 LTS * SECURITY UPDATE: Hardlink creation to arbitrary user-readable files - debian/patches/CVE-2024-32002.patch: submodule paths must not contain symlinks - CVE-2024-32002 Critical TuxCare License Agreement CVE-2024-32002 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-26752 - l2tp: pass correct message length to ip6_append_data * CVE-url: https://ubuntu.com/security/CVE-2021-47188 - scsi: ufs: core: Improve SCSI abort handling * CVE-url: https://ubuntu.com/security/CVE-2024-26677 - rxrpc: Fix delayed ACKs to not set the reference serial number * CVE-url: https://ubuntu.com/security/CVE-2023-52527 - ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() * CVE-url: https://ubuntu.com/security/CVE-2024-43882 - exec: Fix ToCToU between perm check and set-uid/gid usage * CVE-url: https://ubuntu.com/security/CVE-2022-48943 - KVM: x86/mmu: make apf token non-zero to fix bug * CVE-url: https://ubuntu.com/security/CVE-2024-38630 - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger * CVE-url: https://ubuntu.com/security/CVE-2024-44987 - ipv6: prevent UAF in ip6_send_skb() * CVE-url: https://ubuntu.com/security/CVE-2024-42285 - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs * CVE-url: https://ubuntu.com/security/CVE-2022-48733 - btrfs: fix use-after-free after failure to create a snapshot * CVE-url: https://ubuntu.com/security/CVE-2024-44940 - fou: remove warn in gue_gro_receive on unsupported protocol * CVE-url: https://ubuntu.com/security/CVE-2024-41059 - hfsplus: fix uninit-value in copy_name * CVE-url: https://ubuntu.com/security/CVE-2024-46673 - scsi: aacraid: Fix double-free on probe failure * CVE-url: https://ubuntu.com/security/CVE-2024-42313 - media: venus: fix use after free in vdec_close * CVE-url: https://ubuntu.com/security/CVE-2024-44999 - gtp: pull network headers in gtp_dev_xmit() * CVE-url: https://ubuntu.com/security/CVE-2024-42271 - net/iucv: fix use after free in iucv_sock_close() * CVE-url: https://ubuntu.com/security/CVE-2024-44942 - f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC * CVE-url: https://ubuntu.com/security/CVE-2024-43858 - jfs: Fix array-index-out-of-bounds in diFree * CVE-url: https://ubuntu.com/security/CVE-2024-41071 - wifi: mac80211: Avoid address calculations via out of bounds array indexing * CVE-url: https://ubuntu.com/security/CVE-2024-42301 - dev/parport: fix the array out-of-bounds risk * CVE-url: https://ubuntu.com/security/CVE-2024-46674 - usb: dwc3: st: fix probed platform device ref count on probe error path * CVE-url: https://ubuntu.com/security/CVE-2024-43900 - media: xc2028: avoid use-after-free in load_firmware_cb() * CVE-url: https://ubuntu.com/security/CVE-2024-42284 - tipc: Return non-zero value from tipc_udp_addr2str() on error * CVE-url: https://ubuntu.com/security/CVE-2024-44998 - atm: idt77252: prevent use after free in dequeue_rx() * CVE-url: https://ubuntu.com/security/CVE-2024-42280 - mISDN: Fix a use after free in hfcmulti_tx() * CVE-url: https://ubuntu.com/security/CVE-2024-39503 - netns: add pre_exit method to struct pernet_operations - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type * CVE-url: https://ubuntu.com/security/CVE-2024-39499 - vmci: prevent speculation leaks by sanitizing event in event_deliver() * CVE-url: https://ubuntu.com/security/CVE-2024-40988 - drm/radeon: fix UBSAN warning in kv_dpm.c * CVE-url: https://ubuntu.com/security/CVE-2024-40916 - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found * CVE-url: https://ubuntu.com/security/CVE-2024-40904 - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages * CVE-url: https://ubuntu.com/security/CVE-2024-39506 - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet * CVE-url: https://ubuntu.com/security/CVE-2024-42106 - inet_diag: Initialize pad field in struct inet_diag_req_v2 * CVE-url: https://ubuntu.com/security/CVE-2024-42145 - IB/core: Implement a limit on UMAD receive List * CVE-url: https://ubuntu.com/security/CVE-2024-40945 - iommu: Return right value in iommu_sva_bind_device() * CVE-url: https://ubuntu.com/security/CVE-2024-40932 - drm/exynos/vidi: fix memory leak in .get_modes() * CVE-url: https://ubuntu.com/security/CVE-2024-41006 - netrom: Fix a memory leak in nr_heartbeat_expiry() * CVE-url: https://ubuntu.com/security/CVE-2024-40943 - ocfs2: fix races between hole punching and AIO+DIO * CVE-url: https://ubuntu.com/security/CVE-2024-36894 - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete * CVE-url: https://ubuntu.com/security/CVE-2024-42124 - scsi: qedf: Make qedf_execute_tmf() non-preemptible * CVE-url: https://ubuntu.com/security/CVE-2024-42115 - jffs2: Fix potential illegal address access in jffs2_free_inode * CVE-url: https://ubuntu.com/security/CVE-2024-41035 - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor * CVE-url: https://ubuntu.com/security/CVE-2024-41097 - usb: atm: cxacru: fix endpoint checking in cxacru_bind() * CVE-url: https://ubuntu.com/security/CVE-2024-42119 - drm/amd/display: Skip finding free audio for unknown engine_id * CVE-url: https://ubuntu.com/security/CVE-2024-39501 - drivers: core: synchronize really_probe() and dev_uevent() * CVE-url: https://ubuntu.com/security/CVE-2024-42105 - nilfs2: fix inode number range checks * CVE-url: https://ubuntu.com/security/CVE-2024-40984 - ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." * CVE-url: https://ubuntu.com/security/CVE-2024-40987 - drm/amdgpu: fix UBSAN warning in kv_dpm.c * CVE-url: https://ubuntu.com/security/CVE-2024-42097 - ALSA: emux: improve patch ioctl data validation * CVE-url: https://ubuntu.com/security/CVE-2024-42090 - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER * CVE-url: https://ubuntu.com/security/CVE-2024-40942 - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects * CVE-url: https://ubuntu.com/security/CVE-2024-40981 - batman-adv: bypass empty buckets in batadv_purge_orig_ref() * CVE-url: https://ubuntu.com/security/CVE-2024-40959 - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() * CVE-url: https://ubuntu.com/security/CVE-2024-42089 - ASoC: fsl-asoc-card: set priv->pdev before using it * CVE-url: https://ubuntu.com/security/CVE-2024-40901 - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory * CVE-url: https://ubuntu.com/security/CVE-2024-42101 - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes * CVE-url: https://ubuntu.com/security/CVE-2024-40980 - drop_monitor: replace spin_lock by raw_spin_lock * CVE-url: https://ubuntu.com/security/CVE-2024-42084 - ftruncate: pass a signed offset * CVE-url: https://ubuntu.com/security/CVE-2024-39509 - HID: core: remove unnecessary WARN_ON() in implement() * CVE-url: https://ubuntu.com/security/CVE-2024-42096 - x86: stop playing stack games in profile_pc() * CVE-url: https://ubuntu.com/security/CVE-2024-38619 - usb-storage: alauda: Check whether the media is initialized * CVE-url: https://ubuntu.com/security/CVE-2024-42102 - Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" - mm: avoid overflows in dirty throttling logic * CVE-url: https://ubuntu.com/security/CVE-2024-41044 - ppp: reject claimed-as-LCP but actually malformed packets * CVE-url: https://ubuntu.com/security/CVE-2024-40978 - scsi: qedi: Fix crash while reading debugfs attribute * CVE-url: https://ubuntu.com/security/CVE-2024-40941 - wifi: iwlwifi: mvm: don't read past the mfuart notifcation * CVE-url: https://ubuntu.com/security/CVE-2024-40905 - ipv6: fix possible race in __fib6_drop_pcpu_from() * CVE-url: https://ubuntu.com/security/CVE-2023-52803 - SUNRPC: Fix RPC client cleaned up the freed pipefs dentries * CVE-url: https://ubuntu.com/security/CVE-2024-42104 - nilfs2: add missing check for inode numbers on directory entries * CVE-url: https://ubuntu.com/security/CVE-2024-42148 - bnx2x: Fix multiple UBSAN array-index-out-of-bounds * CVE-url: https://ubuntu.com/security/CVE-2024-42094 - net/iucv: Avoid explicit cpumask var allocation on stack * CVE-url: https://ubuntu.com/security/CVE-2024-41046 - net: ethernet: lantiq_etop: fix double free in detach * CVE-url: https://ubuntu.com/security/CVE-2024-38538 - net: bridge: xmit: make sure we have at least eth header len bytes * CVE-url: https://ubuntu.com/security/CVE-2024-26830 - i40e: Fix permission check for VF MAC filters - i40e: Fix MAC address setting for a VF via Host/VM - i40e: Do not allow untrusted VF to remove administratively set MAC * CVE-url: https://ubuntu.com/security/CVE-2023-52885 - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() * CVE-url: https://ubuntu.com/security/CVE-2023-52629 - sh: push-switch: Reorder cleanup operations to avoid use-after-free bug * Miscellaneous upstream changes - fixup! scsi: qla2xxx: Fix double free of fcport Important TuxCare License Agreement CVE-2023-52885 CVE-2024-26752 CVE-2024-38538 CVE-2023-52803 CVE-2024-40905 CVE-2024-40941 CVE-2024-42096 CVE-2024-40980 CVE-2024-40981 CVE-2024-40959 CVE-2024-41035 CVE-2024-42115 CVE-2024-42124 CVE-2024-40916 CVE-2024-42097 CVE-2024-42148 CVE-2024-42145 CVE-2024-40945 CVE-2024-41097 CVE-2024-42119 CVE-2024-42089 CVE-2024-40901 CVE-2024-41044 CVE-2024-40978 CVE-2024-43900 CVE-2024-43882 CVE-2024-42271 CVE-2024-44987 CVE-2022-48733 CVE-2022-48943 CVE-2023-52527 CVE-2024-44940 CVE-2024-41059 CVE-2024-42313 CVE-2024-44999 CVE-2024-44942 CVE-2024-42284 CVE-2024-44998 CVE-2024-42104 CVE-2024-39506 CVE-2024-42106 CVE-2024-40932 CVE-2024-41006 CVE-2024-40943 CVE-2024-36894 CVE-2024-41046 CVE-2024-39503 CVE-2024-39501 CVE-2024-42105 CVE-2024-40984 CVE-2024-42090 CVE-2024-40942 CVE-2024-42101 CVE-2024-39509 CVE-2023-52629 CVE-2024-26830 CVE-2024-42285 CVE-2024-41071 CVE-2024-42301 CVE-2024-42094 CVE-2024-40988 CVE-2024-40904 CVE-2024-40987 CVE-2024-38619 CVE-2024-42084 CVE-2024-42102 CVE-2024-39499 CVE-2024-26677 CVE-2021-47188 CVE-2024-38630 CVE-2024-46673 CVE-2024-43858 CVE-2024-46674 CVE-2024-42280 Ubuntu 18.04 LTS * SECURITY UPDATE: Excessive CPU resources usage while parsing cookies with backslashes in value - debian/patches/CVE-2024-7592.patch: Fix quadratic complexity in parsing cookie values with backslashes - CVE-2024-7592 * SECURITY UPDATE: Regular expressions that allowed excessive backtracking during tarfile header parsing - debian/patches/CVE-2024-6232.patch: Fix regexp handling in tarfile - CVE-2024-6232 * Replace PROTOCOL_TLSv1 with PROTOCOL_TLSv1_2 in Lib/test/test_ssl.py to fix the check phase on the build system Important TuxCare License Agreement CVE-2024-6232 CVE-2024-7592 Ubuntu 18.04 LTS * SECURITY UPDATE: Bypass of protections in untrusted repositories - debian/patches/CVE-2024-32465.patch: Disable lazy-fetching by default in upload-pack to prevent arbitrary command execution during clone/fetch - CVE-2024-32465 Important TuxCare License Agreement CVE-2024-32465 Ubuntu 18.04 LTS * New microcode update packages from AMD upstream up to 2024-08-11: - Update AMD CPU microcode for processor family 0x19: cpuid:0x00A00F10(ver:0x0A00107A), cpuid:0x00A10F12(ver:0x0A101248), cpuid:0x00AA0F02(ver:0x0AA00215), cpuid:0x00A00F12(ver:0x0A001238), cpuid:0x00A10F11(ver:0x0A101148), cpuid:0x00A00F11(ver:0x0A0011D5); - Update AMD CPU microcode for processor family 0x17: cpuid:0x00800F12(ver:0x0800126F), cpuid:0x00830F10(ver:0x0830107C); * SECURITY UPDATE: Fix improper validation in a model-specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. - CVE-2023-31315 Important TuxCare License Agreement CVE-2023-31315 Ubuntu 18.04 LTS * SECURITY UPDATE: Memory exhaustion due to excessive HTTP/2 incoming headers buffering - debian/patches/CVE-2024-27316.patch: Fix to bail after too many failed reads, increment count on request headers failed to add - CVE-2024-27316 * SECURITY UPDATE: Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses - debian/patches/CVE-2023-38709.patch: header validation after content-* are eval'ed - CVE-2023-38709 * SECURITY UPDATE: HTTP response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack - debian/patches/CVE-2024-24795.patch: let httpd handle CL/TE for non-http handlers - CVE-2024-24795 Important TuxCare License Agreement CVE-2023-38709 CVE-2024-24795 CVE-2024-27316 Ubuntu 18.04 LTS * New microcode update packages from upstream up to 2024-08-13: - Updated microcodes: sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936 sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720 sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224 sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032 sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800 sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688 sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640 sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328 sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448 sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496 sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496 sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472 sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496 sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496 sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480 sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472 sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496 sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496 sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496 sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280 sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304 sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280 sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280 sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280 sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544 sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216 * SECURITY UPDATE: - CVE-2024-24980, INTEL-SA-01100 - CVE-2024-25939, INTEL-SA-01118 - CVE-2023-42667, INTEL-SA-01038 - CVE-2023-49141, INTEL-SA-01046 - CVE-2024-24853, INTEL-SA-01083 Low TuxCare License Agreement CVE-2023-42667 CVE-2023-49141 CVE-2024-24853 CVE-2024-24980 CVE-2024-25939 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-46802 - drm/amd/display: added NULL check at start of dc_validate_stream * CVE-url: https://ubuntu.com/security/CVE-2024-46818 - drm/amd/display: fix sporadic multiple aux transaction failure - drm/amd/display: Check gpio_id before used as array index * CVE-url: https://ubuntu.com/security/CVE-2024-46744 - Squashfs: sanity check symbolic link size * CVE-url: https://ubuntu.com/security/CVE-2024-46854 - net: dpaa: Pad packets to ETH_ZLEN * CVE-url: https://ubuntu.com/security/CVE-2024-46813 - drm/amd/display: Check link_index before accessing dc->links[] * CVE-url: https://ubuntu.com/security/CVE-2024-46731 - drm/amd/pm: fix the Out-of-bounds read warning * CVE-url: https://ubuntu.com/security/CVE-2024-46759 - hwmon: (adc128d818) Fix underflows seen when writing limit attributes * CVE-url: https://ubuntu.com/security/CVE-2024-38588 - ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() - ftrace: Fix possible use-after-free issue in ftrace_location() * CVE-url: https://ubuntu.com/security/CVE-2024-46743 - of/irq: Prevent device address out-of-bounds read in interrupt map walk * CVE-url: https://ubuntu.com/security/CVE-2024-46738 - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() * CVE-url: https://ubuntu.com/security/CVE-2024-46800 - sch/netem: fix use after free in netem_dequeue * CVE-url: https://ubuntu.com/security/CVE-2024-46757 - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes * CVE-url: https://ubuntu.com/security/CVE-2024-46758 - hwmon: (lm95234) Fix underflows seen when writing limit attributes * CVE-url: https://ubuntu.com/security/CVE-2024-46782 - ila: call nf_unregister_net_hooks() sooner * CVE-url: https://ubuntu.com/security/CVE-2024-46756 - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes * CVE-url: https://ubuntu.com/security/CVE-2024-40912 - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() * CVE-url: https://ubuntu.com/security/CVE-2024-46723 - drm/amdgpu: fix ucode out-of-bounds read warning * CVE-url: https://ubuntu.com/security/CVE-2024-46722 - drm/amdgpu: fix mc_data out-of-bounds read warning Important TuxCare License Agreement CVE-2024-46744 CVE-2024-46756 CVE-2024-46759 CVE-2024-46800 CVE-2024-46723 CVE-2024-46722 CVE-2024-40912 CVE-2024-46757 CVE-2024-46731 CVE-2024-46782 CVE-2024-46758 CVE-2024-38588 CVE-2024-46813 CVE-2024-46818 CVE-2024-46854 CVE-2024-46743 CVE-2024-46738 CVE-2024-46802 Ubuntu 18.04 LTS * New microcode update packages from upstream up to 2024-09-10: - Updated microcodes: sig 0x00090672, pf_mask 0x07, 2024-02-22, rev 0x0036, size 224256 sig 0x00090675, pf_mask 0x07, 2024-02-22, rev 0x0036, size 224256 sig 0x000906a3, pf_mask 0x80, 2024-02-22, rev 0x0434, size 222208 sig 0x000906a4, pf_mask 0x80, 2024-02-22, rev 0x0434, size 222208 sig 0x000a06a4, pf_mask 0xe6, 2024-06-17, rev 0x001f, size 137216 sig 0x000b0671, pf_mask 0x32, 2024-07-18, rev 0x0129, size 215040 sig 0x000b06a2, pf_mask 0xe0, 2024-02-22, rev 0x4122, size 220160 sig 0x000b06a3, pf_mask 0xe0, 2024-02-22, rev 0x4122, size 220160 sig 0x000b06a8, pf_mask 0xe0, 2024-02-22, rev 0x4122, size 220160 sig 0x000b06e0, pf_mask 0x19, 2024-03-25, rev 0x001a, size 138240 sig 0x000b06f2, pf_mask 0x07, 2024-02-22, rev 0x0036, size 224256 sig 0x000b06f5, pf_mask 0x07, 2024-02-22, rev 0x0036, size 224256 * SECURITY UPDATE: - CVE-2024-24968, INTEL-SA-01097 - CVE-2024-23984, INTEL-SA-01103 Moderate TuxCare License Agreement CVE-2024-24968 CVE-2024-23984 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-38632 - vfio/pci: fix potential memory leak in vfio_intx_enable() * CVE-url: https://ubuntu.com/security/CVE-2024-46840 - btrfs: clean up our handling of refs == 0 in snapshot delete * CVE-url: https://ubuntu.com/security/CVE-2024-44954 - ALSA: line6: Fix racy access to midibuf * CVE-url: https://ubuntu.com/security/CVE-2024-45003 - vfs: Don't evict inode under the inode lru traversing context * CVE-url: https://ubuntu.com/security/CVE-2024-46841 - btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() * CVE-url: https://ubuntu.com/security/CVE-2024-44950 - serial: sc16is7xx: fix invalid FIFO access with special register set * CVE-url: https://ubuntu.com/security/CVE-2024-26812 - vfio: Introduce interface to flush virqfd inject workqueue - vfio/pci: Create persistent INTx handler * CVE-url: https://ubuntu.com/security/CVE-2023-52510 - ieee802154: ca8210: Fix a potential UAF in ca8210_probe * CVE-url: https://ubuntu.com/security/CVE-2023-52528 - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg * CVE-url: https://ubuntu.com/security/CVE-2024-26960 - mm, swap: fix race between swapoff and some swap operations - mm: swap: fix race between free_swap_and_cache() and swapoff() * CVE-url: https://ubuntu.com/security/CVE-2024-27051 - cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value - cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations * CVE-url: https://ubuntu.com/security/CVE-2024-41073 - nvme: avoid double free special payload * CVE-url: https://ubuntu.com/security/CVE-2024-45016 - netem: fix return value if duplicate enqueue fails * CVE-url: https://ubuntu.com/security/CVE-2024-42229 - crypto: aead,cipher - zeroize key buffer after use * CVE-url: https://ubuntu.com/security/CVE-2024-38602 - ax25: Fix reference count leak issues of ax25_dev Important TuxCare License Agreement CVE-2024-45003 CVE-2024-46841 CVE-2024-46840 CVE-2024-41073 CVE-2024-38602 CVE-2024-45016 CVE-2024-38632 CVE-2024-27051 CVE-2023-52510 CVE-2024-26960 CVE-2023-52528 CVE-2024-44954 CVE-2024-44950 CVE-2024-42229 CVE-2024-26812 Ubuntu 18.04 LTS * SECURITY UPDATE: insecure configuration vulnerability - debian/patches/CVE-2024-8927.patch: fix bypass of cgi.force_redirect configuration - CVE-2024-8927 Important TuxCare License Agreement CVE-2024-8927 Ubuntu 18.04 LTS * SECURITY UPDATE: Incorrect parsing of email addresses containing special characters - debian/patches/CVE-2023-27043.patch: Fix email address parsing errors by adding optional 'strict' parameter to getaddresses() and parseaddr() functions - debian/patches/fix-urllib2-test.patch: Fix error in test_issue16464() by rewriting it with a local HTTP server instead of an external resource - CVE-2023-27043 Moderate TuxCare License Agreement CVE-2023-27043 Ubuntu 18.04 LTS * SECURITY UPDATE: Incorrect parsing of email addresses containing special characters - debian/patches/CVE-2023-27043.patch: Fix email address parsing errors by adding optional 'strict' parameter to getaddresses() and parseaddr() functions - CVE-2023-27043 Moderate TuxCare License Agreement CVE-2023-27043 Ubuntu 18.04 LTS * SECURITY UPDATE: prevent erroneous parsing - debian/patches/CVE-2024-8925.patch: limit boundary size to prevent erroneous parsing in multipart/form-data POST data - CVE-2024-8925 Moderate TuxCare License Agreement CVE-2024-8925 Ubuntu 18.04 LTS * SECURITY UPDATE: When performing a local clone of a repository we end up either copying or hardlinking the source repository into the target repository. - debian/patches/CVE-2024-32020.patch: builtin/clone: refuse local clones of unsafe repositories - CVE-2024-32020 Low TuxCare License Agreement CVE-2024-32020 Ubuntu 18.04 LTS * SECURITY UPDATE: mp4 module allows buffer underread and unordered chunks - debian/patches/CVE-2024-7347.patch: fix buffer underread while updating stsz atom and reject unordered chunks - CVE-2023-7347 Moderate TuxCare License Agreement CVE-2024-7347 Ubuntu 18.04 LTS * SECURITY UPDATE: Race condition when hardlinking file from the source repository into the destination file in the target repository. - debian/patches/CVE-2024-32021.patch: builtin/clone: abort when hardlinked source and target file differ - CVE-2024-32021 Low TuxCare License Agreement CVE-2024-32021 Ubuntu 18.04 LTS * SECURITY UPDATE: The DNS message parsing code in `named` includes a section whose computational complexity is overly high - debian/patches/CVE-2023-4408.patch: refactoring parsing code - debian/libdns1100.symbols: some function declarations were removed according to the CVE-2023-4408.patch - CVE-2023-4408 Important TuxCare License Agreement CVE-2023-4408 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-44946 - kcm: Serialise kcm_sendmsg() for the same socket. * CVE-url: https://ubuntu.com/security/CVE-2024-42292 - kobject_uevent: Fix OOB access within zap_modalias_env() * CVE-url: https://ubuntu.com/security/CVE-2024-41042 - netfilter: nf_tables: prefer nft_chain_validate * CVE-url: https://ubuntu.com/security/CVE-2024-42265 - protect the fetch of ->fd[fd] in do_dup2() from mispredictions * CVE-url: https://ubuntu.com/security/CVE-2024-50036 - net: do not delay dst_entries_add() in dst_release() * CVE-url: https://ubuntu.com/security/CVE-2024-47663 - staging: iio: frequency: ad9833: Load clock using clock framework - staging: iio: frequency: ad9834: Validate frequency parameter value * CVE-url: https://ubuntu.com/security/CVE-2024-47669 - nilfs2: fix state management in error path of log writing function * CVE-url: https://ubuntu.com/security/CVE-2023-52918 - media: pci: cx23885: check cx23885_vdev_init() return * CVE-url: https://ubuntu.com/security/CVE-2024-44960 - usb: gadget: core: Check for unset descriptor * CVE-url: https://ubuntu.com/security/CVE-2024-42297 - f2fs: fix to don't dirty inode for readonly filesystem * CVE-url: https://ubuntu.com/security/CVE-2024-46750 - PCI: Add missing bridge lock to pci_bus_lock() * CVE-url: https://ubuntu.com/security/CVE-2024-46676 - nfc: pn533: Add poll mod list filling check * CVE-url: https://ubuntu.com/security/CVE-2024-46761 - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv * CVE-url: https://ubuntu.com/security/CVE-2024-46755 - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() * CVE-url: https://ubuntu.com/security/CVE-2024-46679 - ethtool: check device is present when getting link settings * CVE-url: https://ubuntu.com/security/CVE-2024-46721 - apparmor: fix possible NULL pointer dereference * CVE-url: https://ubuntu.com/security/CVE-2024-46685 - pinctrl: single: fix potential NULL dereference in pcs_get_function() * CVE-url: https://ubuntu.com/security/CVE-2024-44947 - fuse: Initialize beyond-EOF page contents before setting uptodate * CVE-url: https://ubuntu.com/security/CVE-2024-46675 - usb: dwc3: core: Prevent USB core invalid event buffer address access * CVE-url: https://ubuntu.com/security/CVE-2024-43893 - serial: core: check uartclk for zero to avoid divide by zero * CVE-url: https://ubuntu.com/security/CVE-2024-45021 - memcg_write_event_control(): fix a user-triggerable oops * CVE-url: https://ubuntu.com/security/CVE-2024-46677 - gtp: fix a potential NULL pointer dereference * CVE-url: https://ubuntu.com/security/CVE-2024-43861 - net: usb: qmi_wwan: fix memory leak for not ip packets * CVE-url: https://ubuntu.com/security/CVE-2024-41063 - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() * CVE-url: https://ubuntu.com/security/CVE-2024-45006 - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration * CVE-url: https://ubuntu.com/security/CVE-2024-43853 - cgroup/cpuset: Prevent UAF in proc_cpuset_show() * CVE-url: https://ubuntu.com/security/CVE-2024-42310 - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes * CVE-url: https://ubuntu.com/security/CVE-2024-42311 - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() * CVE-url: https://ubuntu.com/security/CVE-2024-41012 - filelock: Remove locks reliably when fcntl/close race is detected * CVE-url: https://ubuntu.com/security/CVE-2024-45028 - mmc: mmc_test: Fix NULL dereference on allocation failure * CVE-url: https://ubuntu.com/security/CVE-2024-43860 - remoteproc: imx_rproc: Skip over memory region when node value is NULL * CVE-url: https://ubuntu.com/security/CVE-2024-43914 - md/raid5: avoid BUG_ON() while continue reshape after reassembling * CVE-url: https://ubuntu.com/security/CVE-2024-45025 - fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE * CVE-url: https://ubuntu.com/security/CVE-2024-43856 - dma: fix call order in dmam_free_coherent * CVE-url: https://ubuntu.com/security/CVE-2024-42289 - scsi: qla2xxx: During vport delete send async logout explicitly * CVE-url: https://ubuntu.com/security/CVE-2024-44995 - net: hns3: fix a deadlock problem when config TC during resetting * CVE-url: https://ubuntu.com/security/CVE-2024-43854 - block: initialize integrity buffer to zero before writing it to media * CVE-url: https://ubuntu.com/security/CVE-2024-43884 - Bluetooth: MGMT: Add error handling to pair_device() * CVE-url: https://ubuntu.com/security/CVE-2024-43871 - devres: Fix memory leakage caused by driver API devm_free_percpu() * CVE-url: https://ubuntu.com/security/CVE-2024-42309 - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes * CVE-url: https://ubuntu.com/security/CVE-2024-26668 - netfilter: nft_limit: reject configurations that cause integer overflow * CVE-url: https://ubuntu.com/security/CVE-2024-50044 - Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change * CVE-url: https://ubuntu.com/security/CVE-2024-49967 - ext4: no need to continue when the number of entries is 1 * CVE-url: https://ubuntu.com/security/CVE-2024-50033 - slip: make slhc_remember() more robust against malicious packets * CVE-url: https://ubuntu.com/security/CVE-2024-47670 - ocfs2: add bounds checking to ocfs2_xattr_find_entry() * CVE-url: https://ubuntu.com/security/CVE-2024-49950 - Bluetooth: L2CAP: Fix uaf in l2cap_connect * CVE-url: https://ubuntu.com/security/CVE-2024-49883 - ext4: aovid use-after-free in ext4_ext_insert_extent() * CVE-url: https://ubuntu.com/security/CVE-2024-47745 - mm: call the security_mmap_file() LSM hook in remap_file_pages() * CVE-url: https://ubuntu.com/security/CVE-2024-49860 - ACPI: sysfs: validate return type of _STR method * CVE-url: https://ubuntu.com/security/CVE-2024-49882 - ext4: fix double brelse() the buffer of the extents path * CVE-url: https://ubuntu.com/security/CVE-2024-49995 - tipc: guard against string buffer overrun * CVE-url: https://ubuntu.com/security/CVE-2024-47723 - jfs: fix out-of-bounds in dbNextAG() and diAlloc() * CVE-url: https://ubuntu.com/security/CVE-2024-50055 - driver core: bus: Fix double free in driver API bus_register() * CVE-url: https://ubuntu.com/security/CVE-2024-47698 - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error * CVE-url: https://ubuntu.com/security/CVE-2022-49026 - e100: Fix possible use after free in e100_xmit_prepare * CVE-url: https://ubuntu.com/security/CVE-2024-47742 - firmware_loader: Block path traversal * CVE-url: https://ubuntu.com/security/CVE-2024-50035 - ppp: fix ppp_async_encode() illegal access * CVE-url: https://ubuntu.com/security/CVE-2024-47757 - nilfs2: fix potential oob read in nilfs_btree_check_delete() * CVE-url: https://ubuntu.com/security/CVE-2024-49884 - ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path - ext4: fix slab-use-after-free in ext4_split_extent_at() * CVE-url: https://ubuntu.com/security/CVE-2022-49006 - tracing: Free buffers when a used dynamic event is removed * CVE-url: https://ubuntu.com/security/CVE-2024-49903 - jfs: Fix uaf in dbFreeBits * CVE-url: https://ubuntu.com/security/CVE-2024-47701 - ext4: avoid OOB when system.data xattr changes underneath the filesystem * CVE-url: https://ubuntu.com/security/CVE-2024-49889 - ext4: avoid use-after-free in ext4_ext_show_leaf() * CVE-url: https://ubuntu.com/security/CVE-2024-50073 - tty: n_gsm: Fix use-after-free in gsm_cleanup_mux * CVE-url: https://ubuntu.com/security/CVE-2024-47747 - net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition * CVE-url: https://ubuntu.com/security/CVE-2024-49900 - jfs: Fix uninit-value access of new_ea in ea_buffer * CVE-url: https://ubuntu.com/security/CVE-2024-47697 - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error * CVE-url: https://ubuntu.com/security/CVE-2022-48951 - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() * CVE-url: https://ubuntu.com/security/CVE-2024-49981 - media: venus: fix use after free bug in venus_remove due to race condition * CVE-url: https://ubuntu.com/security/CVE-2024-43839 - bna: adjust 'name' buf size of bna_tcb and bna_ccb structures * CVE-url: https://ubuntu.com/security/CVE-2024-47659 - smack: tcp: ipv4, fix incorrect labeling * CVE-url: https://ubuntu.com/security/CVE-2024-47685 - netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() * CVE-url: https://ubuntu.com/security/CVE-2024-39476 - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING * CVE-url: https://ubuntu.com/security/CVE-2024-27397 - netfilter: nf_tables: use timestamp to check for set element timeout - netfilter: nf_tables: annotate data-races around element expiration - netfilter: nf_tables: support timeouts larger than 23 days * CVE-url: https://ubuntu.com/security/CVE-2024-26641 - net: Fix unwanted sign extension in netdev_stats_to_stats64() - ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() * CVE-url: https://ubuntu.com/security/CVE-2024-38611 - media: i2c: et8ek8: Don't strip remove function when driver is builtin Critical TuxCare License Agreement CVE-2024-41042 CVE-2024-47663 CVE-2024-47685 CVE-2024-50073 CVE-2024-47757 CVE-2024-50035 CVE-2024-42297 CVE-2024-47742 CVE-2024-46755 CVE-2022-49006 CVE-2024-39476 CVE-2022-49026 CVE-2022-48951 CVE-2024-49967 CVE-2024-49883 CVE-2024-50044 CVE-2024-47745 CVE-2024-47723 CVE-2024-50055 CVE-2024-47747 CVE-2024-49900 CVE-2024-47659 CVE-2024-49981 CVE-2024-38611 CVE-2024-27397 CVE-2024-44960 CVE-2024-46750 CVE-2024-46676 CVE-2024-46685 CVE-2024-43893 CVE-2024-46677 CVE-2024-41063 CVE-2024-42310 CVE-2024-41012 CVE-2024-43914 CVE-2024-43856 CVE-2024-43854 CVE-2024-43884 CVE-2024-43871 CVE-2024-42289 CVE-2024-46761 CVE-2024-26641 CVE-2024-43853 CVE-2024-47669 CVE-2024-44946 CVE-2024-47701 CVE-2024-44995 CVE-2024-46721 CVE-2024-49882 CVE-2024-49950 CVE-2024-50033 CVE-2024-49995 CVE-2024-49903 CVE-2024-50036 CVE-2024-42265 CVE-2024-26668 CVE-2024-43839 CVE-2023-52918 CVE-2024-44947 CVE-2024-46675 CVE-2024-46679 CVE-2024-45021 CVE-2024-45006 CVE-2024-43861 CVE-2024-42311 CVE-2024-45028 CVE-2024-43860 CVE-2024-45025 CVE-2024-42309 CVE-2024-49889 CVE-2024-47697 CVE-2024-47698 CVE-2024-49884 CVE-2024-42292 CVE-2024-47670 CVE-2024-49860 Ubuntu 18.04 LTS * Update to 8u432-ga fixing a number of CVEs - CVE-2024-21131: UTF8 size overflow - CVE-2024-21138: infinite loop vunlerability in SymbolTable - CVE-2024-21140: int overflow/underflow in Range Check Elimination - CVE-2024-21144: invalid header validation leads to Pack200 excessive loading time - CVE-2024-21145: out-of-bounds access in MaskFill - CVE-2024-21147: out-of-bounds array index in Range Check Elimination - CVE-2024-21208: improper handling of maxHeaderSize in HTTP client - CVE-2024-21210: integer overflow in array indexing in SuperWord - CVE-2024-21217: out-of-memory because of unbounded allocation in MessageFormat - CVE-2024-21235: incorrect range check because of integer conversion error in LoopNode * Update patches - debian/patches/zero-sh.diff * Remove patches that became part of the update - debian/patches/CVE-2024-21011.patch - debian/patches/CVE-2024-21068.patch - debian/patches/CVE-2024-21085.patch - debian/patches/CVE-2024-21094.patch Important TuxCare License Agreement CVE-2024-21235 CVE-2024-21145 CVE-2024-21144 CVE-2024-21217 CVE-2024-21210 CVE-2024-21140 CVE-2024-21208 CVE-2024-21147 CVE-2024-21138 CVE-2024-21131 Ubuntu 18.04 LTS * SECURITY UPDATE: Buffer overflow due to off-by-one error in gsocks4aproxy.c - debian/patches/CVE-2024-52533.patch: Fix single byte buffer overflow in connect messages due to incorrect calculation in SOCKS4_CONN_MSG_LEN - CVE-2024-52533 Important TuxCare License Agreement CVE-2024-52533 Ubuntu 18.04 LTS * SECURITY UPDATE: Denial of Service vulnerability - debian/patches/CVE-2024-23672.patch: refactor WebSocket close for suspend/resume to ensure WebSocket connection closure completes - CVE-2024-23672 Important TuxCare License Agreement CVE-2024-23672 Ubuntu 18.04 LTS * SECURITY UPDATE: Fix DoS by a trusted server by disable ESI - CVE-2024-45802 Important TuxCare License Agreement CVE-2024-45802 Ubuntu 18.04 LTS * SECURITY UPDATE: DoS via incomplete cleanup vulnerability - debian/patches/CVE-2024-23672.patch: refactor WebSocket close for suspend/resume to ensure connection closure completes - CVE-2024-23672 Important TuxCare License Agreement CVE-2024-23672 Ubuntu 18.04 LTS * SECURITY UPDATE: Race condition allows local attackers to execute arbitrary code as root - debian/patches/CVE-2024-48991.patch: Prevent race condition on /proc/$PID/exec evaluation by synchronizing $exe with the initial value from Proc:ProcessTable - CVE-2024-48991 Low TuxCare License Agreement CVE-2024-48991 CVE-2024-11003 CVE-2024-48990 Ubuntu 18.04 LTS * SECURITY UPDATE: Arbitrary code execution via manipulated RUBYLIB environment variable - debian/patches/CVE-2024-48992.patch: Prevent script from setting RUBYLIB environment variable to avoid LPE - CVE-2024-48992 Low TuxCare License Agreement CVE-2024-48992 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-49992 - drm: remove all control node code - drm: add managed resources tied to drm_device - drm: Set final_kfree in drm_dev_alloc - drm/plane: add drmm_universal_plane_alloc() - drm: Handle dev->unique with drmm_ - drm: Use drmm_ for drm_dev_init cleanup - drm: manage drm_minor cleanup with drmm_ - drm/stm: Avoid use-after-free issues with crtc and plane * CVE-url: https://ubuntu.com/security/CVE-2023-52531 - wifi: iwlwifi: mvm: Fix a memory corruption issue * CVE-url: https://ubuntu.com/security/CVE-2024-35877 - mm: introduce page_needs_cow_for_dma() for deciding whether cow - x86/mm/pat: fix VM_PAT handling in COW mappings * CVE-url: https://ubuntu.com/security/CVE-2023-52578 - net: bridge: use DEV_STATS_INC() * CVE-url: https://ubuntu.com/security/CVE-2024-42240 - x86/bhi: Avoid warning in #DB handler due to BHI mitigation * CVE-url: https://ubuntu.com/security/CVE-2022-48938 - CDC-NCM: avoid overflow in sanity checking * CVE-url: https://ubuntu.com/security/CVE-2023-52502 - net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() * CVE-url: https://ubuntu.com/security/CVE-2023-52614 - time: Introduce jiffies64_to_msecs() - PM / devfreq: Fix buffer overflow in trans_stat_show * CVE-url: https://ubuntu.com/security/CVE-2024-50067 - uprobe: avoid out-of-bounds memory access of fetching args Important TuxCare License Agreement CVE-2024-50067 CVE-2024-35877 CVE-2024-42240 CVE-2023-52614 CVE-2023-52502 CVE-2023-52578 CVE-2024-49992 CVE-2023-52531 CVE-2022-48938 Ubuntu 18.04 LTS * SECURITY UPDATE: Unsafe chown/chmod operations in .service files - debian/patches/CVE-2021-44038.patch: remove chown/chmod commands from the .service files - CVE-2021-44038 Important TuxCare License Agreement CVE-2021-44038 Ubuntu 18.04 LTS * CVE-2022-38076 - linux-firmware: Update for Intel Dual Band Wireless AC 3168 - linux-firmware: Upadte for Intel Wireless 7265 (Rev D) Family - linux-firmware: Update for Intel Dual Band Wireless AC 3165 - linux-firmware: Update for Intel Dual Band Wireless AC 8265 - linux-firmware: Update for Intel Dual Band Wireless AC 8260 - linux-firmware: Update for Intel Wireless AC 9560 - linux-firmware: Update for Intel Wireless AC 9462 - linux-firmware: Update for Intel Wireless AC 9461 - linux-firmware: Update for Intel Wireless AC 9260 - linux-firmware: Update for Intel Wireless AC Wi-Fi 6 AX101 - linux-firmware: Update for Intel Wireless AC Wi-Fi 6 AX201 Important TuxCare License Agreement CVE-2022-38076 Ubuntu 18.04 LTS * SECURITY UPDATE: Improper quoting of newlines in email headers - debian/patches/CVE-2024-6923.patch: Fix serialization of display name in originator or destination address fields with both encoded words and special chars - CVE-2024-6923 Moderate TuxCare License Agreement CVE-2024-6923 Ubuntu 18.04 LTS * SECURITY UPDATE: Improper quoting of newlines for email headers allows for header injection - debian/patches/CVE-2024-6923.patch: Encode newlines in headers and verify headers are safe - CVE-2024-6923 Moderate TuxCare License Agreement CVE-2024-6923 Ubuntu 18.04 LTS * OpenJDK 11.0.25 release, build 9. - CVE-2024-21131, CVE-2024-21138, CVE-2024-21140, CVE-2024-21144, CVE-2024-21145, CVE-2024-21147, CVE-2024-21208, CVE-2024-21210, CVE-2024-21217, CVE-2024-21235. - Release notes: https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-October/038512.html - d/control, d/rules: bump dependency from jtreg6 to jtreg7 - d/rules: build --without-jtreg if with_check is false, change location of --with-jtreg, change definition of min_jtreg_version * Adjust patches - debian/patches/jtreg-location.diff (removed from d/p/series) - debian/patches/reproducible-javadoc-timestamp.diff - debian/patches/reproducible-copyright-headers.diff - debian/patches/nss-limited-ecc-tests.patch (added from Debian sources) * Remove patches that became part of the update - debian/patches/CVE-2024-21011.patch - debian/patches/CVE-2024-21012.patch - debian/patches/CVE-2024-21068.patch - debian/patches/CVE-2024-21085.patch - debian/patches/CVE-2024-21094.patch Important TuxCare License Agreement CVE-2024-21235 CVE-2024-21217 CVE-2024-21208 CVE-2024-21145 CVE-2024-21144 CVE-2024-21138 CVE-2024-21210 CVE-2024-21140 CVE-2024-21131 CVE-2024-21147 Ubuntu 18.04 LTS * SECURITY UPDATE: Security vulnerability - debian/patches/CVE-2024-11234.patch: Fix stream HTTP fulluri CRLF injection issue - CVE-2024-11234 Important TuxCare License Agreement CVE-2024-11234 Ubuntu 18.04 LTS * SECURITY UPDATE: Missing secure attribute in session cookies with RemoteIpFilter - debian/patches/CVE-2023-28708.patch: Fix JSessionId secure attribute missing with RemoteIpFilter and X-Forwarded-Proto set to https - CVE-2023-28708 Moderate TuxCare License Agreement CVE-2023-28708 Ubuntu 18.04 LTS * SECURITY UPDATE: Missing secure attribute in session cookies when using RemoteIpFilter with X-Forwarded-Proto header set to https - debian/patches/CVE-2023-28708.patch: Fix JSessionId secure attribute missing when RemoteIpFilter determines request submitted via secure channel - CVE-2023-28708 Moderate TuxCare License Agreement CVE-2023-28708 Ubuntu 18.04 LTS * SECURITY UPDATE: Security vulnerability in package - debian/patches/CVE-2024-11233.patch: fix error in convert.quoted printable-decode filter certain data leading to buffer overread. Fix segfault with streams and invalid data. - CVE-2024-11233 Important TuxCare License Agreement CVE-2024-11233 Ubuntu 18.04 LTS * SECURITY UPDATE: Untrusted Site Redirection Vulnerability in FORM authentication feature - debian/patches/CVE-2023-41080.patch: Avoid protocol relative redirects in FORM authentication - CVE-2023-41080 Moderate TuxCare License Agreement CVE-2023-41080 Ubuntu 18.04 LTS * SECURITY UPDATE: Crash in XML_ResumeParser due to XML_StopParser issue - debian/patches/CVE-2024-50602.patch: Refuse to stop/suspend an unstarted parser due to XML_ERROR_NOT_STARTED - debian/patches/CVE-2024-50602-1.patch: Explicitly specify XML_PARSING in XML_StopParser to ensure correct parsing status handling - debian/patches/CVE-2024-50602-2.patch: Add test_misc_resumeparser_not_crashing and test_misc_stopparser_rejects_unstarted_parser to cover the issue - CVE-2024-50602 Moderate TuxCare License Agreement CVE-2024-50602 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2023-52664 - net: atlantic: eliminate double free in error handling logic * CVE-url: https://ubuntu.com/security/CVE-2023-52698 - calipso: fix memory leak in netlbl_calipso_add_pass() * CVE-url: https://ubuntu.com/security/CVE-2021-47466 - mm, slub: fix potential memoryleak in kmem_cache_open() * CVE-url: https://ubuntu.com/security/CVE-2023-52757 - smb: client: fix potential deadlock when releasing mids * CVE-url: https://ubuntu.com/security/CVE-2023-52749 - spi: Fix null dereference on suspend * CVE-url: https://ubuntu.com/security/CVE-2024-26921 - net: ipv4: do not handle duplicate fragments as overlapping - net: IP defrag: encapsulate rbtree defrag code into callable functions - ipv4: remove unnecessary type castings - skb_expand_head() adjust skb->truesize incorrectly - inet: inet_defrag: prevent sk release while still in use * CVE-url: https://ubuntu.com/security/CVE-2021-47082 - tun: avoid double free in tun_free_netdev * CVE-url: https://ubuntu.com/security/CVE-2024-36968 - Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() * CVE-url: https://ubuntu.com/security/CVE-2023-52507 - nfc: nci: assert requested protocol is valid * CVE-url: https://ubuntu.com/security/CVE-2024-44944 - netfilter: ctnetlink: use helper function to calculate expect ID * CVE-url: https://ubuntu.com/security/CVE-2024-35861 - smb: client: fix potential UAF in cifs_debug_files_proc_show() - smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() * CVE-url: https://ubuntu.com/security/CVE-2024-35863 - smb: client: fix potential UAF in smb2_is_valid_oplock_break() * CVE-url: https://ubuntu.com/security/CVE-2024-35864 - smb: client: fix potential UAF in smb2_is_valid_lease_break() * CVE-url: https://ubuntu.com/security/CVE-2024-35867 - smb: client: fix potential UAF in cifs_stats_proc_show() * CVE-url: https://ubuntu.com/security/CVE-2024-35868 - smb: client: fix potential UAF in cifs_stats_proc_write() * CVE-url: https://ubuntu.com/security/CVE-2024-35896 - netfilter: validate user input for expected length * CVE-url: https://ubuntu.com/security/CVE-2024-27010 - net/sched: Fix mirred deadlock on device recursion * CVE-url: https://ubuntu.com/security/CVE-2024-26961 - mac802154: fix llsec key resources release in mac802154_llsec_key_del * CVE-url: https://ubuntu.com/security/CVE-2024-26958 - NFS: Fix up commit deadlocks - nfs: fix UAF in direct writes * CVE-url: https://ubuntu.com/security/CVE-2024-50115 - KVM: nSVM: Don't strip host's C-bit from guest's CR3 when reading PDPTRs - KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory * CVE-url: https://ubuntu.com/security/CVE-2024-50148 - Bluetooth: bnep: fix wild-memory-access in proto_unregister * CVE-url: https://ubuntu.com/security/CVE-2024-40910 - ax25: Fix refcount imbalance on inbound connections * CVE-url: https://ubuntu.com/security/CVE-2024-53057 - net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT * CVE-url: https://ubuntu.com/security/CVE-2021-47101 - net: asix: fix uninit value bugs - asix: fix uninit-value in asix_mdio_read() * CVE-url: https://ubuntu.com/security/CVE-2024-36952 - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up * CVE-url: https://ubuntu.com/security/CVE-2023-52488 - regmap: Add regmap_noinc_read API - regmap: Add regmap_noinc_write API - serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO * CVE-url: https://ubuntu.com/security/CVE-2024-50142 - xfrm: validate new SA's prefixlen using SA family when sel.family is unset * CVE-url: https://ubuntu.com/security/CVE-2024-50256 - netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() * CVE-url: https://ubuntu.com/security/CVE-2024-50264 - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans * CVE-url: https://ubuntu.com/security/CVE-2021-47501 - i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc * CVE-url: https://ubuntu.com/security/CVE-2021-47076 - RDMA/rxe: Return CQE error if invalid lkey was supplied * CVE-url: https://ubuntu.com/security/CVE-2023-52574 - team: fix null-ptr-deref when team device type is changed * CVE-url: https://ubuntu.com/security/CVE-2023-52477 - usb: hub: Guard against accesses to uninitialized BOS descriptors * CVE-url: https://ubuntu.com/security/CVE-2023-52475 - Input: powermate - fix use-after-free in powermate_config_complete * CVE-url: https://ubuntu.com/security/CVE-2024-39489 - ipv6: sr: fix memleak in seg6_hmac_init_algo Important TuxCare License Agreement CVE-2024-26958 CVE-2023-52574 CVE-2024-44944 CVE-2024-35868 CVE-2021-47076 CVE-2021-47466 CVE-2021-47082 CVE-2023-52749 CVE-2024-35867 CVE-2024-35864 CVE-2024-35863 CVE-2024-27010 CVE-2024-35861 CVE-2024-40910 CVE-2024-50115 CVE-2024-50148 CVE-2024-50142 CVE-2021-47101 CVE-2024-36952 CVE-2024-35896 CVE-2024-50264 CVE-2023-52488 CVE-2021-47501 CVE-2023-52475 CVE-2024-50256 CVE-2024-26921 CVE-2024-53057 CVE-2024-36968 CVE-2023-52664 CVE-2024-26961 CVE-2023-52507 CVE-2023-52698 CVE-2024-39489 CVE-2023-52757 CVE-2023-52477 Ubuntu 18.04 LTS * New microcode update packages from upstream up to 2024-11-12: - Updated microcodes: sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800 sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800 sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800 sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800 sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800 sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256 sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256 sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232 sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232 sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240 sig 0x000b0671, pf_mask 0x32, 2024-08-29, rev 0x012b, size 211968 sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160 sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160 sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160 sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256 sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256 sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128 sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128 * SECURITY UPDATE: - CVE-2024-21853, INTEL-SA-01101 - CVE-2024-23918, CVE-2024-21820, INTEL-SA-01079 - CVE-2024-24968, INTEL-SA-01097 - CVE-2024-23984, INTEL-SA-01103 Low TuxCare License Agreement CVE-2024-21853 CVE-2024-23918 CVE-2024-21820 Ubuntu 18.04 LTS * SECURITY UPDATE: Security vulnerability in URL redirection - debian/patches/CVE-2023-41080.patch: Avoid protocol relative redirects in FORM authentication - CVE-2023-41080 Moderate TuxCare License Agreement CVE-2023-41080 Ubuntu 18.04 LTS * SECURITY UPDATE: possible information leak via checksum comparison - debian/patches/CVE-2024-12085.patch: fix issue with checksum length manipulation leading to uninitialized memory leak - CVE-2024-12085 Important TuxCare License Agreement CVE-2024-12085 Ubuntu 18.04 LTS * SECURITY UPDATE: Information Disclosure - debian/patches/CVE-2023-42795.patch: Improve handling of failures during recycle() methods - CVE-2023-42795 Moderate TuxCare License Agreement CVE-2023-42795 Ubuntu 18.04 LTS * SECURITY UPDATE: Privilege escalation via HTTP request interpretation - debian/patches/CVE-2019-18928.patch: drop auth credentials if not a backend in a Murder to prevent unauthorized access - CVE-2019-18928 Critical TuxCare License Agreement CVE-2019-18928 Ubuntu 18.04 LTS * SECURITY UPDATE: Improper handling of TLV values in bgp_attr_encap - debian/patches/CVE-2024-44070.patch: check actual remaining stream length before taking TLV value - CVE-2024-44070 Important TuxCare License Agreement CVE-2024-44070 Ubuntu 18.04 LTS * SECURITY UPDATE: path traversal vulnerability via improper symlink verification, when using the `--safe-links` option - debian/patches/CVE-2024-12088.patch: make --safe-links stricter - CVE-2024-12088 Moderate TuxCare License Agreement CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-26595 - mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path * CVE-url: https://ubuntu.com/security/CVE-2024-38553/CVE-2024-38597 - netpoll: make ndo_poll_controller() optional - bonding: use netpoll_poll_dev() helper - netpoll: do not test NAPI_STATE_SCHED in poll_one_napi() * CVE-url: https://ubuntu.com/security/CVE-2024-38597 - eth: sungem: remove .ndo_poll_controller to avoid deadlocks * CVE-url: https://ubuntu.com/security/CVE-2024-38553 - net: fec: remove .ndo_poll_controller to avoid deadlocks * CVE-url: https://ubuntu.com/security/CVE-2024-42252 - closures: Change BUG_ON() to WARN_ON() * CVE-url: https://ubuntu.com/security/CVE-2024-41066 - ibmvnic: Add tx check to prevent skb leak * CVE-url: https://ubuntu.com/security/CVE-2024-40982 - ssb: Fix potential NULL pointer dereference in ssb_device_uevent() * CVE-url: https://ubuntu.com/security/CVE-2024-26689 - ceph: prevent use-after-free in encode_cap_msg() - fixup! ceph: prevent use-after-free in encode_cap_msg() * CVE-url: https://ubuntu.com/security/CVE-2024-56595 - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree * CVE-url: https://ubuntu.com/security/CVE-2024-57892 - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv * CVE-url: https://ubuntu.com/security/CVE-2024-57896 - btrfs: fix hang during unmount when stopping a space reclaim worker - btrfs: wait for fixup workers before stopping cleaner kthread during umount - btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount * CVE-url: https://ubuntu.com/security/CVE-2024-56598 - jfs: array-index-out-of-bounds fix in dtReadFirst * CVE-url: https://ubuntu.com/security/CVE-2024-56551 - drm/amdgpu: fix usage slab after free * CVE-url: https://ubuntu.com/security/CVE-2024-56596 - jfs: fix array-index-out-of-bounds in jfs_readdir * CVE-url: https://ubuntu.com/security/CVE-2024-56615 - bpf: fix OOB devmap writes when deleting elements * CVE-url: https://ubuntu.com/security/CVE-2024-57887 - drm: adv7511: Fix use-after-free in adv7533_attach_dsi() * CVE-url: https://ubuntu.com/security/CVE-2024-50154 - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). * CVE-url: https://ubuntu.com/security/CVE-2024-56775 - drm/amd/display: Fix handling of plane refcount * CVE-url: https://ubuntu.com/security/CVE-2024-57900 - ila: serialize calls to nf_register_net_hooks() * CVE-url: https://ubuntu.com/security/CVE-2024-35887 - ax25: fix use-after-free bugs caused by ax25_ds_del_timer * CVE-url: https://ubuntu.com/security/CVE-2022-48739 - ASoC: hdmi-codec: Fix OOB memory accesses * CVE-url: https://ubuntu.com/security/CVE-2024-56704 - 9p/xen: fix release of IRQ * CVE-url: https://ubuntu.com/security/CVE-2024-56606 - af_packet: avoid erroring out after sock_init_data() in packet_create() * CVE-url: https://ubuntu.com/security/CVE-2024-53141 - netfilter: ipset: add missing range check in bitmap_ip_uadt * CVE-url: https://ubuntu.com/security/CVE-2023-52691 - drm/amd/pm: fix a double-free in si_dpm_init * CVE-url: https://ubuntu.com/security/CVE-2024-53165 - sh: intc: Fix use-after-free bug in register_intc_controller() * CVE-url: https://ubuntu.com/security/CVE-2023-52818 - drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 * CVE-url: https://ubuntu.com/security/CVE-2024-56603 - net: af_can: do not leave a dangling sk pointer in can_create() * CVE-url: https://ubuntu.com/security/CVE-2024-53173 - NFSv4.0: Fix a use-after-free problem in the asynchronous open() * CVE-url: https://ubuntu.com/security/CVE-2024-56602 - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() * CVE-url: https://ubuntu.com/security/CVE-2024-26996 - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error * CVE-url: https://ubuntu.com/security/CVE-2024-56650 - netfilter: x_tables: fix LED ID check in led_tg_check() * CVE-url: https://ubuntu.com/security/CVE-2024-56600 - net: inet6: do not leave a dangling sk pointer in inet6_create() * CVE-url: https://ubuntu.com/security/CVE-2024-53227 - scsi: bfa: Fix use-after-free in bfad_im_module_exit() * CVE-url: https://ubuntu.com/security/CVE-2021-47328 - scsi: iscsi: Fix conn use after free during resets * CVE-url: https://ubuntu.com/security/CVE-2024-53155 - ocfs2: fix uninitialized value in ocfs2_file_read_iter() * CVE-url: https://ubuntu.com/security/CVE-2024-56651 - can: hi311x: hi3110_can_ist(): fix potential use-after-free * CVE-url: https://ubuntu.com/security/CVE-2021-47281 - ALSA: timer: Fix possible race at assigning a timer instance - ALSA: seq: Fix race of snd_seq_timer_open() * CVE-url: https://ubuntu.com/security/CVE-2024-56605 - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() * CVE-url: https://ubuntu.com/security/CVE-2024-53156 - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() * CVE-url: https://ubuntu.com/security/CVE-2023-52741 - cifs: Fix use-after-free in rdata->read_into_pages() * CVE-url: https://ubuntu.com/security/CVE-2024-56759 - btrfs: fix use-after-free when COWing tree bock and tracing is enabled * CVE-url: https://ubuntu.com/security/CVE-2024-56604 - Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() * CVE-url: https://ubuntu.com/security/CVE-2024-53142 - initramfs: avoid filename buffer overrun * CVE-url: https://ubuntu.com/security/CVE-2024-56601 - net: inet: do not leave a dangling sk pointer in inet_create() * CVE-url: https://ubuntu.com/security/CVE-2024-56662 - acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl * CVE-url: https://ubuntu.com/security/CVE-2024-56631 - scsi: sg: Fix slab-use-after-free read in sg_release() * CVE-url: https://ubuntu.com/security/CVE-2024-53103 - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer * CVE-url: https://ubuntu.com/security/CVE-2024-56581 - btrfs: ref-verify: fix use-after-free after invalid ref action * CVE-url: https://ubuntu.com/security/CVE-2021-47191 - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() * CVE-url: https://ubuntu.com/security/CVE-2023-52478 - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect * CVE-url: https://ubuntu.com/security/CVE-2024-36924 - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() * CVE-url: https://ubuntu.com/security/CVE-2023-52476 - perf/x86/lbr: Filter vsyscall addresses * CVE-url: https://ubuntu.com/security/CVE-2024-27011 - netfilter: nf_tables: fix memleak in map from abort path * CVE-url: https://ubuntu.com/security/CVE-2024-53088 - i40e: fix race condition by adding filter's intermediate sync state Important TuxCare License Agreement CVE-2024-56615 CVE-2024-56551 CVE-2024-57900 CVE-2023-52478 CVE-2024-57896 CVE-2024-27011 CVE-2024-53142 CVE-2024-56650 CVE-2023-52741 CVE-2023-52818 CVE-2024-53165 CVE-2024-41066 CVE-2021-47328 CVE-2021-47191 CVE-2024-38597 CVE-2024-56595 CVE-2024-57892 CVE-2024-56775 CVE-2022-48739 CVE-2024-56606 CVE-2024-56601 CVE-2024-50154 CVE-2024-57887 CVE-2021-47281 CVE-2024-26689 CVE-2024-56598 CVE-2024-56596 CVE-2024-56704 CVE-2024-35887 CVE-2024-56603 CVE-2024-53141 CVE-2024-26996 CVE-2023-52691 CVE-2024-53173 CVE-2024-53156 CVE-2024-56602 CVE-2024-56651 CVE-2024-53227 CVE-2024-56600 CVE-2024-56605 CVE-2024-56759 CVE-2024-56604 CVE-2024-56631 CVE-2024-56662 CVE-2024-53103 CVE-2024-42252 CVE-2023-52476 CVE-2024-53088 CVE-2024-40982 CVE-2024-26595 CVE-2024-56581 CVE-2024-53155 CVE-2024-36924 CVE-2024-38553 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-53104 - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format * CVE-url: https://ubuntu.com/security/CVE-2024-41020 - filelock: Fix fcntl/close race recovery compat path * CVE-url: https://ubuntu.com/security/CVE-2024-43892 - memcg: protect concurrent access to mem_cgroup_idr * CVE-url: https://ubuntu.com/security/CVE-2021-47379 - blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd * CVE-url: https://ubuntu.com/security/CVE-2024-57911 - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer * CVE-url: https://ubuntu.com/security/CVE-2024-53239 - ALSA: 6fire: Release resources at card release * CVE-url: https://ubuntu.com/security/CVE-2024-50051 - spi: mpc52xx: Add cancel_work_sync before module remove Important TuxCare License Agreement CVE-2024-53104 CVE-2021-47379 CVE-2024-50051 CVE-2024-41020 CVE-2024-53239 CVE-2024-57911 CVE-2024-43892 Ubuntu 18.04 LTS * SECURITY UPDATE: Generate and verify message MACs in libkrad - debian/patches/CVE-2024-3596.patch: implement support for Message-Authenticator in libkrad - CVE-2024-3596 * debian/control: add package Recommends to krb5-doc Critical TuxCare License Agreement CVE-2024-3596 Ubuntu 18.04 LTS * SECURITY UPDATE: Regular expressions that allowed excessive backtracking during tarfile - debian/patches/CVE-2024-6232.patch: Fix header parsing vulnerability that could lead to ReDoS - CVE-2024-6923 Important TuxCare License Agreement CVE-2024-6232 Ubuntu 18.04 LTS * SECURITY UPDATE: race condition during rsync's handling of symbolic links - debian/patches/CVE-2024-12747.patch: prevent symlink race preventing a normal file from being replaced by a symlink - CVE-2024-12747 * debian/rules, debian/patches/series: use series file to manage patches * debian/patches/ssh-6-option.diff: adjust changes to align with the new patch application approach. Moderate TuxCare License Agreement CVE-2024-12747 Ubuntu 18.04 LTS * SECURITY UPDATE: insufficient space allocation in assert() function leading to buffer overflow - debian/patches/any/CVE-2025-0395.patch: Fix underallocation of abort_msg_s struct to store the length of the message string - CVE-2025-0395 Moderate TuxCare License Agreement CVE-2025-0395 Ubuntu 18.04 LTS * SECURITY UPDATE: Ability to modify permissions with privileged programs - debian/patches/CVE-2023-6597.patch: Prevent tempfile.TemporaryDirectory class dereference symlinks - CVE-2023-6597 Important TuxCare License Agreement CVE-2023-6597 Ubuntu 18.04 LTS * Internal tests: - debian/test_certs/*: Update the keystore files and certificates from the upstream branch 9.0.x to fix internal tests Important TuxCare License Agreement CVE-2024-38286 Ubuntu 18.04 LTS * SECURITY UPDATE: PPD injection issues - debian/patches/CVE-2024-47175.patch: validate URIs, attribute names, capabilities, and sanitize make and model in cups/ppd-cache.c, scheduler/ipp.c - CVE-2024-47175 Important TuxCare License Agreement CVE-2024-47175 Ubuntu 18.04 LTS * New microcode update packages from upstream up to 2025-02-11: - New microcodes: sig 0x000a06f3, pf_mask 0x01, 2024-11-22, rev 0x3000330, size 1533952 sig 0x000b0674, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968 sig 0x000b06f6, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280 sig 0x000b06f7, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280 - Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2024-08-02, rev 0xd0003f5, size 308224 sig 0x000606c1, pf_mask 0x10, 2024-08-08, rev 0x10002c0, size 300032 sig 0x000806f4, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592 sig 0x000806f4, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824 sig 0x000806f5, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592 sig 0x000806f5, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824 sig 0x000806f6, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592 sig 0x000806f6, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824 sig 0x000806f7, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824 sig 0x000806f8, pf_mask 0x10, 2024-07-30, rev 0x2c0003e0, size 622592 sig 0x000806f8, pf_mask 0x87, 2024-07-30, rev 0x2b000620, size 589824 sig 0x00090672, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280 sig 0x00090675, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280 sig 0x000906a3, pf_mask 0x80, 2024-08-01, rev 0x0436, size 223232 sig 0x000906a4, pf_mask 0x40, 2024-07-29, rev 0x0009, size 119808 sig 0x000906a4, pf_mask 0x80, 2024-08-01, rev 0x0436, size 223232 sig 0x000906ea, pf_mask 0x22, 2024-07-28, rev 0x00fa, size 105472 sig 0x000906ed, pf_mask 0x22, 2024-07-31, rev 0x0102, size 106496 sig 0x000a0671, pf_mask 0x02, 2024-08-01, rev 0x0063, size 108544 sig 0x000b0671, pf_mask 0x32, 2024-09-25, rev 0x012c, size 211968 sig 0x000b06a2, pf_mask 0xe0, 2024-07-31, rev 0x4124, size 220160 sig 0x000b06a3, pf_mask 0xe0, 2024-07-31, rev 0x4124, size 220160 sig 0x000b06a8, pf_mask 0xe0, 2024-07-31, rev 0x4124, size 220160 sig 0x000b06e0, pf_mask 0x19, 2024-09-06, rev 0x001c, size 138240 sig 0x000b06f2, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280 sig 0x000b06f5, pf_mask 0x07, 2024-08-01, rev 0x0038, size 225280 sig 0x000c06f1, pf_mask 0x87, 2024-07-30, rev 0x21000291, size 560128 sig 0x000c06f2, pf_mask 0x87, 2024-07-30, rev 0x21000291, size 560128 * SECURITY UPDATE: - CVE-2024-31068 (INTEL-SA-01166) - CVE-2024-36293 (INTEL-SA-01213) - CVE-2024-39279 (INTEL-SA-01139) Moderate TuxCare License Agreement CVE-2024-39279 CVE-2024-31068 CVE-2024-36293 Ubuntu 18.04 LTS * SECURITY UPDATE: Incomplete Cleanup vulnerability in Tomcat - debian/patches/CVE-2023-42795.patch: Improve handling of failures during recycle() methods - CVE-2023-42795 Moderate TuxCare License Agreement CVE-2023-42795 Ubuntu 18.04 LTS * SECURITY UPDATE: buffer over-read in xmlHTMLPrintFileContext - debian/patches/CVE-2024-34459.patch: Fix buffer overread with `xmllint --htmlout` by adding a missing bounds check - CVE-2024-34459 * SECURITY UPDATE: use-after-free vulnerability in xinclude.c - debian/patches/CVE-2022-49043.patch: Fix use-after-free in xmlXIncludeAddNode, free URI after reporting the error to avoid use-after-free - CVE-2022-49043 * SECURITY UPDATE: stack-based buffer overflow in xmlSnprintfElements in valid.c - debian/patches/CVE-2025-24928.patch: Fix stack-buffer-overflow in xmlSnprintfElements caused by improperly calculating qname length - CVE-2025-24928 * SECURITY UPDATE: NULL pointer dereference in xmlPatMatch in pattern.c - debian/patches/CVE-2025-27113.patch: Fix compilation of explicit child axis to generate XML_OP_ELEM like the case without an axis - CVE-2025-27113 * SECURITY UPDATE: use-after-free vulnerability in XML schema processing - debian/patches/CVE-2024-56171.patch: Fix use-after-free after xmlSchemaItemListAdd in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables - CVE-2024-56171 Important TuxCare License Agreement CVE-2024-34459 CVE-2025-24928 CVE-2025-27113 CVE-2024-56171 CVE-2022-49043 Ubuntu 18.04 LTS * SECURITY UPDATE: address stack-based buffer overflow in disassemble_bytes function - debian/patches/CVE-2025-0840.patch: Fix stack-buffer-overflow in disassemble_bytes caused by oversized buffer - CVE-2025-0840 Important TuxCare License Agreement CVE-2025-0840 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2024-50180 - fbdev: sisfb: Fix strbuf array overflow * CVE-url: https://ubuntu.com/security/CVE-2023-52522 - net: fix possible store tearing in neigh_periodic_work() * CVE-url: https://ubuntu.com/security/CVE-2024-40911 - wifi: cfg80211: Lock wiphy in cfg80211_get_station * CVE-url: https://ubuntu.com/security/CVE-2024-43863 - drm/vmwgfx: Fix a deadlock in dma buf fence polling * CVE-url: https://ubuntu.com/security/CVE-2024-44931 - gpio: prevent potential speculation leaks in gpio_device_get_desc() * CVE-url: https://ubuntu.com/security/CVE-2024-23848 - media: cec: cec-api: add locking in cec_release() - media: cec: core: avoid recursive cec_claim_log_addrs * CVE-url: https://ubuntu.com/security/CVE-2024-50229 - nilfs2: fix potential deadlock with newly created symlinks * CVE-url: https://ubuntu.com/security/CVE-2024-50171 - net: systemport: fix potential memory leak in bcm_sysport_xmit() * CVE-url: https://ubuntu.com/security/CVE-2024-50233 - staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() * CVE-url: https://ubuntu.com/security/CVE-2024-50134 - drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA * CVE-url: https://ubuntu.com/security/CVE-2024-44938 - jfs: Fix shift-out-of-bounds in dbDiscardAG * CVE-url: https://ubuntu.com/security/CVE-2024-50117 - drm/amd: Guard against bad data for ATIF ACPI method * CVE-url: https://ubuntu.com/security/CVE-2024-49902 - jfs: check if leafidx greater than num leaves per dmap tree * CVE-url: https://ubuntu.com/security/CVE-2023-52799 - jfs: fix array-index-out-of-bounds in dbFindLeaf * CVE-url: https://ubuntu.com/security/CVE-2024-49966 - ocfs2: cancel dqi_sync_work before freeing oinfo * CVE-url: https://ubuntu.com/security/CVE-2024-50267 - USB: serial: io_edgeport: fix use after free in debug printk * CVE-url: https://ubuntu.com/security/CVE-2024-50230 - nilfs2: fix kernel bug due to missing clearing of checked flag * CVE-url: https://ubuntu.com/security/CVE-2024-50302 - HID: core: zero-initialize the report buffer * CVE-url: https://ubuntu.com/security/CVE-2024-50278 - dm cache: fix out-of-bounds access to the dirty bitset when resizing - dm cache: fix potential out-of-bounds access on the first resume * CVE-url: https://ubuntu.com/security/CVE-2024-50234 - wifi: iwlegacy: Clear stale interrupts before resuming device * CVE-url: https://ubuntu.com/security/CVE-2024-50301 - security/keys: fix slab-out-of-bounds in key_task_permission * CVE-url: https://ubuntu.com/security/CVE-2024-50143 - overflow: Add __must_check attribute to check_*() helpers - compiler.h: drop fallback overflow checkers - overflow: Allow mixed type arguments - udf: fix uninit-value use in udf_get_fileshortad * CVE-url: https://ubuntu.com/security/CVE-2024-53061 - media: s5p-jpeg: prevent buffer overflows * CVE-url: https://ubuntu.com/security/CVE-2024-57798 - drm/dp-mst-helper: Remove hotplug callback - drm/dp_mst: Remove huge conditional in drm_dp_mst_handle_up_req() - drm/dp_mst: Refactor drm_dp_mst_handle_up_req() - drm/dp_mst: Rename drm_dp_add_port and drm_dp_update_port - drm/dp_mst: Handle UP requests asynchronously - drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() * CVE-url: https://ubuntu.com/security/CVE-2023-52854 - padata: make padata_do_parallel find alternate callback CPU - padata: allocate workqueue internally - crypto: pcrypt - remove padata cpumask notifier - padata, pcrypt: take CPU hotplug lock internally in padata_alloc_possible - padata: use separate workqueues for parallel and serial work - padata: unbind parallel jobs from specific CPUs - workqueue: Make alloc/apply/free_workqueue_attrs() static - workqueue: Remove GPF argument from alloc_workqueue_attrs() - workqueue: unconfine alloc/apply/free_workqueue_attrs() - crypto: pcrypt - Avoid deadlock by using per-instance padata queues - crypto: aead - pass instance to crypto_grab_aead() - crypto: pcrypt - simplify error handling in pcrypt_create_aead() - padata: Fix refcnt handling in padata_free_shell() * CVE-url: https://ubuntu.com/security/CVE-2024-53164 - net: sched: fix ordering of qlen adjustment * CVE-url: https://ubuntu.com/security/CVE-2024-47809 - dlm: fix possible lkb_resource null dereference * CVE-url: https://ubuntu.com/security/CVE-2021-47342 - ext4: fix memory leak in ext4_fill_super - ext4: fix possible UAF when remounting r/o a mmp-protected file system * CVE-url: https://ubuntu.com/security/CVE-2024-53179 - smb: client: fix use-after-free of signing key * Miscellaneous upstream changes - drm/amd/amdgpu: Fix GPR read from debugfs (v2) Important TuxCare License Agreement CVE-2024-50301 CVE-2021-47342 CVE-2023-52522 CVE-2024-50117 CVE-2024-50229 CVE-2024-50267 CVE-2024-50180 CVE-2024-49902 CVE-2024-50302 CVE-2024-50143 CVE-2024-53061 CVE-2024-47809 CVE-2024-57798 CVE-2024-53164 CVE-2024-53179 CVE-2024-43863 CVE-2024-44931 CVE-2024-44938 CVE-2024-40911 CVE-2024-23848 CVE-2024-49966 CVE-2023-52799 CVE-2024-50278 CVE-2024-50230 CVE-2024-50233 CVE-2024-50234 CVE-2024-50134 CVE-2024-50171 CVE-2023-52854 Ubuntu 18.04 LTS * SECURITY UPDATE: PostgreSQL libpq incorrect neutralization of quoting syntax allows SQL injection - debian/patches/CVE-2025-1094.patch: Add full encoding validation in libpq data-quoting functions. - CVE-2025-1094 Important TuxCare License Agreement CVE-2025-1094 Ubuntu 18.04 LTS * SECURITY UPDATE: it's possible machine-in-the-middle attack vulnerability caused by a malicious machine impersonating a legitimate server - debian/patches/CVE-2025-26465.patch: Correct error code handling - CVE-2025-26465 Moderate TuxCare License Agreement CVE-2025-26465 Ubuntu 18.04 LTS * SECURITY UPDATE: path Equivalence leading to Remote Code Execution and/or Information disclosure in Apache Tomcat - debian/patches/CVE-2025-24813.patch: Enhance lifecycle of temporary files used by partial PUT - CVE-2025-24813 Critical TuxCare License Agreement CVE-2025-24813 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2025-21858 - geneve: Fix use-after-free in geneve_find_dev(). * CVE-url: https://ubuntu.com/security/CVE-2024-36921 - wifi: iwlwifi: mvm: guard against invalid STA ID on removal * CVE-url: https://ubuntu.com/security/CVE-2023-52621 - bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers * CVE-url: https://ubuntu.com/security/CVE-2025-21855 - ibmvnic: Don't reference skb after sending to VIOS * CVE-url: https://ubuntu.com/security/CVE-2021-47110 - x86/kvm: Disable kvmclock on all CPUs on shutdown * CVE-url: https://ubuntu.com/security/CVE-2025-21791 - vrf: use RCU protection in l3mdev_l3_out() * CVE-url: https://ubuntu.com/security/CVE-2024-57980 - media: uvcvideo: Fix double free in error path * CVE-url: https://ubuntu.com/security/CVE-2025-21718 - net: rose: fix timer races against user threads * CVE-url: https://ubuntu.com/security/CVE-2025-21735 - NFC: nci: Add bounds checking in nci_hci_create_pipe() * CVE-url: https://ubuntu.com/security/CVE-2023-52805 - jfs: fix array-index-out-of-bounds in diAlloc * CVE-url: https://ubuntu.com/security/CVE-2023-52847 - media: bttv: fix use after free error due to btv->timeout timer * CVE-url: https://ubuntu.com/security/CVE-2024-41014 - xfs: add bounds checking to xlog_recover_process_data * CVE-url: https://ubuntu.com/security/CVE-2025-21782 - orangefs: fix a oob in orangefs_debug_write * CVE-url: https://ubuntu.com/security/CVE-2024-26872 - RDMA/srpt: Do not register event handler until srpt device is fully setup * CVE-url: https://ubuntu.com/security/CVE-2024-26982 - Squashfs: check the inode number is not the invalid value of zero * CVE-url: https://ubuntu.com/security/CVE-2024-56548 - hfsplus: don't query the device logical block size multiple times * CVE-url: https://ubuntu.com/security/CVE-2024-57850 - jffs2: Prevent rtime decompress memory corruption * CVE-url: https://ubuntu.com/security/CVE-2024-49982 - aoe: fix the potential use-after-free problem in more places * CVE-url: https://ubuntu.com/security/CVE-2024-47696 - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency * CVE-url: https://ubuntu.com/security/CVE-2024-50074 - parport: Proper fix for array out-of-bounds access * CVE-url: https://ubuntu.com/security/CVE-2025-21687 - vfio/platform: check the bounds of read/write syscalls * CVE-url: https://ubuntu.com/security/CVE-2024-57889 - regmap: allow to disable all locking mechanisms - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking * CVE-url: https://ubuntu.com/security/CVE-2024-56539 - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() * CVE-url: https://ubuntu.com/security/CVE-2024-53680 - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() * CVE-url: https://ubuntu.com/security/CVE-2024-56630 - ocfs2: free inode when ocfs2_get_init_inode() fails * CVE-url: https://ubuntu.com/security/CVE-2024-53184 - um: ubd: Do not use drvdata in release * CVE-url: https://ubuntu.com/security/CVE-2024-57884 - mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() * CVE-url: https://ubuntu.com/security/CVE-2024-56597 - jfs: fix shift-out-of-bounds in dbSplit * CVE-url: https://ubuntu.com/security/CVE-2025-21664 - dm thin: make get_first_thin use rcu-safe list first function * CVE-url: https://ubuntu.com/security/CVE-2024-56594 - drm/amdgpu: set the right AMDGPU sg segment limitation * CVE-url: https://ubuntu.com/security/CVE-2024-56681 - crypto: bcm - add error check in the ahash_hmac_init function * CVE-url: https://ubuntu.com/security/CVE-2024-52332 - igb: Fix potential invalid memory access in igb_init_module() * CVE-url: https://ubuntu.com/security/CVE-2024-56570 - ovl: Filter invalid inodes with missing lookup function * CVE-url: https://ubuntu.com/security/CVE-2024-57912 - iio: pressure: zpa2326: fix information leak in triggered buffer * CVE-url: https://ubuntu.com/security/CVE-2024-53172 - ubi: fastmap: Fix duplicate slab cache names while attaching * CVE-url: https://ubuntu.com/security/CVE-2024-57929 - dm array: fix releasing a faulty array block twice in dm_array_cursor_end * CVE-url: https://ubuntu.com/security/CVE-2024-56532 - ALSA: us122l: Use snd_card_free_when_closed() at disconnection * CVE-url: https://ubuntu.com/security/CVE-2024-53183 - um: net: Do not use drvdata in release * CVE-url: https://ubuntu.com/security/CVE-2024-56644 - net/ipv6: release expired exception dst cached in socket * CVE-url: https://ubuntu.com/security/CVE-2024-57948 - mac802154: check local interfaces before deleting sdata list * CVE-url: https://ubuntu.com/security/CVE-2024-57904 - iio: adc: at91: call input_free_device() on allocated iio_dev * CVE-url: https://ubuntu.com/security/CVE-2024-56637 - netfilter: ipset: Hold module reference while requesting a module * CVE-url: https://ubuntu.com/security/CVE-2024-56576 - media: i2c: tc358743: Fix crash in the probe error path when using polling * CVE-url: https://ubuntu.com/security/CVE-2024-53214 - vfio/pci: Properly hide first-in-list PCIe extended capability * CVE-url: https://ubuntu.com/security/CVE-2024-56700 - media: wl128x: Fix atomicity violation in fmc_send_cmd() * CVE-url: https://ubuntu.com/security/CVE-2024-56531 - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection * CVE-url: https://ubuntu.com/security/CVE-2024-53194 - PCI: Fix use-after-free of slot->bus on hot remove * CVE-url: https://ubuntu.com/security/CVE-2024-58055 - usb: gadget: f_tcm: Don't free command immediately * CVE-url: https://ubuntu.com/security/CVE-2024-56619 - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() * CVE-url: https://ubuntu.com/security/CVE-2021-47636 - ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() * CVE-url: https://ubuntu.com/security/CVE-2024-5317 - nfsd: make sure exp active before svc_export_show * CVE-url: https://ubuntu.com/security/CVE-2024-53174 - SUNRPC: make sure cache entry active before cache_show * CVE-url: https://ubuntu.com/security/CVE-2021-47219 - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() * CVE-url: https://ubuntu.com/security/CVE-2024-50269 - usb: musb: sunxi: Fix accessing an released usb phy * CVE-url: https://ubuntu.com/security/CVE-2024-57908 - iio: imu: kmx61: fix information leak in triggered buffer Important TuxCare License Agreement CVE-2024-5317 CVE-2023-52621 CVE-2025-21791 CVE-2024-57980 CVE-2024-50269 CVE-2024-57908 CVE-2025-21687 CVE-2024-53214 CVE-2024-57904 CVE-2024-57912 CVE-2021-47219 CVE-2024-50074 CVE-2024-53194 CVE-2024-56594 CVE-2024-56681 CVE-2024-53174 CVE-2024-58055 CVE-2024-49982 CVE-2025-21858 CVE-2023-52805 CVE-2025-21718 CVE-2024-47696 CVE-2024-53172 CVE-2024-57929 CVE-2025-21735 CVE-2024-56637 CVE-2024-56597 CVE-2024-53184 CVE-2024-57889 CVE-2024-56570 CVE-2021-47636 CVE-2021-47110 CVE-2024-56539 CVE-2024-41014 CVE-2023-52847 CVE-2024-26872 CVE-2024-56548 CVE-2024-52332 CVE-2024-57850 CVE-2025-21664 CVE-2024-53680 CVE-2024-56630 CVE-2024-56532 CVE-2024-53183 CVE-2024-56576 CVE-2024-56531 CVE-2025-21782 CVE-2024-56700 CVE-2024-57948 CVE-2024-56619 CVE-2024-26982 CVE-2025-21855 CVE-2024-57884 CVE-2024-56644 CVE-2024-36921 Ubuntu 18.04 LTS * SECURITY UPDATE: insufficiently Random Passwords Leakage - debian/patches/CVE-2020-10729.patch: Fix caching of Jinja2 expressions to prevent caching dynamic results - CVE-2020-10729 Important TuxCare License Agreement CVE-2019-14846 CVE-2020-10729 CVE-2019-14904 CVE-2019-10206 Ubuntu 18.04 LTS * SECURITY UPDATE: Improper PUSH_REPLY sanitization allows attackers to inject arbitrary data into third-party executables - debian/patches/CVE-2024-5594.patch: Properly handle null bytes and invalid characters in control - CVE-2024-5594 * UPDATE CERTIFICATES: Renew sample keys - debian/patches/sample-keys-renew.patch: Renew sample keys for 10 years Low TuxCare License Agreement CVE-2024-5594 Ubuntu 18.04 LTS * SECURITY UPDATE: Quadratic complexity, resulting in excess CPU while parsing - debian/patches/CVE-2024-7592.patch: fix quadratic complexity in parsing "-quoted cookie values with backslashes - CVE-2024-7592 Important TuxCare License Agreement CVE-2024-7592 Ubuntu 18.04 LTS * SECURITY UPDATE: password disclosure via svn module argument - debian/patches/CVE-2020-1739.patch: Fix security issue by providing password securely with --password-from-stdin option and warn if svn version is too old to support it - CVE-2020-1739 Low TuxCare License Agreement CVE-2020-1739 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2021-47352 - virtio-net: Add validation for used length * CVE-url: https://ubuntu.com/security/CVE-2024-46745 - Input: uinput - reject requests with unreasonable number of slots * CVE-url: https://ubuntu.com/security/CVE-2024-44952 - driver core: Fix uevent_show() vs driver detach race * CVE-url: https://ubuntu.com/security/CVE-2024-42304 - ext4: make sure the first directory block is not a hole * CVE-url: https://ubuntu.com/security/CVE-2024-42305 - ext4: check dot and dotdot of dx_root before making dir indexed * CVE-url: https://ubuntu.com/security/CVE-2024-53168 - sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket * CVE-url: https://ubuntu.com/security/CVE-2024-49925 - driver core: add dev_groups to all drivers - driver core: Fix error return code in really_probe() - fbdev: efifb: Register sysfs groups through driver core * CVE-url: https://ubuntu.com/security/CVE-2024-56661 - tipc: fix NULL deref in cleanup_bearer() * CVE-url: https://ubuntu.com/security/CVE-2024-56642 - tipc: Fix use-after-free of kernel socket in cleanup_bearer(). * CVE-url: https://ubuntu.com/security/CVE-2021-47163 - tipc: wait and exit until all work queues are done * CVE-url: https://ubuntu.com/security/CVE-2024-26915 - drm/amdgpu: fix IH overflow on Vega10 v2 - drm/amdgpu: Add check to prevent IH overflow - drm/amdgpu: Reset IH OVERFLOW_CLEAR bit * CVE-url: https://ubuntu.com/security/CVE-2024-56770 - net/sched: netem: account for backlog updates from child qdisc - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() * CVE-url: https://ubuntu.com/security/CVE-2024-50296 - net: hns3: fix kernel crash when uninstalling driver * CVE-url: https://ubuntu.com/security/CVE-2024-53066 - nfs: Fix KMSAN warning in decode_getfattr_attrs() * CVE-url: https://ubuntu.com/security/CVE-2024-49944 - sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start * CVE-url: https://ubuntu.com/security/CVE-2024-50237 - wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower * CVE-url: https://ubuntu.com/security/CVE-2024-46780 - nilfs2: protect references to superblock parameters exposed in sysfs * CVE-url: https://ubuntu.com/security/CVE-2024-53063 - media: dvbdev: prevent the risk of out of memory access - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set * CVE-url: https://ubuntu.com/security/CVE-2023-52927 - netfilter: allow exp not to be removed in nf_ct_find_expectation * CVE-url: https://ubuntu.com/security/CVE-2021-47150 - net: fec: fix the potential memory leak in fec_enet_init() * CVE-url: https://ubuntu.com/security/CVE-2024-53140 - netlink: terminate outstanding dump on socket close * CVE-url: https://ubuntu.com/security/CVE-2025-21971 - net_sched: Prevent creation of classes with TC_H_ROOT * CVE-url: https://ubuntu.com/security/CVE-2025-37785 - ext4: fix OOB read when checking dotdot dir * CVE-url: https://ubuntu.com/security/CVE-2023-52572 - cifs: Fix UAF in cifs_demultiplex_thread() * CVE-url: https://ubuntu.com/security/CVE-2022-49738 - f2fs: fix to do sanity check on summary info - f2fs: should put a page when checking the summary info - f2fs: fix to do sanity check on i_extra_isize in is_alive() * CVE-url: https://ubuntu.com/security/CVE-2022-49740 - wifi: brcmfmac: Check the count value of channel spec to prevent out-of- bounds reads * CVE-url: https://ubuntu.com/security/ - ipv6: Define dscp_t and stop taking ECN bits into account in fib6-rules * CVE-url: https://ubuntu.com/security/CVE-2023-53020 - l2tp: close all race conditions in l2tp_tunnel_register() * CVE-url: https://ubuntu.com/security/CVE-2025-21957 - scsi: qla1280: Fix kernel oops when debug level > 2 * CVE-url: https://ubuntu.com/security/CVE-2025-21948 - HID: appleir: Fix potential NULL dereference at raw event handle * CVE-url: https://ubuntu.com/security/CVE-2023-52936 - debugfs: add debugfs_lookup_and_remove() - kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() * CVE-url: https://ubuntu.com/security/CVE-2025-21912 - gpio: rcar: Use raw_spinlock to protect register access * CVE-url: https://ubuntu.com/security/CVE-2025-21922 - ppp: Fix KMSAN uninit-value warning with bpf * CVE-url: https://ubuntu.com/security/CVE-2025-21891 - ipvlan: ensure network headers are in skb linear part * CVE-url: https://ubuntu.com/security/CVE-2025-21959 - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() * CVE-url: https://ubuntu.com/security/CVE-2025-21996 - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() * CVE-url: https://ubuntu.com/security/CVE-2025-21928 - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() * CVE-url: https://ubuntu.com/security/CVE-2025-21917 - usb: renesas_usbhs: Flush the notify_hotplug_work * CVE-url: https://ubuntu.com/security/CVE-2023-53001 - drm/drm_vma_manager: Add drm_vma_node_allow_once() * CVE-url: https://ubuntu.com/security/CVE-2025-21969 - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd * CVE-url: https://ubuntu.com/security/CVE-2025-21920 - vlan: enforce underlying device type * CVE-url: https://ubuntu.com/security/CVE-2025-21904 - caif_virtio: fix wrong pointer check in cfv_probe() * CVE-url: https://ubuntu.com/security/CVE-2024-56658 - net: defer final 'struct net' free in netns dismantle * CVE-url: https://ubuntu.com/security/CVE-2022-23041 - xen/pvcalls: use alloc/free_pages_exact() * CVE-url: https://ubuntu.com/security/CVE-2024-50265 - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() * CVE-url: https://ubuntu.com/security/CVE-2024-46826 - ELF: fix kernel.randomize_va_space double read * CVE-url: https://ubuntu.com/security/CVE-2025-21700 - net: sched: Disallow replacing of child qdisc from one parent to another * CVE-url: https://ubuntu.com/security/CVE-2025-21702 - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 * CVE-url: https://ubuntu.com/security/CVE-2024-50167 - be2net: fix potential memory leak in be_xmit() * CVE-url: https://ubuntu.com/security/CVE-2024-49952 - netfilter: nf_tables: prevent nf_skb_duplicated corruption * CVE-url: https://ubuntu.com/security/CVE-2024-49948 - net: add more sanity checks to qdisc_pkt_len_init() Important TuxCare License Agreement CVE-2024-50296 CVE-2023-53020 CVE-2025-37785 CVE-2024-50237 CVE-2024-53063 CVE-2024-46745 CVE-2024-44952 CVE-2024-42305 CVE-2025-21971 CVE-2024-46780 CVE-2024-56770 CVE-2024-49925 CVE-2024-49952 CVE-2024-50167 CVE-2025-21904 CVE-2025-21969 CVE-2025-21959 CVE-2025-21996 CVE-2025-21912 CVE-2025-21922 CVE-2024-56661 CVE-2023-52927 CVE-2022-49740 CVE-2022-49738 CVE-2024-56642 CVE-2024-53168 CVE-2024-53140 CVE-2025-21948 CVE-2023-53001 CVE-2025-21928 CVE-2023-52572 CVE-2024-49944 CVE-2024-42304 CVE-2025-21920 CVE-2025-21702 CVE-2022-23041 CVE-2021-47352 CVE-2024-56658 CVE-2023-52936 CVE-2025-21957 CVE-2025-21891 CVE-2025-21917 CVE-2024-26915 CVE-2021-47163 CVE-2025-21700 CVE-2024-53066 CVE-2024-49948 CVE-2021-47150 Ubuntu 18.04 LTS * SECURITY UPDATE: Out-of-bounds memory access in Python API bindings - debian/patches/CVE-2025-32414.patch: Limit character reads and reserve buffer space for UTF-8 encoding to prevent overflow - CVE-2025-32414 * SECURITY UPDATE: Heap buffer under-read in XML schema validation - debian/patches/CVE-2025-32415.patch: Fix heap buffer overflow in xmlSchemaIDCFillNodeTables - CVE-2025-32415 Important TuxCare License Agreement CVE-2025-32414 CVE-2025-32415 Ubuntu 18.04 LTS * SECURITY UPDATE: Path names provided when creating a virtual environment were not quoted properly - debian/patches/CVE-2024-9287.patch: Quote template strings in `venv` activation - CVE-2024-9287 Important TuxCare License Agreement CVE-2024-9287 Ubuntu 18.04 LTS * SECURITY UPDATE: Misc vulnerability fixes - CVE-2019-12418, CVE-2019-17563, CVE-2020-1935, CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-13943, CVE-2020-17527, CVE-2021-24122, CVE-2021-30639, CVE-2021-30640, CVE-2021-33037, CVE-2021-42340, CVE-2021-43980, CVE-2022-25762, CVE-2022-34305, CVE-2022-45143, CVE-2023-24998, CVE-2023-28709, CVE-2023-34981, CVE-2023-42794, CVE-2024-21733 * Update to 8.5.100 - debian/rules, debian/libtomcat8-java.poms, debian/maven.rules, debian/tomcat8-common.links, debian/patches/0018-fix-manager-webapp.patch, debian/patches/0019-add-distribution-to-error-page.patch, debian/patches/0021-dont-test-unsupported-ciphers.patch, debian/patches/0101-skipping-tests-incompatible-with-firewall.patch: updated - debian/patches/0002-do-not-load-AJP13-connector-by-default.patch, debian/patches/0026-easymock4-compatibility.patch: removed as they were applied in upstream - CVE-2019-0221.patch, CVE-2019-10072-1.patch, CVE-2019-10072-2.patch, CVE-2022-42252.patch, CVE-2020-1938.patch, CVE-2021-25122.patch, CVE-2021-41079.patch, CVE-2022-29885.patch, CVE-2020-9484.patch, CVE-2021-25329-pre1.patch, CVE-2021-25329.patch, CVE-2022-23181.patch, CVE-2023-44487.patch, CVE-2023-46589-pre1.patch, CVE-2023-46589-pre2.patch, CVE-2023-46589-pre3.patch, CVE-2023-46589-pre4.patch, CVE-2023-46589.patch: removed because these CVEs were fixed in upstream * Internal tests - debian/test_certs/*: updated from upstream branch 9.0.x, as the 8.0.x certs were expired Important TuxCare License Agreement CVE-2023-28709 CVE-2021-30639 CVE-2020-13934 CVE-2019-12418 CVE-2020-11996 CVE-2019-0232 CVE-2021-33037 CVE-2021-24122 CVE-2023-42794 CVE-2023-34981 CVE-2023-24998 CVE-2022-45143 CVE-2021-42340 CVE-2020-17527 CVE-2020-13943 CVE-2019-17563 CVE-2022-34305 CVE-2020-1935 CVE-2021-43980 CVE-2021-30640 CVE-2022-25762 CVE-2020-13935 CVE-2024-21733 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2025-21811 - nilfs2: protect access to buffers with no active references * CVE-url: https://ubuntu.com/security/CVE-2025-21715 - net: davicom: fix UAF in dm9000_drv_remove * CVE-url: https://ubuntu.com/security/CVE-2024-58083 - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() * CVE-url: https://ubuntu.com/security/CVE-2024-57979 - pps: Fix a use-after-free * CVE-url: https://ubuntu.com/security/CVE-2025-21898 - ftrace: Avoid potential division by zero in function_stat_show() * CVE-url: https://ubuntu.com/security/CVE-2025-21993 - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() * CVE-url: https://ubuntu.com/security/CVE-2025-21653 - netlink: add attribute range validation to policy - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute * CVE-url: https://ubuntu.com/security/CVE-2024-53148 - comedi: Flush partial mappings in error case * CVE-url: https://ubuntu.com/security/CVE-2022-49541 - cifs: fix potential double free during failed mount * CVE-url: https://ubuntu.com/security/CVE-2024-35937 - wifi: cfg80211: check A-MSDU format more carefully * CVE-url: https://ubuntu.com/security/CVE-2021-47211 - ALSA: usb-audio: fix null pointer dereference on pointer cs_desc * CVE-url: https://ubuntu.com/security/CVE-2025-21772 - partitions: mac: fix handling of bogus partition table * CVE-url: https://ubuntu.com/security/CVE-2025-21753 - btrfs: fix use-after-free when attempting to join an aborted transaction * CVE-url: https://ubuntu.com/security/CVE-2025-21934 - rapidio: fix an API misues when rio_add_net() fails Important TuxCare License Agreement CVE-2022-49541 CVE-2021-47211 CVE-2024-58083 CVE-2025-21993 CVE-2025-21653 CVE-2025-21811 CVE-2024-53148 CVE-2025-21898 CVE-2025-21934 CVE-2024-57979 CVE-2025-21772 CVE-2025-21715 CVE-2025-21753 CVE-2024-35937 Ubuntu 18.04 LTS * SECURITY UPDATE: Remote code execution - debian/patches/CVE-2025-24813.patch: Delete temporary file right after finishing request processing - CVE-2025-24813 Critical TuxCare License Agreement CVE-2025-24813 Ubuntu 18.04 LTS * SECURITY UPDATE: Improper validation of bracketed hosts in urllib - debian/patches/CVE-2024-11168.patch: add checks to ensure that bracketed hosts found by urlsplit are of IPv6 or IPvFuture format - CVE-2024-11168 * SECURITY UPDATE:Incomplete validation of bracketed hosts in urllib - debian/patches/CVE-2025-0938.patch: disallow square brackets (`[` and `]`) in domain names for parsed URLs - CVE-2025-0938 Moderate TuxCare License Agreement CVE-2024-11168 CVE-2025-0938 Ubuntu 18.04 LTS * SECURITY UPDATE: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability - debian/patches/CVE-2025-31651.patch: Enforces rewrite rules to preventing bypass of security constraints in specific configurations - CVE-2025-31651 Critical TuxCare License Agreement CVE-2025-31651 Ubuntu 18.04 LTS * SECURITY UPDATE: Untrusted LD_LIBRARY_PATH environment variable vulnerability - debian/patches/any/CVE-2025-4802.patch: Ignore LD_LIBRARY_PATH and debug env var for setuid for static - CVE-2025-4802 Important TuxCare License Agreement CVE-2025-4802 Ubuntu 18.04 LTS * SECURITY UPDATE: DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding. - debian/patches/CVE-2025-32728.patch: fix logic error in DisableForwarding option - CVE-2025-32728 Low TuxCare License Agreement CVE-2025-32728 Ubuntu 18.04 LTS * OpenJDK 8u452 release - CVE-2025-21587: better TLS connection support - CVE-2025-30691: improve compiler transformations - CVE-2025-30698: enhance Buffered Image handling - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2025-April/019989.html Important TuxCare License Agreement CVE-2025-30691 CVE-2025-21587 CVE-2025-30698 Ubuntu 18.04 LTS * OpenJDK 11.0.27 release, build 6. - CVE-2025-21587: better TLS connection support - CVE-2025-30691: improve compiler transformations - CVE-2025-30698: enhance Buffered Image handling - Release notes: https://mail.openjdk.org/pipermail/jdk-updates-dev/2025-April/043306.html Important TuxCare License Agreement CVE-2025-30698 CVE-2025-30691 CVE-2025-21587 Ubuntu 18.04 LTS * Focal update: v5.4.292 upstream stable release (LP: #2109357) // CVE-url: https://ubuntu.com/security/CVE-2025-37937 - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() * Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url: https://ubuntu.com/security/CVE-2024-53197 - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices * CVE-url: https://ubuntu.com/security/CVE-2024-46787 - userfaultfd: fix checks for huge PMDs * CVE-url: https://ubuntu.com/security/CVE-2025-37798 - sch_drr: make drr_qlen_notify() idempotent - sch_hfsc: make hfsc_qlen_notify() idempotent - sch_qfq: make qfq_qlen_notify() idempotent - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() * Focal update: v5.4.285 upstream stable release (LP: #2089233) // CVE-2024-50116 // CVE-url: https://ubuntu.com/security/CVE-2024-50116 - nilfs2: fix kernel bug due to missing clearing of buffer delay flag * Focal update: v5.4.285 upstream stable release (LP: #2089233) // CVE-2024-49958 // CVE-url: https://ubuntu.com/security/CVE-2024-49958 - ocfs2: reserve space for inline xattr before attaching reflink tree * Focal update: v5.4.286 upstream stable release (LP: #2089558) // CVE-url: https://ubuntu.com/security/CVE-2021-47195 - spi: fix use-after-free of the add_lock mutex * CVE-url: https://ubuntu.com/security/CVE-2021-47469 - spi: Fix deadlock when adding SPI controllers on SPI buses * CVE-url: https://ubuntu.com/security/CVE-2025-39735 - jfs: fix slab-out-of-bounds read in ea_get() * CVE-url: https://ubuntu.com/security/CVE-2025-22020 - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove * CVE-url: https://ubuntu.com/security/CVE-2025-22004 - net: atm: fix use after free in lec_send() * CVE-url: https://ubuntu.com/security/CVE-2025-39688 - nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid() * CVE-url: https://ubuntu.com/security/CVE-2022-49892 - ftrace: Fix use-after-free for dynamic ftrace_ops * CVE-url: https://ubuntu.com/security/CVE-2021-47293 - net/sched: act_skbmod: Skip non-Ethernet packets * CVE-url: https://ubuntu.com/security/CVE-2024-50106 - nfsd: simplify nfs4_put_deleg_lease calls - nfsd: factor out common delegation-destruction code - nfsd: Fix race to FREE_STATEID and cl_revoked - nfsd: don't call functions with side-effecting inside WARN_ON() - nfsd: remove fault injection code - nfsd: avoid race after unhash_delegation_locked() - nfsd4: don't set lock stateid's sc_type to CLOSED - nfsd: split sc_status out of sc_type - nfsd: fix race between laundromat and free_stateid * CVE-url: https://ubuntu.com/security/CVE-2024-57982 - xfrm: state: fix out-of-bounds read during lookup * CVE-url: https://ubuntu.com/security/CVE-2023-52588 - f2fs: fix to tag gcing flag on page during block migration * Miscellaneous Ubuntu changes - [Config] updateconfigs for NFSD_FAULT_INJECTION Important TuxCare License Agreement CVE-2024-53197 CVE-2024-50106 CVE-2024-57982 CVE-2025-37937 CVE-2025-22020 CVE-2025-22004 CVE-2025-39735 CVE-2021-47469 CVE-2024-49958 CVE-2024-50116 Ubuntu 18.04 LTS * SECURITY UPDATE: security vulnerability discovered - debian/patches/CVE-2025-48384.patch: quote values containing CR character in config to prevent unintentional stripping when reading - CVE-2025-48384 Important TuxCare License Agreement CVE-2025-48384 Ubuntu 18.04 LTS * SECURITY UPDATE: improper handling of 'decode' function with 'unicode_escape' encoding in bytes - debian/patches/CVE-2025-4516.patch: Fix use-after-free in the 'unicode- escape' decoder with a non-'strict' error handler - CVE-2025-4516 Moderate TuxCare License Agreement CVE-2025-4516 Ubuntu 18.04 LTS * SECURITY UPDATE: memory vulnerabilities in schematron - debian/patches/CVE-2025-49794_CVE-2025-49796.patch: fix memory safety issues in xmlSchematronReportOutput when parsing XPath elements and memory corruption issue triggered by processing sch:name elements in input XML file - CVE-2025-49794 - CVE-2025-49796 Critical TuxCare License Agreement CVE-2025-49794 CVE-2025-49796 Ubuntu 18.04 LTS * SECURITY UPDATE: unauthorized commands execution on unintended hosts - debian/patches/CVE-2025-32462.patch: restrict user from setting remote host for command unless listing privileges - CVE-2025-32462 Important TuxCare License Agreement CVE-2025-32462 Ubuntu 18.04 LTS * Focal update: v5.4.291 upstream stable release (LP: #2106002) // CVE-2025-21760 // CVE-url: https://ubuntu.com/security/CVE-2025-21760 - ndisc: extend RCU protection in ndisc_send_skb() * Focal update: v5.4.291 upstream stable release (LP: #2106002) // CVE-2025-21761 // CVE-url: https://ubuntu.com/security/CVE-2025-21761 - openvswitch: use RCU protection in ovs_vport_cmd_fill_info() * Focal update: v5.4.291 upstream stable release (LP: #2106002) // CVE-2025-21764 // CVE-url: https://ubuntu.com/security/CVE-2025-21764 - ndisc: use RCU protection in ndisc_alloc_skb() * Focal update: v5.4.291 upstream stable release (LP: #2106002) // CVE-2025-21765 // CVE-url: https://ubuntu.com/security/CVE-2025-21764 - ipv6: use RCU protection in ip6_default_advmss() * Focal update: v5.4.291 upstream stable release (LP: #2106002) // CVE-url: https://ubuntu.com/security/CVE-2025-21764 - ipv4: use RCU protection in rt_is_expired() - ipv4: use RCU protection in inet_select_addr() * CVE-url: https://ubuntu.com/security/CVE-2025-21762 - net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() - net: add dev_net_rcu() helper - arp: use RCU protection in arp_xmit() Important TuxCare License Agreement CVE-2025-21764 CVE-2025-21762 CVE-2025-21760 CVE-2025-21761 Ubuntu 18.04 LTS * SECURITY UPDATE: excessive aggregate terms potentially leading to memory corruption - debian/patches/CVE-2025-6965.patch: fix a potential memory corruption if the number of aggregate terms in a query exceeds the maximum number of columns - CVE-2025-6965 Critical TuxCare License Agreement CVE-2025-6965 Ubuntu 18.04 LTS * New microcode update packages from upstream up to 2025-05-12: - New microcodes: sig 0x000a06d1, pf_mask 0x20, 2025-02-07, rev 0xa0000d1, size 1635328 sig 0x000a06d1, pf_mask 0x95, 2025-02-07, rev 0x10003a2, size 1664000 sig 0x000b0650, pf_mask 0x80, 2025-03-18, rev 0x000a, size 136192 sig 0x000b06d1, pf_mask 0x80, 2025-03-18, rev 0x011f, size 79872 sig 0x000c0652, pf_mask 0x82, 2025-03-20, rev 0x0118, size 90112 sig 0x000c0662, pf_mask 0x82, 2025-03-20, rev 0x0118, size 90112 sig 0x000c0664, pf_mask 0x82, 2025-03-20, rev 0x0118, size 90112 sig 0x000c06a2, pf_mask 0x82, 2025-03-20, rev 0x0118, size 90112 - Updated microcodes: sig 0x00050657, pf_mask 0xbf, 2024-12-12, rev 0x5003901, size 39936 sig 0x0005065b, pf_mask 0xbf, 2024-12-12, rev 0x7002b01, size 30720 sig 0x000606a6, pf_mask 0x87, 2025-01-07, rev 0xd000404, size 309248 sig 0x000606c1, pf_mask 0x10, 2025-01-07, rev 0x10002d0, size 300032 sig 0x000706a8, pf_mask 0x01, 2024-12-05, rev 0x0026, size 76800 sig 0x000706e5, pf_mask 0x80, 2025-01-07, rev 0x00ca, size 115712 sig 0x000806c1, pf_mask 0x80, 2024-12-01, rev 0x00bc, size 112640 sig 0x000806c2, pf_mask 0xc2, 2024-12-01, rev 0x003c, size 99328 sig 0x000806d1, pf_mask 0xc2, 2024-12-11, rev 0x0056, size 105472 sig 0x000806ec, pf_mask 0x94, 2024-11-17, rev 0x0100, size 106496 sig 0x000806f4, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7, size 624640 sig 0x000806f4, pf_mask 0x87, 2025-01-28, rev 0x2b000639, size 591872 sig 0x000806f5, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7, size 624640 sig 0x000806f5, pf_mask 0x87, 2025-01-28, rev 0x2b000639, size 591872 sig 0x000806f6, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7, size 624640 sig 0x000806f6, pf_mask 0x87, 2025-01-28, rev 0x2b000639, size 591872 sig 0x000806f7, pf_mask 0x87, 2025-01-28, rev 0x2b000639, size 591872 sig 0x000806f8, pf_mask 0x10, 2025-01-28, rev 0x2c0003f7, size 624640 sig 0x000806f8, pf_mask 0x87, 2025-01-28, rev 0x2b000639, size 591872 sig 0x00090672, pf_mask 0x07, 2024-12-12, rev 0x003a, size 226304 sig 0x00090675, pf_mask 0x07, 2024-12-12, rev 0x003a, size 226304 sig 0x000906a3, pf_mask 0x80, 2024-12-12, rev 0x0437, size 224256 sig 0x000906a4, pf_mask 0x40, 2024-12-06, rev 0x000a, size 119808 sig 0x000906a4, pf_mask 0x80, 2024-12-12, rev 0x0437, size 224256 sig 0x000906ed, pf_mask 0x22, 2024-11-14, rev 0x0104, size 106496 sig 0x000a0652, pf_mask 0x20, 2024-11-14, rev 0x0100, size 97280 sig 0x000a0653, pf_mask 0x22, 2024-11-14, rev 0x0100, size 98304 sig 0x000a0655, pf_mask 0x22, 2024-11-14, rev 0x0100, size 97280 sig 0x000a0660, pf_mask 0x80, 2024-11-14, rev 0x0102, size 98304 sig 0x000a0661, pf_mask 0x80, 2024-11-14, rev 0x0100, size 97280 sig 0x000a0671, pf_mask 0x02, 2024-12-01, rev 0x0064, size 108544 sig 0x000a06a4, pf_mask 0xe6, 2025-02-13, rev 0x0024, size 140288 sig 0x000a06f3, pf_mask 0x01, 2025-02-10, rev 0x3000341, size 1542144 sig 0x000b0671, pf_mask 0x32, 2025-03-17, rev 0x012f, size 219136 sig 0x000b0674, pf_mask 0x32, 2025-03-17, rev 0x012f, size 219136 sig 0x000b06a2, pf_mask 0xe0, 2025-01-15, rev 0x4128, size 224256 sig 0x000b06a3, pf_mask 0xe0, 2025-01-15, rev 0x4128, size 224256 sig 0x000b06a8, pf_mask 0xe0, 2025-01-15, rev 0x4128, size 224256 sig 0x000b06e0, pf_mask 0x19, 2024-12-06, rev 0x001d, size 139264 sig 0x000b06f2, pf_mask 0x07, 2024-12-12, rev 0x003a, size 226304 sig 0x000b06f5, pf_mask 0x07, 2024-12-12, rev 0x003a, size 226304 sig 0x000b06f6, pf_mask 0x07, 2024-12-12, rev 0x003a, size 226304 sig 0x000b06f7, pf_mask 0x07, 2024-12-12, rev 0x003a, size 226304 sig 0x000c06f1, pf_mask 0x87, 2025-03-14, rev 0x210002a9, size 563200 sig 0x000c06f2, pf_mask 0x87, 2025-03-14, rev 0x210002a9, size 563200 - Removed microcodes: sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912 * SECURITY UPDATE: - CVE-2024-28956, INTEL-SA-01153 - CVE-2025-20054, INTEL-SA-01244 - CVE-2025-20103, INTEL-SA-01244 - CVE-2024-43420, INTEL-SA-01247 - CVE-2024-45332, INTEL-SA-01247 - CVE-2025-20623, INTEL-SA-01247 - CVE-2025-20012, INTEL-SA-01322 - CVE-2025-24495, INTEL-SA-01322 Moderate TuxCare License Agreement CVE-2025-20623 CVE-2025-24495 CVE-2024-28956 CVE-2024-43420 CVE-2024-45332 CVE-2025-20012 CVE-2025-20054 CVE-2025-20103 Ubuntu 18.04 LTS * SECURITY UPDATE: heap-based Buffer Overflow in ELF ld Component - debian/patches/CVE-2025-1176.patch: prevent illegal memory access when indexing into the sym_hashes array of the elf bfd cookie structure - CVE-2025-1176 Moderate TuxCare License Agreement CVE-2025-1176 Ubuntu 18.04 LTS * OpenJDK 11.0.28 release, build 6. - CVE-2025-30749: Java 2D heap corruption, code execution/DoS - CVE-2025-30754: JSSE TLS handshake flaw, weakened encryption - CVE-2025-30761: nashorn sandbox bypass, code execution - CVE-2025-50059: HTTP client header bug, data leak - CVE-2025-50106: Glyph rendering memory bug, crash/code exec - Release notes: https://mail.openjdk.org/pipermail/jdk-updates-dev/2025-July/045612.html Important TuxCare License Agreement CVE-2025-30754 CVE-2025-50106 CVE-2025-50059 CVE-2025-30761 CVE-2025-30749 Ubuntu 18.04 LTS * SECURITY UPDATE: multiple vulnerabilities in Gitk and Git GUI - debian/patches/CVE-2025-27614_CVE-2025-27613_CVE-2025-46835.patch: Prevent script execution via specially crafted filenames in Gitk. Sanitize filename handling to avoid unintended file creation/truncation. Validate directory names in Git GUI to prevent unsafe file overwrites when editing files - CVE-2025-27614, CVE-2025-27613, CVE-2025-46835 Moderate TuxCare License Agreement CVE-2025-46835 CVE-2025-27613 CVE-2025-27614 Ubuntu 18.04 LTS * SECURITY UPDATE: Insufficient validation of filenames against control characters in repositories served via mod_dav_svn - debian/patches/CVE-2024-46901.patch: fix mod_dav_svn denial-of-service via control characters in paths Moderate TuxCare License Agreement CVE-2024-46901 Ubuntu 18.04 LTS * OpenJDK 8u462 release - CVE-2025-30749: Java 2D heap corruption, code execution/DoS - CVE-2025-30754: JSSE TLS handshake flaw, weakened encryption - CVE-2025-30761: nashorn sandbox bypass, code execution - CVE-2025-50059: HTTP client header bug, data leak - CVE-2025-50106: Glyph rendering memory bug, crash/code exec - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2025-July/020263.html Important TuxCare License Agreement CVE-2025-30754 CVE-2025-30749 CVE-2025-50059 CVE-2025-30761 CVE-2025-50106 Ubuntu 18.04 LTS * SECURITY UPDATE: denial of service issue due to incorrect memory allocations - debian/patches/CVE-2025-29088.patch: harden the SQLITE_DBCONFIG_LOOKASIDE interface against misuse, such as described in forum post 48f365daec Enhancements to the SQLITE_DBCONFIG_LOOKASIDE documentation - CVE-2025-29088 Moderate TuxCare License Agreement CVE-2025-29088 Ubuntu 18.04 LTS * SECURITY UPDATE: security vulnerability patched - debian/patches/CVE-2025-48386.patch: fix buffer overflow in wcsncat() to avoid segmentation fault caused by off-by-one error in the wincred credential helper - CVE-2025-48386 Moderate TuxCare License Agreement CVE-2025-48386 Ubuntu 18.04 LTS * SECURITY UPDATE: prevent spoofing vulnerability in GSSAPI-protected messages using RC4-HMAC-MD5 due to weaknesses in MD5 checksum design - debian/patches/CVE-2025-3576: don't issue session keys with deprecated enctypes. Updates tests. - CVE-2025-3576 Moderate TuxCare License Agreement CVE-2025-3576 Ubuntu 18.04 LTS * SECURITY UPDATE: incorrect unicode encoding of separating comma in folded address list - debian/patches/CVE-2025-1795.patch: Fix misfolding of comma in address- lists over multiple lines in combination with unicode encoding - CVE-2025-1795 Low TuxCare License Agreement CVE-2025-1795 Ubuntu 18.04 LTS * SECURITY UPDATE: denial of service attack caused by untrusted clients triggering assertion in mod_proxy_http2 - debian/patches/CVE-2025-49630.patch: tolerate missing host header in h2 proxy to fix issue with HTTP/0.9 request without Host header - CVE-2025-49630 Important TuxCare License Agreement CVE-2025-49630 Ubuntu 18.04 LTS * SECURITY UPDATE: insufficient escaping of user-supplied data in logging configurations - debian/patches/CVE-2024-47252.patch: Escape ssl vars to prevent potential security vulnerabilities - CVE-2024-47252 Important TuxCare License Agreement CVE-2025-23048 CVE-2024-47252 Ubuntu 18.04 LTS * SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/http_fopen_wrapper.c - CVE-2025-1217 * SECURITY UPDATE: insufficient HTTP header validation - debian/patches/CVE-2025-1734.patch: adds logic to fail invalid HTTP headers in ext/standard/http_fopen_wrapper.c - CVE-2025-1734 * SECURITY UPDATE: http redirect location truncation - debian/patches/CVE-2025-1861.patch: converts the allocation of location to be on heap instead of stack and errors if the location length is greater than 8086 bytes in ext/standard/http_fopen_wrapper.c - CVE-2025-1861 * SECURITY UPDATE: insufficient HTTP header validation - debian/patches/CVE-2025-1736.patch: updates the http user header check for crlf in ext/standard/http_fopen_wrapper.c - CVE-2025-1736 Critical TuxCare License Agreement CVE-2025-1734 CVE-2025-1736 CVE-2025-1217 CVE-2025-1861 Ubuntu 18.04 LTS * SECURITY UPDATE: mod_ssl TLS upgrade attack - debian/patches/CVE-2025-49812.patch: remove antiquated 'SSLEngine optional' TLS upgrade in modules/ssl/ssl_engine_config.c, modules/ssl/ssl_engine_init.c, modules/ssl/ssl_engine_kernel.c, modules/ssl/ssl_private.h. - CVE-2025-49812 Important TuxCare License Agreement CVE-2025-49812 Ubuntu 18.04 LTS * SECURITY UPDATE: stack-based buffer overflow vulnerability - debian/patches/CVE-2025-6021.patch: Fix integer overflow in xmlBuildQName to improve memory safety - CVE-2025-6021 Important TuxCare License Agreement CVE-2025-6021 Ubuntu 18.04 LTS * SECURITY UPDATE: Disable URN protocol access to prevent potential security vulnerabilities - debian/patches/CVE-2025-54574.patch: Add ACL rules to deny URN protocol access by default - CVE-2025-54574 Critical TuxCare License Agreement CVE-2025-54574 Ubuntu 18.04 LTS * SECURITY UPDATE: heap buffer overflow in InterpretImageFilename function - debian/patches/CVE-2025-53014.patch: fix out of bounds read of a single byte in image file interpretation - CVE-2025-53014 Critical TuxCare License Agreement CVE-2025-53014 Ubuntu 18.04 LTS * SECURITY UPDATE: inadequate error checking in pgsql and pdo_pgsql escaping functions - debian/patches/CVE-2025-1735.patch: Add error checks for escape function in pgsql and pdo_pgsql extensions to prevent storing of improperly escaped data - CVE-2025-1735 Important TuxCare License Agreement CVE-2025-1735 Ubuntu 18.04 LTS * SECURITY UPDATE: out-of-bounds read in sftp_handle function - debian/patches/CVE-2025-5318.patch: fix possible buffer overrun by changing '> SFTP_HANDLES' to '>= SFTP_HANDLES' - CVE-2025-5318 Important TuxCare License Agreement CVE-2025-5318 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2025-38000 - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() * CVE-url: https://ubuntu.com/security/CVE-2024-57996 // CVE-url: https://ubuntu.com/security/CVE-2025-37752 - net_sched: sch_sfq: move the limit validation * Focal update: v5.4.285 upstream stable release (LP: #2089233) // CVE-2024-50202 // CVE-url: https://ubuntu.com/security/CVE-2024-50202 - nilfs2: propagate directory read errors from nilfs_find_entry() * Focal update: v5.4.279 upstream stable release (LP: #2073621) // CVE-url: https://ubuntu.com/security/CVE-2024-50202 - nilfs2: Remove check for PageError - nilfs2: return the mapped address from nilfs_get_page() * Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url: https://ubuntu.com/security/CVE-2024-53131 - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint * Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url: https://ubuntu.com/security/CVE-2024-53130 - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint * CVE-url: https://ubuntu.com/security/CVE-2022-49179 - block, bfq: don't move oom_bfqq * CVE-url: https://ubuntu.com/security/CVE-2022-49176 - bfq: fix use-after-free in bfq_dispatch_request * CVE-url: https://ubuntu.com/security/CVE-2025-21956 - drm/amd/display: Assign normalized_pix_clk when color depth = 14 * CVE-url: https://ubuntu.com/security/CVE-2025-21992 - HID: ignore non-functional sensor in HP 5MP Camera * CVE-url: https://ubuntu.com/security/CVE-2025-22021 - netfilter: socket: Lookup orig tuple for IPv6 SNAT * CVE-url: https://ubuntu.com/security/CVE-2025-22073 - spufs: fix a leak on spufs_new_file() failure * CVE-url: https://ubuntu.com/security/CVE-2025-22079 - ocfs2: validate l_tree_depth to avoid out-of-bounds access * CVE-url: https://ubuntu.com/security/CVE-2025-22086 - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow * CVE-url: https://ubuntu.com/security/CVE-2025-21722 - nilfs2: do not force clear folio if buffer is referenced * CVE-url: https://ubuntu.com/security/CVE-2025-22018 - atm: Fix NULL pointer dereference * CVE-url: https://ubuntu.com/security/CVE-2024-58071 - team: prevent adding a device which is already a team device lower * CVE-url: https://ubuntu.com/security/CVE-2024-58063 - wifi: rtlwifi: fix memory leaks and invalid access at probe error path * CVE-url: https://ubuntu.com/security/CVE-2024-58052 - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table * CVE-url: https://ubuntu.com/security/CVE-2024-58058 - ubifs: skip dumping tnc tree when zroot is null * CVE-url: https://ubuntu.com/security/CVE-2025-21859 - USB: gadget: f_midi: f_midi_complete to call queue_work * CVE-url: https://ubuntu.com/security/CVE-2025-21640 - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy * CVE-url: https://ubuntu.com/security/CVE-2024-57922 - drm/amd/display: Add check for granularity in dml ceil/floor helpers * CVE-url: https://ubuntu.com/security/CVE-2024-57913 - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind * CVE-url: https://ubuntu.com/security/CVE-2025-21638 - sctp: sysctl: auth_enable: avoid using current->nsproxy * CVE-url: https://ubuntu.com/security/CVE-2024-50195 - posix-clock: Fix missing timespec64 check in pc_clock_settime() * CVE-url: https://ubuntu.com/security/CVE-2024-50299 - sctp: properly validate chunk size in sctp_sf_ootb() * CVE-url: https://ubuntu.com/security/CVE-2024-50273 - btrfs: reinitialize delayed ref list after deleting it from the list * CVE-url: https://ubuntu.com/security/CVE-2024-41016 - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() * CVE-url: https://ubuntu.com/security/CVE-2024-50287 - media: v4l2-tpg: prevent the risk of a division by zero * CVE-url: https://ubuntu.com/security/CVE-2024-49965 - ocfs2: remove unreasonable unlock in ocfs2_read_blocks * CVE-url: https://ubuntu.com/security/CVE-2024-50179 - ceph: remove the incorrect Fw reference check when dirtying pages * CVE-url: https://ubuntu.com/security/CVE-2024-40953 - KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() * CVE-url: https://ubuntu.com/security/CVE-2024-50290 - media: cx24116: prevent overflows on SNR calculus * CVE-url: https://ubuntu.com/security/CVE-2024-49877 - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate * CVE-url: https://ubuntu.com/security/CVE-2024-49938 - wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit * CVE-url: https://ubuntu.com/security/CVE-2024-50008 - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() * CVE-url: https://ubuntu.com/security/CVE-2024-47672 - wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead * CVE-url: https://ubuntu.com/security/CVE-2024-49959 - jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error * CVE-url: https://ubuntu.com/security/CVE-2024-49963 - mailbox: bcm2835: Fix timeout during suspend mode * CVE-url: https://ubuntu.com/security/CVE-2024-47709 - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). * CVE-url: https://ubuntu.com/security/CVE-2025-21699 - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag * CVE-url: https://ubuntu.com/security/CVE-2025-21689 - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() * CVE-url: https://ubuntu.com/security/CVE-2024-38544 - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt * CVE-url: https://ubuntu.com/security/CVE-2024-50251 - netfilter: nft_payload: sanitize offset and length before calling skb_checksum() * CVE-url: https://ubuntu.com/security/CVE-2024-49949 - udp: add udp gso - net: avoid potential underflow in qdisc_pkt_len_init() with UFO * CVE-url: https://ubuntu.com/security/CVE-2024-53101 - fs: Fix uninitialized value issue in from_kuid and from_kgid * CVE-url: https://ubuntu.com/security/CVE-2023-52975 - scsi: iscsi: Move pool freeing - scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress * Focal update: v5.4.287 upstream stable release (LP: #2095145) // CVE-url: https://ubuntu.com/security/CVE-2024-56748 - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() * CVE-url: https://ubuntu.com/security/CVE-2025-37797 - net_sched: hfsc: Fix a UAF vulnerability in class handling * CVE-url: https://ubuntu.com/security/CVE-2024-38541 - of: module: add buffer overflow check in of_modalias() * Miscellaneous upstream changes - fixup! UBUNTU: [Config] updateconfigs for NFSD_FAULT_INJECTION Important TuxCare License Agreement CVE-2025-38000 CVE-2025-37797 CVE-2025-21992 CVE-2024-53130 CVE-2025-22021 CVE-2025-22079 CVE-2025-22086 CVE-2025-21722 CVE-2024-58052 CVE-2025-21859 CVE-2025-21640 CVE-2024-57922 CVE-2024-57913 CVE-2025-21638 CVE-2024-50299 CVE-2024-50273 CVE-2024-50287 CVE-2024-49965 CVE-2024-50179 CVE-2024-50290 CVE-2024-49877 CVE-2024-49938 CVE-2024-50008 CVE-2024-47672 CVE-2025-21689 CVE-2024-38544 CVE-2024-53101 CVE-2024-53131 CVE-2024-56748 CVE-2024-50195 CVE-2022-49179 CVE-2023-52975 CVE-2024-41016 CVE-2024-49949 CVE-2024-47709 CVE-2024-58071 CVE-2022-49176 CVE-2025-21956 CVE-2024-50202 CVE-2025-22018 CVE-2024-38541 CVE-2024-40953 CVE-2024-57996 CVE-2025-22073 CVE-2024-58063 CVE-2024-58058 CVE-2024-50251 CVE-2024-49959 CVE-2024-49963 CVE-2025-21699 Ubuntu 18.04 LTS * SECURITY UPDATE: defect in 'tarfile' module leads to infinite loop and deadlock in parsing of maliciously crafted tar archives - debian/patches/CVE-2025-8194.patch: Validate archives to ensure member offsets are non-negative - CVE-2025-8194 Important TuxCare License Agreement CVE-2025-8194 Ubuntu 18.04 LTS * SECURITY UPDATE: Overwrite a local file - debian/patches/CVE-2023-30630.patch: Prevent --dump-bin from overwriting local files to address privilege escalation vulnerability - CVE-2023-30630 Important TuxCare License Agreement CVE-2023-30630 Ubuntu 18.04 LTS * SECURITY UPDATE: stack overflow via multiple consecutive %d format specifiers in filename template - debian/patches/CVE-2025-53101.patch: Fix image filename interpretation issue by adjusting the offset value - CVE-2025-53101 Critical TuxCare License Agreement CVE-2025-53101 Ubuntu 18.04 LTS * SECURITY UPDATE: memory corruption vulnerability in attribute type flags - debian/patches/CVE-2025-7425.patch: Fix heap-use-after-free caused by `atype` corruption - CVE-2025-7425 Important TuxCare License Agreement CVE-2025-7425 Ubuntu 18.04 LTS * SECURITY UPDATE: heap out-of-bounds write in BlobStream (WriteBlob) - debian/patches/CVE-2025-57807.patch: enforce extent ≥ offset + length when forward-seeking before writes in MagickCore/blob.c - CVE-2025-57807 Critical TuxCare License Agreement CVE-2025-57807 Ubuntu 18.04 LTS * SECURITY UPDATE: double-free when exporting SAN otherName - debian/patches/CVE-2025-32988.patch: fix double-free triggered when exporting certificates with multiple SAN otherName entries. - CVE-2025-32988 * SECURITY UPDATE: 1-byte heap write in certtool template parsing - debian/patches/CVE-2025-32990.patch: prevent 1-byte heap overwrite caused by malformed certificate template input in certtool. - CVE-2025-32990 Important TuxCare License Agreement CVE-2025-32990 CVE-2025-32988 Ubuntu 18.04 LTS * SECURITY UPDATE: authentication bypass vulnerability - debian/patches/CVE-2025-58060.patch: block authentication using alternate method in scheduler/auth.c - CVE-2025-58060 Important TuxCare License Agreement CVE-2025-58060 Ubuntu 18.04 LTS * SECURITY UPDATE: memory leak via multiple consecutive %d format specifiers in filename template - debian/patches/CVE-2025-53019.patch: Fix memory leak when entering StreamImage multiple times - CVE-2025-53019 Important TuxCare License Agreement CVE-2025-53019 Ubuntu 18.04 LTS * SECURITY UPDATE: IPP extension tag parsing vulnerability - debian/patches/CVE-2025-58364.patch: fix handling of extension tag in ipp_read_io() - CVE-2025-58364 Moderate TuxCare License Agreement CVE-2025-58364 Ubuntu 18.04 LTS * SECURITY UPDATE: denial of Service vulnerability due to zero dimensions crash - debian/patches/CVE-2025-55212.patch: Fix invalid width or height checks in ThumbnailImage method and add safe reciprocal function to avoid division by zero - CVE-2025-55212 Important TuxCare License Agreement CVE-2025-55212 Ubuntu 18.04 LTS * SECURITY UPDATE: memory corruption vulnerability from unsafe magnified size calculations in ReadOneMNGIMage - debian/patches/CVE-2025-55154.patch: Fix type mismatch issue in png.c causing incorrect image dimensions calculation - CVE-2025-55154 Important TuxCare License Agreement CVE-2025-55154 Ubuntu 18.04 LTS * SECURITY UPDATE: fix privilege escalation in pam_namespace - debian/patches-applied/CVE-2025-6020-pre.patch: prerequisite changes - debian/patches-applied/CVE-2025-6020.patch: enforce proper handling of instance directory symlinks to prevent mounting arbitrary paths - CVE-2025-6020 Important TuxCare License Agreement CVE-2025-6020 Ubuntu 18.04 LTS * SECURITY UPDATE: fix NULL pointer dereference in SOAP with huge QName - debian/patches/CVE-2025-6491.patch: Add safeguard in ext/soap/soap.c to handle invalid XML node names produced by libxml2 with extremely large namespace prefixes - CVE-2025-6491 Moderate TuxCare License Agreement CVE-2025-6491 Ubuntu 18.04 LTS * SECURITY UPDATE: 32-bit Integer Overflow in BMP Encoder - debian/patches/CVE-2025-57803.patch: Fix buffer overflow issue in BMP decoder caused by insufficient memory allocation - CVE-2025-57803 Important TuxCare License Agreement CVE-2025-57803 CVE-2025-55298 Ubuntu 18.04 LTS * SECURITY UPDATE: uncontrolled recursion causing stack overflow via crafted XPath expressions - debian/patches/CVE-2025-9714-*.patch: Add comprehensive XPath DoS protection including operation limits, recursion depth controls, and proper handling of recursive invocations to prevent stack overflows and resource exhaustion - CVE-2025-9714 Moderate TuxCare License Agreement CVE-2025-9714 Ubuntu 18.04 LTS * SECURITY UPDATE: Fix directory cleanup vulnerability - dpkg-deb/info.c: Fix cleanup for control member with restricted directories - Add treewalk to set proper permissions before removal for non-root users - CVE-2025-6297 Low TuxCare License Agreement CVE-2025-6297 Ubuntu 18.04 LTS * CVE-url: https://ubuntu.com/security/CVE-2022-43945 - NFSD: Protect against send buffer overflow in NFSv3 READ * Focal update: v5.4.285 upstream stable release (LP: #2089233) // CVE-2024-49924 // CVE-url: https://ubuntu.com/security/CVE-2024-49924 - fbdev: pxafb: Fix possible use after free in pxafb_task() * CVE-url: https://ubuntu.com/security/CVE-2025-38477 - net/sched: sch_qfq: Fix race condition on qfq_aggregate - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class * CVE-url: https://ubuntu.com/security/CVE-2025-38618 - vsock: Do not allow binding to VMADDR_PORT_ANY * CVE-url: https://ubuntu.com/security/CVE-2025-38617 - net/packet: fix a race in packet_set_ring() and packet_notifier() * CVE-url: https://ubuntu.com/security/CVE-2025-21796 - nfsd: clear acl_access/acl_default after releasing them * CVE-url: https://ubuntu.com/security/CVE-2022-48827 - NFSD: Fix the behavior of READ near OFFSET_MAX * CVE-url: https://ubuntu.com/security/CVE-2021-47391 - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests * CVE-url: https://ubuntu.com/security/CVE-2024-41069 - ASoC: topology: Fix references to freed memory - ASoC: topology: Do not assign fields that are already set - ASoC: topology: Clean up route loading * CVE-url: https://ubuntu.com/security/CVE-2024-56616 - drm/dp_mst: Fix MST sideband message body length check * Focal update: v5.4.261 upstream stable release (LP: #2049049) // CVE-url: https://ubuntu.com/security/CVE-2023-52868 - thermal: core: prevent potential string overflow * Focal update: v5.4.262 upstream stable release (LP: #2049069) // CVE-url: https://ubuntu.com/security/CVE-2023-52836 - locking/ww_mutex/test: Fix potential workqueue corruption * CVE-2024-35965 // CVE-url: https://ubuntu.com/security/CVE-2024-35965 - Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt() - Bluetooth: L2CAP: Fix not validating setsockopt user input * Focal update: v5.4.188 upstream stable release (LP: #1971496) // CVE-url: https://ubuntu.com/security/CVE-2022-49292 - ALSA: oss: Fix PCM OSS buffer allocation overflow * Focal update: v5.4.262 upstream stable release (LP: #2049069) // CVE-url: https://ubuntu.com/security/CVE-2023-52835 - perf/core: Bail out early if the request AUX area is out of bound * Focal update: v5.4.262 upstream stable release (LP: #2049069) // CVE-url: https://ubuntu.com/security/CVE-2023-52764 - media: gspca: cpia1: shift-out-of-bounds in set_flicker * Focal update: v5.4.261 upstream stable release (LP: #2049049) // CVE-url: https://ubuntu.com/security/CVE-2023-52864 - platform/x86: wmi: Fix probe failure when failing to register WMI devices - platform/x86: wmi: remove unnecessary initializations - platform/x86: wmi: Fix opening of char device * CVE-2024-35966 // CVE-url: https://ubuntu.com/security/CVE-2024-35966 - Bluetooth: RFCOMM: Fix not validating setsockopt user input * CVE-2024-35967 // CVE-url: https://ubuntu.com/security/CVE-2024-35966 - Bluetooth: SCO: Fix not validating setsockopt user input * Focal update: v5.4.291 upstream stable release (LP: #2106002) // CVE-2025-21704 // CVE-url: https://ubuntu.com/security/CVE-2025-21704 - usb: cdc-acm: Check control transfer buffer size before access * CVE-url: https://ubuntu.com/security/CVE-2025-38350 - net/sched: Always pass notifications when child class becomes empty * CVE-url: https://ubuntu.com/security/CVE-2025-37798 - sch_htb: make htb_qlen_notify() idempotent Important TuxCare License Agreement CVE-2023-52835 CVE-2023-52836 CVE-2025-21796 CVE-2025-38477 CVE-2022-49292 CVE-2022-48827 CVE-2021-47391 CVE-2025-38618 CVE-2025-38617 CVE-2024-41069 CVE-2023-52868 CVE-2024-56616 CVE-2023-52864 CVE-2023-52764 CVE-2025-38350 CVE-2025-37798 CVE-2025-21704 CVE-2024-35965 CVE-2022-43945 CVE-2024-35966 CVE-2024-49924 Ubuntu 18.04 LTS * SECURITY UPDATE: heap-buffer overflow read in MNG - debian/patches/CVE-2025-55004.patch: Fix heap buffer overflow issue in MNG magnification with alpha channel - debian/patches/fix-missing-cast-function.patch: Fix missing CastDoubleToLong function failing build - CVE-2025-55004 Moderate TuxCare License Agreement CVE-2025-55004 Ubuntu 18.04 LTS * SECURITY UPDATE: UBSan function-type-mismatch - debian/patches/CVE-2025-55160.patch: Fix UBSan function-type-mismatch in cloning functions - CVE-2025-55160 Moderate TuxCare License Agreement CVE-2025-55160 Ubuntu 18.04 LTS * SECURITY UPDATE: information disclosure via HTTP authentication credentials - debian/patches/CVE-2025-62168.patch: Fix bug causing visibility of proxy auth data to scripts by redacting credentials from error page code expansion output and mailto link generation - CVE-2025-62168 Important TuxCare License Agreement CVE-2025-62168 Ubuntu 18.04 LTS * Focal update: v5.4.291 upstream stable release (LP: #2106002) // CVE-2024-58072 - wifi: rtlwifi: remove unused check_buddy_priv * Focal update: v5.4.291 upstream stable release (LP: #2106002) - wifi: rtlwifi: remove unused timer and related code - wifi: rtlwifi: remove unused dualmac control leftovers * Focal update: v5.4.237 upstream stable release (LP: #2023420) - ext4: move where set the MAY_INLINE_DATA flag is set * CVE-url: https://ubuntu.com/security/CVE-2024-58014 - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() * CVE-url: https://ubuntu.com/security/CVE-2025-38352 - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() * CVE-url: https://ubuntu.com/security/CVE-2022-25265 - x86/elf: Add table to document READ_IMPLIES_EXEC - x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK - x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit * Focal update: v5.4.279 upstream stable release (LP: #2073621) // CVE-url: https://ubuntu.com/security/CVE-2024-37078 - nilfs2: fix potential kernel bug due to lack of writeback flag waiting * CVE-url: https://ubuntu.com/security/CVE-2022-49170 - f2fs: fix to do sanity check on curseg->alloc_type * CVE-url: https://ubuntu.com/security/CVE-2021-47479 - staging: rtl8712: fix use-after-free in rtl8712_dl_fw * Focal update: v5.4.279 upstream stable release (LP: #2073621) // CVE-url: https://ubuntu.com/security/CVE-2024-39469 - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors * CVE-url: https://ubuntu.com/security/CVE-2022-49519 - ath10k: skip ath10k_halt during suspend for driver state RESTARTING * CVE-url: https://ubuntu.com/security/CVE-2024-46713 - perf/aux: Fix AUX buffer serialization * Focal update: v5.4.262 upstream stable release (LP: #2049069) // CVE-url: https://ubuntu.com/security/CVE-2023-52804 - fs/jfs: Add check for negative db_l2nbperpage - fs/jfs: Add validity check for db_maxag and db_agpref * Focal update: v5.4.251 upstream stable release (LP: #2034918) // CVE-url: https://ubuntu.com/security/CVE-2023-52804 - jfs: jfs_dmap: Validate db_l2nbperpage while mounting * CVE-url: https://ubuntu.com/security/CVE-2024-36880 - Bluetooth: qca: add missing firmware sanity checks * Miscellaneous upstream changes - net: openvswitch: fix nested key length validation in the set() action - isofs: Prevent the use of too small fid - ext4: ignore xattrs past end - net: ppp: Add bound checking for skb data on ppp_sync_txmung - media: venus: hfi: add check to handle incorrect queue size - sctp: detect and prevent references to a freed transport in sendmsg - ext4: improve xattr consistency checking and error reporting - ext4: introduce ITAIL helper - ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() - ibmvnic: Do not attempt to login if RX or TX queues are not allocated - ibmvnic: Enable GRO - ibmvnic: Fix netdev feature clobbering during a reset - ibmvnic: create send_control_ip_offload - ibmvnic: Define vnic_login_client_data name field as unsized array - ibmvnic: Use strscpy() instead of strncpy() - ibmvnic: Use kernel helpers for hex dumps - wifi: at76c50x: fix use after free access in at76_disconnect Important TuxCare License Agreement CVE-2024-37078 CVE-2024-36880 CVE-2023-52804 CVE-2024-46713 CVE-2022-25265 CVE-2024-58072 CVE-2022-49519 CVE-2022-49170 CVE-2021-47479 CVE-2025-38352 CVE-2024-58014 Ubuntu 18.04 LTS * SECURITY UPDATE: integer overflow vulnerability in BMP decoder on 32-bit systems - debian/patches/CVE-2025-62171.patch: add extra check to resolve issue on 32-bit systems caused by memory allocation failure - CVE-2025-62171 Important TuxCare License Agreement CVE-2025-62171 Ubuntu 18.04 LTS * OpenJDK 8u472 release - CVE-2025-53057: fix unauthorized remote data-modification - CVE-2025-53066: fix unauthorized remote data access - CVE-2025-61748: fix limited remote unauthorized data modification - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2025-October/thread.html Moderate TuxCare License Agreement CVE-2025-53066 CVE-2025-53057 Ubuntu 18.04 LTS * SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 * SECURITY UPDATE: fix SEGV in vfinfo - debian/patches/CVE-2025-11840.patch: prevent segmentation fault by checking for NULL name in reloc howto structure in coff_slurp_reloc_table - CVE-2025-11840 Important TuxCare License Agreement CVE-2025-11840 CVE-2025-11839 CVE-2025-7545 Ubuntu 18.04 LTS * SECURITY UPDATE: memory corruption when handling malformed ELF files - debian/patches/CVE-2025-1182.patch: prevent illegal memory access in bfd_elf_reloc_symbol_deleted_p() when processing corrupt ELF input - CVE-2025-1182 Moderate TuxCare License Agreement CVE-2025-1182 CVE-2025-3198 Ubuntu 18.04 LTS * SECURITY UPDATE: debug_information memory leak in process_debug_info - debian/patches/CVE-2025-8225.patch: prevent memory leak by checking alloc_num_debug_info_entries instead of num_debug_info_entries to determine whether debug_information has been allocated - CVE-2025-8225 Low TuxCare License Agreement CVE-2025-8225 Ubuntu 18.04 LTS * SECURITY UPDATE: memory corruption when processing relocations for ELF files - debian/patches/CVE-2025-1181.patch: prevent illegal memory access when checking relocs in a corrupt ELF binary - CVE-2025-1181 Moderate TuxCare License Agreement CVE-2025-1181 Ubuntu 18.04 LTS * SECURITY UPDATE: Heap buffer overflow in array_merge() - debian/patches/CVE-2025-14178.patch: add validation to check if total element count exceeds HT_MAX_SIZE before allocation. - CVE-2025-14178 Low TuxCare License Agreement CVE-2025-14178 Ubuntu 18.04 LTS * SECURITY UPDATE: Heap-based buffer overflow in elf_swap_shdr function - debian/patches/CVE-2025-11083.patch: Avoid a linker crash by rejecting corrupt section headers in linker input files. Changed elf_swap_shdr_in to return bfd_boolean and validate section sizes against file size to detect and reject corrupt headers - CVE-2025-11083 Important TuxCare License Agreement CVE-2025-11083 Ubuntu 18.04 LTS * SECURITY UPDATE: Possible DoS attack caused by a slow client communication - debian/patches/CVE-2025-58436.patch: fix unresponsive cupsd process caused by a slow client - CVE-2025-58436 Moderate TuxCare License Agreement CVE-2025-58436 Ubuntu 18.04 LTS * SECURITY UPDATE: Carriage Return characters in credential protocol - debian/patches/CVE-2024-52006.patch: fix to disallow Carriage Return characters in the credential protocol by default to prevent vulnerabilities when credential helpers interpret bare Carriage Returns as newlines - CVE-2024-52006 Important TuxCare License Agreement CVE-2024-52006 Ubuntu 18.04 LTS * SECURITY UPDATE: einfo calls with %F specifier do not always exit - debian/patches/CVE-2025-1153.patch: introduce fatal() function that always exits, replacing einfo calls with %F specifier to prevent program continuation after fatal errors - CVE-2025-1153 Moderate TuxCare License Agreement CVE-2025-1153 Ubuntu 18.04 LTS * SECURITY UPDATE: memory corruption in armor parser - debian/patches/CVE-2025-68973.patch: Fix faulty double increment in armor_filter function. - CVE-2025-68973 Important TuxCare License Agreement CVE-2025-68973 Ubuntu 18.04 LTS * SECURITY UPDATE: Confusing users into sending their passwords to sites under the attacker’s control using crafted URLs - debian/patches/CVE-2024-50349.patch: also encode <host>[:<port>] in credential_format(), sanitize the user prompt - CVE-2024-50349 Moderate TuxCare License Agreement CVE-2024-50349 Ubuntu 18.04 LTS * SECURITY UPDATE: XML_ExternalEntityParserCreate failure to copy the encoding handler data can cause a NULL dereference. - debian/patches/CVE-2026-24515.patch: Make XML_ExternalEntityParserCreate copy unknown encoding handler user data - CVE-2026-24515 Low TuxCare License Agreement CVE-2026-24515 Ubuntu 18.04 LTS * SECURITY UPDATE: The trailing 1-15 bytes of a message may be exposed in<br>cleartext on encryption and are not covered by the authentication tag,<br>allowing an attacker to read or tamper with those bytes without detection - debian/patches/CVE-2025-69418.patch: fix OCB AES-NI/HW stream path unauthenticated/unencrypted trailing bytes - CVE-2025-69418 * SECURITY UPDATE: Invalid or NULL pointer dereference when processing malformed PKCS#7 data can result in a Denial of Service - debian/patches/CVE-2026-22796.patch: ensure ASN1 types are checked before use. - CVE-2026-22796 * SECURITY UPDATE: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference - debian/patches/CVE-2025-69421.patch: Check oct argument for NULL - CVE-2025-69421 Important TuxCare License Agreement CVE-2025-69418 CVE-2026-22796 CVE-2025-69421 CVE-2025-69419 Ubuntu 18.04 LTS * SECURITY UPDATE: out of bounds write vulnerability in XBM decoder - debian/patches/CVE-2026-23876.patch: add overflow checks to prevent out of bounds write in coders/xbm.c - CVE-2026-23876 Critical TuxCare License Agreement CVE-2026-23876 Ubuntu 18.04 LTS * SECURITY UPDATE: Malicious SVG file resulted in a DoS attack - debian/patches/CVE-2025-68618.patch: fix DOS when processing a specially crafted malicious SVG file - CVE-2025-68618 * SECURITY UPDATE: WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow and trigger a DoS attack - debian/patches/CVE-2025-69204.patch: fix DOS due to integer overflow during image processing of a specially crafted SVG image - CVE-2025-69204 Important TuxCare License Agreement CVE-2025-69204 CVE-2025-68618 Ubuntu 18.04 LTS * SECURITY UPDATE: defect in imaplib module, when passed a user-controlled command, commands can be injected using newlines - debian/patches/CVE-2025-15366.patch: Fix command injection by rejecting commands containing control characters - CVE-2025-15366 Important TuxCare License Agreement CVE-2025-15366 Ubuntu 18.04 LTS * OpenJDK 8u482 release + CVE-2026-21945: enhance Certificate Checking + CVE-2026-21932: enhance Handling of URIs + CVE-2026-21933: improve HttpServer Request handling + CVE-2026-21925: improve JMX connections - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2026-January/020959.html * d/p/hotspot-libpath-*.diff: Refresh patches. * d/p/uabs-*.diff: Drop patches applied upstream. Important TuxCare License Agreement CVE-2026-21925 CVE-2026-21933 CVE-2026-21945 CVE-2026-21932 Ubuntu 18.04 LTS * SECURITY UPDATE: Buffer underflow in GVariant parser leads to heap corruption - debian/patches/CVE-2025-14087_14512.patch: Fix integer overflows in GVariant text format parser when processing input longer than INT_MAX - CVE-2025-14087 * SECURITY UPDATE: Integer overflow in escape_byte_string() leads to heap buffer overflow - debian/patches/CVE-2025-14087_14512.patch: Fix integer overflow in escape_byte_string() for byte strings with many invalid characters - CVE-2025-14512 Critical TuxCare License Agreement CVE-2025-14512 CVE-2025-13601 CVE-2025-14087 Ubuntu 18.04 LTS * SECURITY UPDATE: newline-based command injection in user-controlled commands - debian/patches/CVE-2025-15367.patch: Reject control characters in protocol commands; prevent acceptance and processing of control characters as cause of malformed commands. - CVE-2025-15367 Important TuxCare License Agreement CVE-2025-15367 Ubuntu 18.04 LTS * SECURITY UPDATE: out-of-bounds read vulnerability - debian/patches/CVE-2026-26284.patch: Fix incorrect loop initialization in delta decoding; prevent out-of-bounds read caused by starting table scan at invalid index. - CVE-2026-26284 * SECURITY UPDATE: out-of-bounds heap write on 32-bit systems - debian/patches/CVE-2026-25897.patch: Add size-calculating heap overflow sanity check and validate row padding addition to prevent out-of-bounds heap write on 32-bit systems caused by integer overflow in pixel buffer length computation. - CVE-2026-25897 Critical TuxCare License Agreement CVE-2026-25897 CVE-2026-26284 Ubuntu 18.04 LTS * SECURITY UPDATE: null pointer dereference and crash in image reading - debian/patches/CVE-2026-25795.patch: Fix NULL pointer dereference; move DestroyImageInfo call after filename copy; cause: DestroyImageInfo was called before filename copy, freeing read_info used to access filename. - CVE-2026-25795 Important TuxCare License Agreement CVE-2026-25795 Ubuntu 18.04 LTS * SECURITY UPDATE: remote command execution via unsanitized WINS hook NetBIOS name handling in Samba AD DC - debian/patches/CVE-2025-10230.patch: validate NetBIOS names in source4 WINS hook to prevent shell metacharacter injection - debian/patches/CVE-2025-10230-test.patch: add torture tests for WINS hook name sanitization - CVE-2025-10230 Critical TuxCare License Agreement CVE-2025-10230 Ubuntu 18.04 LTS * SECURITY UPDATE: quadratic complexity in xml.dom.minidom node ID cache clearing leads to denial of service - debian/patches/CVE-2025-12084.patch: Replace quadratic _in_document() traversal with ownerDocument attribute check in _clear_id_cache(); ensure Element and Attr instances have ownerDocument attribute. - CVE-2025-12084 Moderate TuxCare License Agreement CVE-2025-12084 Ubuntu 18.04 LTS * SECURITY UPDATE: division-by-zero during image loading resulting in reliable denial-of-service - debian/patches/CVE-2026-25799.patch: Fix sampling-factor validation by replacing && with || so invalid horizontal or vertical factors trigger an error; cause: incorrect boolean expression required both factors to be invalid - CVE-2026-25799 * SECURITY UPDATE: Null pointer dereference in ClonePixelCacheRepository resulting in denial-of-service - debian/patches/CVE-2026-25798.patch: Add overflow sanity check in OpenPixelCache and reset cache storage class and length before throwing on allocation failure - CVE-2026-25798 * SECURITY UPDATE: memory leak in ReadSTEGANOImage that can be exploited for denial-of-service - debian/patches/CVE-2026-25796.patch: free watermark object on three early-return paths - CVE-2026-25796 * SECURITY UPDATE: a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with `IPTCTEXT` - debian/patches/CVE-2026-26066.patch: replace `c=0` with `c=ReadBlobByte(ifile)` in formatIPTC so the loop advances past an unrecognised tag instead of spinning forever - CVE-2026-26066 Important TuxCare License Agreement CVE-2026-25799 CVE-2026-25796 CVE-2026-25798 CVE-2026-26066 Ubuntu 18.04 LTS * SECURITY UPDATE: OAuth2 bearer token leak on cross-protocol redirect - debian/patches/CVE-2025-14524.patch: do not use bearer when following redirect unless allow_auth_to_other_hosts is set - CVE-2025-14524 * SECURITY UPDATE: libssh global known_hosts override - debian/patches/CVE-2025-15079.patch: set SSH_OPTIONS_GLOBAL_KNOWNHOSTS to same path as SSH_OPTIONS_KNOWNHOSTS - CVE-2025-15079 * Resolve test failure - debian/patches/fix-test-46.patch: updated outdated cookies' timestamps Low TuxCare License Agreement CVE-2025-14524 CVE-2025-15079 Ubuntu 18.04 LTS * SECURITY UPDATE: unexpected SSH agent authentication during public-key SSH- based transfers - debian/patches/CVE-2025-15224.patch: Require private key or SSH agent for public-key authentication; prevent attempted public-key auth when neither private key nor agent present; fix missing check that allowed public-key auth flag without key or agent. - CVE-2025-15224 Low TuxCare License Agreement CVE-2025-15224 Ubuntu 18.04 LTS * SECURITY UPDATE: heap information disclosure in PSD channel decoder - debian/patches/CVE-2026-24481.patch: initialize pixel buffer with zeros in ReadPSDChannelZip to prevent heap memory disclosure - CVE-2026-24481 Low TuxCare License Agreement CVE-2026-24481 Ubuntu 18.04 LTS * SECURITY UPDATE: Unauthenticated heap memory disclosure via mismatched zlib compressed protocol headers (MongoBleed) - debian/patches/CVE-2025-14847.patch: Return actual decompressed size instead of buffer size in ZlibMessageCompressor::decompressData - CVE-2025-14847 Low TuxCare License Agreement CVE-2025-14847 Ubuntu 18.04 LTS * CVE-2023-53515 - virtio-mmio: don't break lifecycle of vm_dev {CVE-2023-53515} * CVE-2025-39967 - fbcon: fix integer overflow in fbcon_do_set_font {CVE-2025-39967} - fbcon: Fix OOB access in font allocation {CVE-2025-39967} * CVE-2025-38702 - fbdev: fix potential buffer overflow in do_register_framebuffer() {CVE-2025-38702} * CVE-2025-38563 - perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563} * CVE-2025-39869 - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map {CVE-2025-39869} * CVE-2023-53577 - bpf, cpumap: Make sure kthread is running before map update returns {CVE-2023-53577} * CVE-2023-53608 - nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() {CVE-2023-53608} * CVE-2023-53604 - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path {CVE-2023-53604} * CVE-2023-53619 - netfilter: Replace printk() with pr_*() and define pr_fmt() {CVE-2023-53619} - netfilter: use kvmalloc_array to allocate memory for hashtable {CVE-2023-53619} - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free {CVE-2023-53619} * CVE-2025-38680 - media: uvcvideo: Fix 1-byte out-of-bounds read in {CVE-2025-38680} * CVE-2023-53454 - HID: multitouch: Correct devm device reference for hidinput {CVE-2023-53454} * CVE-2025-38699 - scsi: bfa: Double-free fix {CVE-2025-38699} - ubi: ensure that VID header offset + VID header size <= alloc, size {CVE-2023-53265} - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() {CVE-2023-53676} - fs: jfs: Fix UBSAN: array-index-out-of-bounds in {CVE-2025-38699} * CVE-2023-53596 - drivers: base: Free devm resources when unregistering a {CVE-2023-53596} * CVE-2023-53622 - gfs2: Fix possible data races in gfs2_show_options() {CVE-2023-53622} - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition {CVE-2023-53622} * CVE-2023-53090 - drm/amdkfd: Fix an illegal memory access {CVE-2023-53090} * CVE-2023-53116 - nvmet: avoid potential UAF in nvmet_req_complete() {CVE-2023-53116} * CVE-2023-53138 - net: caif: Fix use-after-free in cfusbl_device_notify() {CVE-2023-53138} * CVE-2023-53035 - nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() {CVE-2023-53035} * CVE-2023-53668 - ring-buffer: Fix deadloop issue on reading trace_pipe {CVE-2023-53668} * CVE-2023-53616 - jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount {CVE-2023-53616} * CVE-2023-53554 - staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() {CVE-2023-53554} * CVE-2023-53587 - ring-buffer: Sync IRQ works before buffer destruction {CVE-2023-53587} * CVE-2023-53541 - mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write {CVE-2023-53541} * CVE-2023-53559 - ip_vti: fix potential slab-use-after-free in decode_session6 {CVE-2023-53559} * CVE-2023-53484 - lib: cpu_rmap: Avoid use after free on rmap->obj array entries {CVE-2023-53484} - lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release() {CVE-2023-53484} * CVE-2025-39824 - HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824} * CVE-2025-38715 - hfs: fix slab-out-of-bounds in hfs_bnode_read() {CVE-2025-38715} * CVE-2023-53153 - wifi: cfg80211: Fix use after free for wext {CVE-2023-53153} * CVE-2025-38555 - usb: gadget : fix use-after-free in composite_dev_cleanup() {CVE-2025-38555} * CVE-2025-39743 - jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743} * CVE-2025-39945 - cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945} * CVE-2023-53506 - udf: Do not bother merging very long extents {CVE-2023-53506} * CVE-2025-38714 - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() {CVE-2025-38714} * CVE-2025-39685 - comedi: pcl726: Prevent invalid irq number {CVE-2025-39685} * CVE-2025-39839 - batman-adv: fix OOB read/write in network-coding decode {CVE-2025-39839} * CVE-2025-38708 - drbd: add missing kref_get in handle_write_conflicts {CVE-2025-38708} * CVE-2023-53521 - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() {CVE-2023-53521} * CVE-2025-38713 - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() {CVE-2025-38713} * CVE-2023-53675 - scsi: ses: Fix possible desc_ptr out-of-bounds accesses {CVE-2023-53675} * CVE-2025-39691 - fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691} * CVE-2023-53259 - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF {CVE-2023-53259} * CVE-2023-53285 - ext4: add bounds checking in get_max_inline_xattr_value_size() {CVE-2023-53285} * CVE-2023-53148 - igb: Fix igb_down hung on surprise removal {CVE-2023-53148} * CVE-2023-53219 - media: netup_unidvb: fix use-after-free at del_timer() {CVE-2023-53219} * CVE-2023-53215 - sched/fair: Don't balance task to its current running CPU {CVE-2023-53215} * CVE-2023-53305 - Bluetooth: L2CAP: Fix use-after-free {CVE-2023-53305} * CVE-2025-38103 - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() {CVE-2025-38103} * CVE-2025-38051 - smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051} * CVE-2025-38157 - wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157} * CVE-2023-53373 - crypto: seqiv - Handle EBUSY correctly {CVE-2023-53373} * CVE-2025-38079 - crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079} * CVE-2025-38212 - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212} * CVE-2025-38313 - bus: fsl-mc: fix double-free on mc_dev {CVE-2025-38313} * CVE-2023-53311 - nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput {CVE-2023-53311} * CVE-2023-53307 - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails {CVE-2023-53307} * CVE-2025-38403 - vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403} * CVE-2025-39683 - tracing: Limit access to parser->buffer when trace_get_user failed {CVE-2025-39683} * CVE-2025-38697 - jfs: upper bound check of tree index in dbAllocAG {CVE-2025-38697} * CVE-2025-39689 - ftrace: Also allocate and copy hash for reading of filter files {CVE-2025-39689} * CVE-2025-38574 - pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574} * CVE-2025-38572 - ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572} * CVE-2025-38685 - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit {CVE-2025-38685} * CVE-2025-39911 - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path {CVE-2025-39911} * CVE-2025-39973 - i40e: increase max descriptors for XL710 {CVE-2025-39973} - i40e: add validation for ring_len param {CVE-2025-39973} * CVE-2025-38724 - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() {CVE-2025-38724} * CVE-2025-39860 - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() {CVE-2025-39860} * CVE-2025-38530 - comedi: pcl812: Fix bit shift out of bounds {CVE-2025-38530} * CVE-2025-38529 - comedi: aio_iiro_16: Fix bit shift out of bounds {CVE-2025-38529} * CVE-2025-38497 - usb: gadget: configfs: Fix OOB read on empty string write {CVE-2025-38497} * CVE-2025-38483 - comedi: das16m1: Fix bit shift out of bounds {CVE-2025-38483} * CVE-2025-38482 - comedi: das6402: Fix bit shift out of bounds {CVE-2025-38482} * CVE-2025-39702 - ipv6: sr: Fix MAC comparison to be constant-time {CVE-2025-39702} * CVE-2025-39730 - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() {CVE-2025-39730} * CVE-2025-39817 - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817} * CVE-2025-38494 - HID: core: ensure the allocated report buffer can contain the reserved report ID {CVE-2025-38494} - HID: core: ensure __hid_request reserves the report ID as the first byte {CVE-2025-38494} - HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494} * CVE-2025-38527 - smb: client: fix use-after-free in cifs_oplock_break {CVE-2025-38527} * CVE-2025-39965 - xfrm: Duplicate SPI Handling {CVE-2025-39965} * CVE-2025-37927 - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid {CVE-2025-37927} * CVE-2025-37817 - mcb: fix error handling for different scenarios when parsing {CVE-2025-37817} - mcb: fix a double free bug in chameleon_parse_gdd() {CVE-2025-37817} * CVE-2025-38204 - jfs: fix array-index-out-of-bounds read in add_missing_indices {CVE-2025-38204} * CVE-2025-38323 - net: atm: add lec_mutex {CVE-2025-38323} * CVE-2025-38346 - ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346} * CVE-2025-38348 - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() {CVE-2025-38348} * CVE-2025-38416 - NFC: nci: uart: Set tty->disc_data only in success path {CVE-2025-38416} * CVE-2025-38428 - Input: ims-pcu - check record size in ims_pcu_flash_firmware() {CVE-2025-38428} * CVE-2025-38245 - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245} * CVE-2025-38377 - rose: fix dangling neighbour pointers in rose_rt_device_down() {CVE-2025-38377} * CVE-2025-38459 - atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459} * CVE-2025-39863 - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work {CVE-2025-39863} * CVE-2025-21726 - padata: avoid UAF for reorder_work {CVE-2025-21726} * CVE-2025-39760 - usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760} * CVE-2025-38198 - fbcon: Make sure modelist not set on unregistered console {CVE-2025-38198} * CVE-2025-38375 - virtio-net: ensure the received length does not exceed allocated size {CVE-2025-38375} * CVE-2025-39993 - media: imon: reorganize serialization {CVE-2025-39993} - media: rc: fix races with imon_disconnect() {CVE-2025-39993} * CVE-2025-39883 - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory {CVE-2025-39883} * Focal update: v5.4.211 upstream stable release (LP: #1990190) - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input * Focal update: v5.4.231 upstream stable release (LP: #2011226) // CVE-2023-53000 - netlink: prevent potential spectre v1 gadgets * CVE-2022-49980 - USB: gadget: Fix use-after-free Read in usb_udc_uevent() * CVE-2022-21546 - scsi: target: Fix WRITE_SAME No Data Buffer crash * Focal update: v5.4.225 upstream stable release (LP: #2002347) // CVE-2022-49763 - ntfs: fix use-after-free in ntfs_attr_find() * Focal update: Focal update: v5.4.235 upstream stable release (LP: #2017706) // CVE-2022-50258 - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() * CVE-2025-21727 - padata: fix UAF in padata_reorder * CVE-2025-37882 - usb: xhci: Fix isochronous Ring Underrun/Overrun event handling * CVE-2025-38250 - Bluetooth: hci_core: Fix use-after-free in vhci_flush() * CVE-2025-39751 - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control * CVE-2025-37810 - usb: dwc3: gadget: check that event count does not exceed event buffer length * CVE-2025-37839 - jbd2: remove wrong sb->s_sequence check * CVE-2025-37892 - mtd: inftlcore: Add error check for inftl_read_oob() * CVE-2025-37923 - tracing: Fix oob write in trace_seq_to_buffer() * CVE-2024-43883 - usb: vhci-hcd: Do not drop references before new references are gained * CVE-2025-37739 - f2fs: lost matching-pair of trace in f2fs_truncate_inode_blocks - f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks() * CVE-2025-38069 - PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops * CVE-2025-22083 - vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint * Miscellaneous upstream changes - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too - HID: core: Harden s32ton() against conversion to 0 bits - fbcon: Introduce wrapper for console->fb_info lookup {CVE-2025-38198} - net: atm: fix /proc/net/atm/lec handling {CVE-2025-38323} Important TuxCare License Agreement CVE-2025-38348 CVE-2025-38572 CVE-2025-38563 CVE-2025-39730 CVE-2025-39689 CVE-2025-38377 CVE-2023-53454 CVE-2025-39911 CVE-2023-53622 CVE-2025-39797 CVE-2023-53215 CVE-2025-21727 CVE-2025-21726 CVE-2023-53035 CVE-2025-39883 CVE-2023-53148 CVE-2025-39869 CVE-2025-38555 CVE-2025-38497 CVE-2023-53000 CVE-2023-53219 CVE-2025-37927 CVE-2023-53577 CVE-2025-38069 CVE-2025-38079 CVE-2025-39743 CVE-2023-53515 CVE-2023-53619 CVE-2025-39702 CVE-2025-38527 CVE-2025-38713 CVE-2025-37839 CVE-2025-39967 CVE-2025-38051 CVE-2025-37823 CVE-2025-38346 CVE-2025-39683 CVE-2025-38323 CVE-2025-39685 CVE-2023-53090 CVE-2025-38103 CVE-2023-53138 CVE-2024-43883 CVE-2023-53373 CVE-2025-39817 CVE-2025-37882 CVE-2025-38702 CVE-2025-39860 CVE-2023-53116 CVE-2025-38529 CVE-2025-39839 CVE-2025-37817 CVE-2023-53559 CVE-2025-38697 CVE-2025-38157 CVE-2025-37892 CVE-2023-53604 CVE-2025-38708 CVE-2025-39824 CVE-2025-39945 CVE-2023-53608 CVE-2025-38574 CVE-2025-38459 CVE-2025-37923 CVE-2025-38724 CVE-2025-38494 CVE-2023-53554 CVE-2025-39863 CVE-2025-38403 CVE-2025-38699 CVE-2023-53616 CVE-2025-39691 CVE-2025-38428 CVE-2023-53521 CVE-2025-38482 CVE-2023-53285 CVE-2023-53484 CVE-2025-38245 CVE-2025-38680 CVE-2025-38530 CVE-2025-38715 CVE-2025-38483 CVE-2025-38204 CVE-2023-53153 CVE-2023-53587 CVE-2023-53311 CVE-2023-53675 CVE-2023-53676 CVE-2025-38198 CVE-2023-53265 CVE-2023-53668 CVE-2023-53259 CVE-2025-38685 CVE-2025-38714 CVE-2023-53305 CVE-2023-53307 CVE-2025-38375 CVE-2025-38250 CVE-2025-38556 CVE-2023-53541 CVE-2025-39760 CVE-2023-53506 CVE-2025-39993 CVE-2025-37810 CVE-2025-38416 CVE-2023-53596 CVE-2025-22083 CVE-2025-37739 CVE-2025-38212 CVE-2025-38313 Ubuntu 18.04 LTS * SECURITY UPDATE: out-of-bounds read from manipulated SFTP extension index - debian/patches/CVE-2026-3731.patch: Fix out-of-bound read in sftp extensions by replacing '>' with '>=' in index checks; cause: off-by-one error in index comparison allowing idx equal count. - CVE-2026-3731 Important TuxCare License Agreement CVE-2026-3731 Ubuntu 18.04 LTS * SECURITY UPDATE: integer overflow in doContent tag buffer reallocation. - debian/patches/CVE-2026-25210.patch: add overflow check for tag buffer reallocation - CVE-2026-25210 Important TuxCare License Agreement CVE-2026-25210 Ubuntu 18.04 LTS * SECURITY UPDATE: stack buffer overflow in msl.c (attribute handling), path traversal bypass of security policy, XSS in HTML coder output, and MSL attribute overflow - debian/patches/CVE-2026-25797_CVE-2026-25965_CVE-2026-25968_CVE-2026-25982.patch: Fix memory leaks, stack overflows, integer overflows and out‑of‑bounds reads; add bounds checks, validate DCM entry sizes, sanitize PostScript filenames, canonicalize paths and free resources; escape user-controlled strings written as raw HTML in the HTML coder; cause was unsafe header and filename parsing, incorrect assumptions about byte counts, path resolution, unnormalized path matching allowing policy bypass, and unescaped HTML output enabling cross-site scripting. - CVE-2026-25797 - CVE-2026-25965 - CVE-2026-25968 - CVE-2026-25982 * SECURITY UPDATE: null pointer dereference in msl.c (repage/roll handlers) - debian/patches/CVE-2026-25983.patch: move image null‑checks before accessing image attributes in the repage and roll MSL tag handlers; cause was dereferencing the image pointer for page geometry and dimensions before verifying the image was defined. - CVE-2026-25983 * SECURITY UPDATE: infinite recursion via crafted MSL/SVG/MVG files - debian/patches/CVE-2026-25971.patch: add global Splay tree guards in MSL and SVG coders to detect and reject recursive image references; block dangerous protocols (ftp, http, mvg, vid) in DrawPrimitive; cause was unbounded recursion through nested image reads. - CVE-2026-25971 * SECURITY UPDATE: null pointer dereference in msl.c (comment/label handlers) - debian/patches/CVE-2026-23952.patch: add image null-checks before accessing image properties in the comment and label MSL end-element handlers; cause was dereferencing the image pointer for DeleteImageProperty before verifying the image was defined. - CVE-2026-23952 * SECURITY UPDATE: MSLPushImage return value not captured - debian/patches/CVE-2026-25988.patch: change MSLPushImage to return the new image index and capture the return value in the MSL image tag handler; cause was the local index variable not being updated after pushing a new image onto the stack. - CVE-2026-25988 Critical TuxCare License Agreement CVE-2026-25968 CVE-2026-23952 CVE-2026-25971 CVE-2026-25797 CVE-2026-25988 CVE-2026-25983 CVE-2026-25965 CVE-2026-25982 Ubuntu 18.04 LTS * SECURITY UPDATE: global buffer overflow read in UIL and XPM encoders. - debian/patches/CVE-2026-25898.patch: clamp negative pixel index values to zero in WriteUILImage, WritePICONImage, and WriteXPMImage before using them as array subscripts into the Cixel table. - CVE-2026-25898 Critical TuxCare License Agreement CVE-2026-25986 CVE-2026-25987 CVE-2026-25898 Ubuntu 18.04 LTS * SECURITY UPDATE: heap buffer over-read with wavelet-denoise operator - debian/patches/CVE-2026-27798.patch: use 4*columns instead of 3*columns for resource and memory allocation in WaveletDenoiseImage to prevent over-read when processing small-dimension images - CVE-2026-27798 Important TuxCare License Agreement CVE-2026-27798 Ubuntu 18.04 LTS * SECURITY UPDATE: signed 32-bit integer overflow in SIXEL decoder; buffer reallocation overflow leading to memory corruption and denial of service - debian/patches/CVE-2026-25970.patch: Fix out-of-bounds write; Rename misnamed position variables and adjust index arithmetic and casts using signed sizes and correct bounds checks; cause: variable name typos and incorrect type/arithmetic causing improper offset validation. - CVE-2026-25970 Important TuxCare License Agreement CVE-2026-25970 Ubuntu 18.04 LTS * SECURITY UPDATE: heap over-write in PNG raw profile writer - debian/patches/CVE-2026-30883.patch: add overflow check for allocated_length in Magick_png_write_raw_profile to prevent integer overflow leading to heap over-write - CVE-2026-30883 Important TuxCare License Agreement CVE-2026-30883 Ubuntu 18.04 LTS * SECURITY UPDATE: client certificate authentication bypass through mismatched SNI and HTTP Host header - debian/patches/CVE-2025-66614.patch: Add strictSNI connector attribute and implement SNI/protocol host name matching for NIO, NIO2, and APR connectors; prevent requests being served by mismatched SSLHostConfig when SNI host and HTTP Host header differ. - CVE-2025-66614 * Fix ObjectStreamClass cache clearing for JDK 11.0.16+ - debian/patches/fix-ObjectStreamClass-cache-clearing.patch: Use instanceof guard in WebappClassLoaderBase.clearCache() instead of direct cast to Map, fixing ClassCastException with newer JDK where ObjectStreamClass$Caches fields were changed from Map to ClassValue (JDK-8277072). * Regenerate expired test SSL certificates - debian/test_certs/: Regenerated ca.jks, localhost.jks, localhost-copy1.jks, user1.jks and PEM files. The user1 certificate expired on 2025-08-15, causing TestClientCert SSLHandshakeException failures. * Fix flaky test infrastructure on build farm - debian/patches/fix-test-hostname-resolution.patch: Skip TestStandardSessionIntegration, TestGroupChannelSenderConnections, TestGroupChannelStartStop, and TestGroupChannelOptionFlag when build node hostname cannot be resolved via DNS (UnknownHostException). - debian/patches/CVE-2025-66614.patch: Skip testSni on APR connector since it uses JSSE-style SSLHostConfig incompatible with OpenSSL backend. Critical TuxCare License Agreement CVE-2025-66614 Ubuntu 18.04 LTS * OpenJDK 11.0.30 release, build 7. - CVE-2026-21925: Improve JMX connections - CVE-2026-21932: Enhance handling of URIs (AWT/JavaFX) - CVE-2026-21933: Improve HttpServer request handling - CVE-2026-21945: Enhance certificate checking - Release notes: https://mail.openjdk.org/pipermail/jdk-updates-dev/2026-January/051739.html Important TuxCare License Agreement CVE-2026-21925 CVE-2026-21933 CVE-2026-21932 Ubuntu 18.04 LTS * SECURITY UPDATE: denial of service from multi-layer nested MVG to SVG conversion - debian/patches/CVE-2026-24484.patch: Add recursion-depth check for graphic-context and prevent excessive nested vector graphics that cause crashes or resource exhaustion due to unbounded recursion. - debian/patches/CVE-2026-24484-1.patch: Add recursion-depth check in vector-graphics parser and throw exception when nesting exceeds MagickMaxRecursionDepth; fix crashes caused by excessive nesting of vector graphics. - CVE-2026-24484 Moderate TuxCare License Agreement CVE-2026-24484 Ubuntu 18.04 LTS * SECURITY UPDATE: denial of service via use-after-free in ICP - debian/patches/CVE-2026-33526.patch: remove duplicate rfc1738_escape call in icpGetRequest that invalidated the previously escaped URL pointer - CVE-2026-33526 * SECURITY UPDATE: denial of service via use-after-free in ICP request handling - debian/patches/CVE-2026-32748.patch: return HttpRequestPointer and move icpAccessAllowed into icpGetRequest to fix HttpRequest lifetime for ICP v3 queries - CVE-2026-32748 Important TuxCare License Agreement CVE-2026-33526 CVE-2026-32748 Ubuntu 18.04 LTS * SECURITY UPDATE: heap read past bounds in sftp_parse_longname from malicious SFTP longname field - debian/patches/CVE-2026-0968.patch: validate longname pointer and longname_field; bound string walks at NUL; fail if field not found - CVE-2026-0968 Low TuxCare License Agreement CVE-2026-0968 /etc/els-release Ubuntu 18\.04 LTS \(Final, ELS by CloudLinux\) 1 ctdb libnss-winbind libpam-winbind libparse-pidl-perl libsmbclient libsmbclient-dev libwbclient-dev libwbclient0 python-samba registry-tools samba samba-common samba-common-bin samba-dev samba-dsdb-modules samba-libs samba-testsuite samba-vfs-modules smbclient winbind libtomcat8-embed-java libtomcat8-java tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-examples tomcat8-user libtomcat9-embed-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples tomcat9-user idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal idle-python3.6 libpython3.6 libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib libpython3.6-testsuite python3.6 python3.6-dev python3.6-doc python3.6-examples python3.6-minimal python3.6-venv isag sysstat libtomcat8-embed-java libtomcat8-java tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-examples tomcat8-user exim4 exim4-base exim4-config exim4-daemon-heavy exim4-daemon-light exim4-dev eximon4 busybox busybox-initramfs busybox-static busybox-syslogd udhcpc udhcpd curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-doc libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev bind9 bind9-doc bind9-host bind9utils dnsutils libbind-dev libbind-export-dev libbind9-160 libdns-export1100 libdns1100 libirs-export160 libirs160 libisc-export169 libisc169 libisccc-export160 libisccc160 libisccfg-export160 libisccfg160 liblwres160 binutils binutils-aarch64-linux-gnu binutils-alpha-linux-gnu binutils-arm-linux-gnueabi binutils-arm-linux-gnueabihf binutils-common binutils-dev binutils-doc binutils-for-build binutils-for-host binutils-hppa-linux-gnu binutils-hppa64-linux-gnu binutils-i686-gnu binutils-i686-kfreebsd-gnu binutils-i686-linux-gnu binutils-ia64-linux-gnu binutils-m68k-linux-gnu binutils-mips-linux-gnu binutils-mips64-linux-gnuabi64 binutils-mips64-linux-gnuabin32 binutils-mips64el-linux-gnuabi64 binutils-mips64el-linux-gnuabin32 binutils-mipsel-linux-gnu binutils-mipsisa32r6-linux-gnu binutils-mipsisa32r6el-linux-gnu binutils-mipsisa64r6-linux-gnuabi64 binutils-mipsisa64r6-linux-gnuabin32 binutils-mipsisa64r6el-linux-gnuabi64 binutils-mipsisa64r6el-linux-gnuabin32 binutils-multiarch binutils-multiarch-dev binutils-powerpc-linux-gnu binutils-powerpc-linux-gnuspe binutils-powerpc64-linux-gnu binutils-powerpc64le-linux-gnu binutils-riscv64-linux-gnu binutils-s390x-linux-gnu binutils-sh4-linux-gnu binutils-source binutils-sparc64-linux-gnu binutils-x86-64-kfreebsd-gnu binutils-x86-64-linux-gnu binutils-x86-64-linux-gnux32 libbinutils cyrus-admin cyrus-caldav cyrus-clients cyrus-common cyrus-dev cyrus-doc cyrus-imapd cyrus-murder cyrus-nntpd cyrus-pop3d cyrus-replication libcyrus-imap-perl libcap-dev libcap2 libcap2-bin libpam-cap ldap-utils libldap-2.4-2 libldap-common libldap2-dev slapd slapd-smbk5pwd openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome sudo sudo-ldap libnss-myhostname libnss-mymachines libnss-resolve libnss-systemd libpam-systemd libsystemd-dev libsystemd0 libudev-dev libudev1 systemd systemd-container systemd-coredump systemd-journal-remote systemd-sysv systemd-tests udev libgd-dev libgd-tools libgd3 libtomcat8-embed-java libtomcat8-java tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-examples tomcat8-user libtomcat9-embed-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples tomcat9-user cups cups-bsd cups-client cups-common cups-core-drivers cups-daemon cups-ipp-utils cups-ppdc cups-server-common libcups2 libcups2-dev libcupscgi1 libcupsimage2 libcupsimage2-dev libcupsmime1 libcupsppdc1 imagemagick imagemagick-6-common imagemagick-6-doc imagemagick-6.q16 imagemagick-6.q16hdri imagemagick-common imagemagick-doc libimage-magick-perl libimage-magick-q16-perl libimage-magick-q16hdri-perl libmagick++-6-headers libmagick++-6.q16-7 libmagick++-6.q16-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libmagick++-dev libmagickcore-6-arch-config libmagickcore-6-headers libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickcore-dev libmagickwand-6-headers libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagickwand-dev perlmagick idle-python3.6 libpython3.6 libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib libpython3.6-testsuite python3.6 python3.6-dev python3.6-doc python3.6-examples python3.6-minimal python3.6-venv libperl-dev libperl5.26 perl perl-base perl-debug perl-doc perl-modules-5.26 ctdb libnss-winbind libpam-winbind libparse-pidl-perl libsmbclient libsmbclient-dev libwbclient-dev libwbclient0 python-samba registry-tools samba samba-common samba-common-bin samba-dev samba-dsdb-modules samba-libs samba-testsuite samba-vfs-modules smbclient winbind stunnel4 idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal ansible libtomcat8-embed-java libtomcat8-java tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-examples tomcat8-user openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome ctdb libnss-winbind libpam-winbind libparse-pidl-perl libsmbclient libsmbclient-dev libwbclient-dev libwbclient0 python-samba registry-tools samba samba-common samba-common-bin samba-dev samba-dsdb-modules samba-libs samba-testsuite samba-vfs-modules smbclient winbind amd64-microcode amanda-client amanda-common amanda-server libapache2-mod-php7.2 libphp7.2-embed php7.2 php7.2-bcmath php7.2-bz2 php7.2-cgi php7.2-cli php7.2-common php7.2-curl php7.2-dba php7.2-dev php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-interbase php7.2-intl php7.2-json php7.2-ldap php7.2-mbstring php7.2-mysql php7.2-odbc php7.2-opcache php7.2-pgsql php7.2-phpdbg php7.2-pspell php7.2-readline php7.2-recode php7.2-snmp php7.2-soap php7.2-sqlite3 php7.2-sybase php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip intel-microcode libssl-dev libssl-doc libssl1.1 openssl linux-buildinfo-4.15.0-214-tuxcare.els2-generic linux-buildinfo-4.15.0-214-tuxcare.els2-lowlatency linux-cloud-tools-4.15.0-214-tuxcare.els2 linux-cloud-tools-4.15.0-214-tuxcare.els2-generic linux-cloud-tools-4.15.0-214-tuxcare.els2-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-214-tuxcare.els2 linux-headers-4.15.0-214-tuxcare.els2-generic linux-headers-4.15.0-214-tuxcare.els2-lowlatency linux-image-unsigned-4.15.0-214-tuxcare.els2-generic linux-image-unsigned-4.15.0-214-tuxcare.els2-lowlatency linux-libc-dev linux-modules-4.15.0-214-tuxcare.els2-generic linux-modules-4.15.0-214-tuxcare.els2-lowlatency linux-modules-extra-4.15.0-214-tuxcare.els2-generic linux-source-4.15.0 linux-tools-4.15.0-214-tuxcare.els2 linux-tools-4.15.0-214-tuxcare.els2-generic linux-tools-4.15.0-214-tuxcare.els2-lowlatency linux-tools-common linux-tools-host linux-buildinfo-4.15.0-215-tuxcare.els3-generic linux-buildinfo-4.15.0-215-tuxcare.els3-lowlatency linux-cloud-tools-4.15.0-215-tuxcare.els3 linux-cloud-tools-4.15.0-215-tuxcare.els3-generic linux-cloud-tools-4.15.0-215-tuxcare.els3-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-215-tuxcare.els3 linux-headers-4.15.0-215-tuxcare.els3-generic linux-headers-4.15.0-215-tuxcare.els3-lowlatency linux-image-unsigned-4.15.0-215-tuxcare.els3-generic linux-image-unsigned-4.15.0-215-tuxcare.els3-lowlatency linux-libc-dev linux-modules-4.15.0-215-tuxcare.els3-generic linux-modules-4.15.0-215-tuxcare.els3-lowlatency linux-modules-extra-4.15.0-215-tuxcare.els3-generic linux-source-4.15.0 linux-tools-4.15.0-215-tuxcare.els3 linux-tools-4.15.0-215-tuxcare.els3-generic linux-tools-4.15.0-215-tuxcare.els3-lowlatency linux-tools-common linux-tools-host linux-buildinfo-4.15.0-216-tuxcare.els4-generic linux-buildinfo-4.15.0-216-tuxcare.els4-lowlatency linux-cloud-tools-4.15.0-216-tuxcare.els4 linux-cloud-tools-4.15.0-216-tuxcare.els4-generic linux-cloud-tools-4.15.0-216-tuxcare.els4-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-216-tuxcare.els4 linux-headers-4.15.0-216-tuxcare.els4-generic linux-headers-4.15.0-216-tuxcare.els4-lowlatency linux-image-unsigned-4.15.0-216-tuxcare.els4-generic linux-image-unsigned-4.15.0-216-tuxcare.els4-lowlatency linux-libc-dev linux-modules-4.15.0-216-tuxcare.els4-generic linux-modules-4.15.0-216-tuxcare.els4-lowlatency linux-modules-extra-4.15.0-216-tuxcare.els4-generic linux-source-4.15.0 linux-tools-4.15.0-216-tuxcare.els4 linux-tools-4.15.0-216-tuxcare.els4-generic linux-tools-4.15.0-216-tuxcare.els4-lowlatency linux-tools-common linux-tools-host busybox busybox-initramfs busybox-static busybox-syslogd udhcpc udhcpd amd64-microcode binutils binutils-aarch64-linux-gnu binutils-alpha-linux-gnu binutils-arm-linux-gnueabi binutils-arm-linux-gnueabihf binutils-common binutils-dev binutils-doc binutils-for-build binutils-for-host binutils-hppa-linux-gnu binutils-hppa64-linux-gnu binutils-i686-gnu binutils-i686-kfreebsd-gnu binutils-i686-linux-gnu binutils-ia64-linux-gnu binutils-m68k-linux-gnu binutils-mips-linux-gnu binutils-mips64-linux-gnuabi64 binutils-mips64-linux-gnuabin32 binutils-mips64el-linux-gnuabi64 binutils-mips64el-linux-gnuabin32 binutils-mipsel-linux-gnu binutils-mipsisa32r6-linux-gnu binutils-mipsisa32r6el-linux-gnu binutils-mipsisa64r6-linux-gnuabi64 binutils-mipsisa64r6-linux-gnuabin32 binutils-mipsisa64r6el-linux-gnuabi64 binutils-mipsisa64r6el-linux-gnuabin32 binutils-multiarch binutils-multiarch-dev binutils-powerpc-linux-gnu binutils-powerpc-linux-gnuspe binutils-powerpc64-linux-gnu binutils-powerpc64le-linux-gnu binutils-riscv64-linux-gnu binutils-s390x-linux-gnu binutils-sh4-linux-gnu binutils-source binutils-sparc64-linux-gnu binutils-x86-64-kfreebsd-gnu binutils-x86-64-linux-gnu binutils-x86-64-linux-gnux32 libbinutils openjdk-8-demo openjdk-8-doc openjdk-8-jdk openjdk-8-jdk-headless openjdk-8-jre openjdk-8-jre-headless openjdk-8-jre-zero openjdk-8-source idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal idle-python3.6 libpython3.6 libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib libpython3.6-testsuite python3.6 python3.6-dev python3.6-doc python3.6-examples python3.6-minimal python3.6-venv linux-buildinfo-4.15.0-217-tuxcare.els5-generic linux-buildinfo-4.15.0-217-tuxcare.els5-lowlatency linux-cloud-tools-4.15.0-217-tuxcare.els5 linux-cloud-tools-4.15.0-217-tuxcare.els5-generic linux-cloud-tools-4.15.0-217-tuxcare.els5-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-217-tuxcare.els5 linux-headers-4.15.0-217-tuxcare.els5-generic linux-headers-4.15.0-217-tuxcare.els5-lowlatency linux-image-unsigned-4.15.0-217-tuxcare.els5-generic linux-image-unsigned-4.15.0-217-tuxcare.els5-lowlatency linux-libc-dev linux-modules-4.15.0-217-tuxcare.els5-generic linux-modules-4.15.0-217-tuxcare.els5-lowlatency linux-modules-extra-4.15.0-217-tuxcare.els5-generic linux-source-4.15.0 linux-tools-4.15.0-217-tuxcare.els5 linux-tools-4.15.0-217-tuxcare.els5-generic linux-tools-4.15.0-217-tuxcare.els5-lowlatency linux-tools-common linux-tools-host binutils binutils-aarch64-linux-gnu binutils-alpha-linux-gnu binutils-arm-linux-gnueabi binutils-arm-linux-gnueabihf binutils-common binutils-dev binutils-doc binutils-for-build binutils-for-host binutils-hppa-linux-gnu binutils-hppa64-linux-gnu binutils-i686-gnu binutils-i686-kfreebsd-gnu binutils-i686-linux-gnu binutils-ia64-linux-gnu binutils-m68k-linux-gnu binutils-mips-linux-gnu binutils-mips64-linux-gnuabi64 binutils-mips64-linux-gnuabin32 binutils-mips64el-linux-gnuabi64 binutils-mips64el-linux-gnuabin32 binutils-mipsel-linux-gnu binutils-mipsisa32r6-linux-gnu binutils-mipsisa32r6el-linux-gnu binutils-mipsisa64r6-linux-gnuabi64 binutils-mipsisa64r6-linux-gnuabin32 binutils-mipsisa64r6el-linux-gnuabi64 binutils-mipsisa64r6el-linux-gnuabin32 binutils-multiarch binutils-multiarch-dev binutils-powerpc-linux-gnu binutils-powerpc-linux-gnuspe binutils-powerpc64-linux-gnu binutils-powerpc64le-linux-gnu binutils-riscv64-linux-gnu binutils-s390x-linux-gnu binutils-sh4-linux-gnu binutils-source binutils-sparc64-linux-gnu binutils-x86-64-kfreebsd-gnu binutils-x86-64-linux-gnu binutils-x86-64-linux-gnux32 libbinutils linux-buildinfo-4.15.0-218-tuxcare.els6-generic linux-buildinfo-4.15.0-218-tuxcare.els6-lowlatency linux-cloud-tools-4.15.0-218-tuxcare.els6 linux-cloud-tools-4.15.0-218-tuxcare.els6-generic linux-cloud-tools-4.15.0-218-tuxcare.els6-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-218-tuxcare.els6 linux-headers-4.15.0-218-tuxcare.els6-generic linux-headers-4.15.0-218-tuxcare.els6-lowlatency linux-image-unsigned-4.15.0-218-tuxcare.els6-generic linux-image-unsigned-4.15.0-218-tuxcare.els6-lowlatency linux-libc-dev linux-modules-4.15.0-218-tuxcare.els6-generic linux-modules-4.15.0-218-tuxcare.els6-lowlatency linux-modules-extra-4.15.0-218-tuxcare.els6-generic linux-source-4.15.0 linux-tools-4.15.0-218-tuxcare.els6 linux-tools-4.15.0-218-tuxcare.els6-generic linux-tools-4.15.0-218-tuxcare.els6-lowlatency linux-tools-common linux-tools-host binutils binutils-aarch64-linux-gnu binutils-alpha-linux-gnu binutils-arm-linux-gnueabi binutils-arm-linux-gnueabihf binutils-common binutils-dev binutils-doc binutils-for-build binutils-for-host binutils-hppa-linux-gnu binutils-hppa64-linux-gnu binutils-i686-gnu binutils-i686-kfreebsd-gnu binutils-i686-linux-gnu binutils-ia64-linux-gnu binutils-m68k-linux-gnu binutils-mips-linux-gnu binutils-mips64-linux-gnuabi64 binutils-mips64-linux-gnuabin32 binutils-mips64el-linux-gnuabi64 binutils-mips64el-linux-gnuabin32 binutils-mipsel-linux-gnu binutils-mipsisa32r6-linux-gnu binutils-mipsisa32r6el-linux-gnu binutils-mipsisa64r6-linux-gnuabi64 binutils-mipsisa64r6-linux-gnuabin32 binutils-mipsisa64r6el-linux-gnuabi64 binutils-mipsisa64r6el-linux-gnuabin32 binutils-multiarch binutils-multiarch-dev binutils-powerpc-linux-gnu binutils-powerpc-linux-gnuspe binutils-powerpc64-linux-gnu binutils-powerpc64le-linux-gnu binutils-riscv64-linux-gnu binutils-s390x-linux-gnu binutils-sh4-linux-gnu binutils-source binutils-sparc64-linux-gnu binutils-x86-64-kfreebsd-gnu binutils-x86-64-linux-gnu binutils-x86-64-linux-gnux32 libbinutils imagemagick imagemagick-6-common imagemagick-6-doc imagemagick-6.q16 imagemagick-6.q16hdri imagemagick-common imagemagick-doc libimage-magick-perl libimage-magick-q16-perl libimage-magick-q16hdri-perl libmagick++-6-headers libmagick++-6.q16-7 libmagick++-6.q16-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libmagick++-dev libmagickcore-6-arch-config libmagickcore-6-headers libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickcore-dev libmagickwand-6-headers libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagickwand-dev perlmagick memcached libecpg-compat3 libecpg-dev libecpg6 libpgtypes3 libpq-dev libpq5 postgresql-10 postgresql-client-10 postgresql-doc-10 postgresql-plperl-10 postgresql-plpython-10 postgresql-plpython3-10 postgresql-pltcl-10 postgresql-server-dev-10 exim4 exim4-base exim4-config exim4-daemon-heavy exim4-daemon-light exim4-dev eximon4 libwebp-dev libwebp6 libwebpdemux2 libwebpmux3 webp bind9 bind9-doc bind9-host bind9utils dnsutils libbind-dev libbind-export-dev libbind9-160 libdns-export1100 libdns1100 libirs-export160 libirs160 libisc-export169 libisc169 libisccc-export160 libisccc160 libisccfg-export160 libisccfg160 liblwres160 idle-python3.6 libpython3.6 libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib libpython3.6-testsuite python3.6 python3.6-dev python3.6-doc python3.6-examples python3.6-minimal python3.6-venv idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-doc libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev cups cups-bsd cups-client cups-common cups-core-drivers cups-daemon cups-ipp-utils cups-ppdc cups-server-common libcups2 libcups2-dev libcupscgi1 libcupsimage2 libcupsimage2-dev libcupsmime1 libcupsppdc1 libglib2.0-0 libglib2.0-bin libglib2.0-data libglib2.0-dev libglib2.0-dev-bin libglib2.0-doc libglib2.0-tests libnginx-mod-http-auth-pam libnginx-mod-http-cache-purge libnginx-mod-http-dav-ext libnginx-mod-http-echo libnginx-mod-http-fancyindex libnginx-mod-http-geoip libnginx-mod-http-headers-more-filter libnginx-mod-http-image-filter libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-http-perl libnginx-mod-http-subs-filter libnginx-mod-http-uploadprogress libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-nchan libnginx-mod-rtmp libnginx-mod-stream nginx nginx-common nginx-core nginx-doc nginx-extras nginx-full nginx-light linux-buildinfo-4.15.0-219-tuxcare.els7-generic linux-buildinfo-4.15.0-219-tuxcare.els7-lowlatency linux-cloud-tools-4.15.0-219-tuxcare.els7 linux-cloud-tools-4.15.0-219-tuxcare.els7-generic linux-cloud-tools-4.15.0-219-tuxcare.els7-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-219-tuxcare.els7 linux-headers-4.15.0-219-tuxcare.els7-generic linux-headers-4.15.0-219-tuxcare.els7-lowlatency linux-image-unsigned-4.15.0-219-tuxcare.els7-generic linux-image-unsigned-4.15.0-219-tuxcare.els7-lowlatency linux-libc-dev linux-modules-4.15.0-219-tuxcare.els7-generic linux-modules-4.15.0-219-tuxcare.els7-lowlatency linux-modules-extra-4.15.0-219-tuxcare.els7-generic linux-source-4.15.0 linux-tools-4.15.0-219-tuxcare.els7 linux-tools-4.15.0-219-tuxcare.els7-generic linux-tools-4.15.0-219-tuxcare.els7-lowlatency linux-tools-common linux-tools-host quagga quagga-bgpd quagga-core quagga-doc quagga-isisd quagga-ospf6d quagga-ospfd quagga-pimd quagga-ripd quagga-ripngd openjdk-11-demo openjdk-11-doc openjdk-11-jdk openjdk-11-jdk-headless openjdk-11-jre openjdk-11-jre-headless openjdk-11-jre-zero openjdk-11-source lib32z1 lib32z1-dev libx32z1 libx32z1-dev zlib1g zlib1g-dev linux-buildinfo-4.15.0-220-tuxcare.els8-generic linux-buildinfo-4.15.0-220-tuxcare.els8-lowlatency linux-cloud-tools-4.15.0-220-tuxcare.els8 linux-cloud-tools-4.15.0-220-tuxcare.els8-generic linux-cloud-tools-4.15.0-220-tuxcare.els8-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-220-tuxcare.els8 linux-headers-4.15.0-220-tuxcare.els8-generic linux-headers-4.15.0-220-tuxcare.els8-lowlatency linux-image-unsigned-4.15.0-220-tuxcare.els8-generic linux-image-unsigned-4.15.0-220-tuxcare.els8-lowlatency linux-libc-dev linux-modules-4.15.0-220-tuxcare.els8-generic linux-modules-4.15.0-220-tuxcare.els8-lowlatency linux-modules-extra-4.15.0-220-tuxcare.els8-generic linux-source-4.15.0 linux-tools-4.15.0-220-tuxcare.els8 linux-tools-4.15.0-220-tuxcare.els8-generic linux-tools-4.15.0-220-tuxcare.els8-lowlatency linux-tools-common linux-tools-host haproxy haproxy-doc vim-haproxy libtomcat8-embed-java libtomcat8-java tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-examples tomcat8-user libtomcat9-embed-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples tomcat9-user apache2 apache2-bin apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils binutils binutils-aarch64-linux-gnu binutils-alpha-linux-gnu binutils-arm-linux-gnueabi binutils-arm-linux-gnueabihf binutils-common binutils-dev binutils-doc binutils-for-build binutils-for-host binutils-hppa-linux-gnu binutils-hppa64-linux-gnu binutils-i686-gnu binutils-i686-kfreebsd-gnu binutils-i686-linux-gnu binutils-ia64-linux-gnu binutils-m68k-linux-gnu binutils-mips-linux-gnu binutils-mips64-linux-gnuabi64 binutils-mips64-linux-gnuabin32 binutils-mips64el-linux-gnuabi64 binutils-mips64el-linux-gnuabin32 binutils-mipsel-linux-gnu binutils-mipsisa32r6-linux-gnu binutils-mipsisa32r6el-linux-gnu binutils-mipsisa64r6-linux-gnuabi64 binutils-mipsisa64r6-linux-gnuabin32 binutils-mipsisa64r6el-linux-gnuabi64 binutils-mipsisa64r6el-linux-gnuabin32 binutils-multiarch binutils-multiarch-dev binutils-powerpc-linux-gnu binutils-powerpc-linux-gnuspe binutils-powerpc64-linux-gnu binutils-powerpc64le-linux-gnu binutils-riscv64-linux-gnu binutils-s390x-linux-gnu binutils-sh4-linux-gnu binutils-source binutils-sparc64-linux-gnu binutils-x86-64-kfreebsd-gnu binutils-x86-64-linux-gnu binutils-x86-64-linux-gnux32 libbinutils binutils binutils-aarch64-linux-gnu binutils-alpha-linux-gnu binutils-arm-linux-gnueabi binutils-arm-linux-gnueabihf binutils-common binutils-dev binutils-doc binutils-for-build binutils-for-host binutils-hppa-linux-gnu binutils-hppa64-linux-gnu binutils-i686-gnu binutils-i686-kfreebsd-gnu binutils-i686-linux-gnu binutils-ia64-linux-gnu binutils-m68k-linux-gnu binutils-mips-linux-gnu binutils-mips64-linux-gnuabi64 binutils-mips64-linux-gnuabin32 binutils-mips64el-linux-gnuabi64 binutils-mips64el-linux-gnuabin32 binutils-mipsel-linux-gnu binutils-mipsisa32r6-linux-gnu binutils-mipsisa32r6el-linux-gnu binutils-mipsisa64r6-linux-gnuabi64 binutils-mipsisa64r6-linux-gnuabin32 binutils-mipsisa64r6el-linux-gnuabi64 binutils-mipsisa64r6el-linux-gnuabin32 binutils-multiarch binutils-multiarch-dev binutils-powerpc-linux-gnu binutils-powerpc-linux-gnuspe binutils-powerpc64-linux-gnu binutils-powerpc64le-linux-gnu binutils-riscv64-linux-gnu binutils-s390x-linux-gnu binutils-sh4-linux-gnu binutils-source binutils-sparc64-linux-gnu binutils-x86-64-kfreebsd-gnu binutils-x86-64-linux-gnu binutils-x86-64-linux-gnux32 libbinutils exim4 exim4-base exim4-config exim4-daemon-heavy exim4-daemon-light exim4-dev eximon4 ntp ntp-doc ntpdate sntp idle-python3.6 libpython3.6 libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib libpython3.6-testsuite python3.6 python3.6-dev python3.6-doc python3.6-examples python3.6-minimal python3.6-venv libapache2-mod-php7.2 libphp7.2-embed php7.2 php7.2-bcmath php7.2-bz2 php7.2-cgi php7.2-cli php7.2-common php7.2-curl php7.2-dba php7.2-dev php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-interbase php7.2-intl php7.2-json php7.2-ldap php7.2-mbstring php7.2-mysql php7.2-odbc php7.2-opcache php7.2-pgsql php7.2-phpdbg php7.2-pspell php7.2-readline php7.2-recode php7.2-snmp php7.2-soap php7.2-sqlite3 php7.2-sybase php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip cups cups-bsd cups-client cups-common cups-core-drivers cups-daemon cups-ipp-utils cups-ppdc cups-server-common libcups2 libcups2-dev libcupscgi1 libcupsimage2 libcupsimage2-dev libcupsmime1 libcupsppdc1 exim4 exim4-base exim4-config exim4-daemon-heavy exim4-daemon-light exim4-dev eximon4 krb5-admin-server krb5-doc krb5-gss-samples krb5-k5tls krb5-kdc krb5-kdc-ldap krb5-kpropd krb5-locales krb5-multidev krb5-otp krb5-pkinit krb5-user libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit11 libkadm5srv-mit11 libkdb5-9 libkrad-dev libkrad0 libkrb5-3 libkrb5-dev libkrb5support0 squid squid-cgi squid-common squid-purge squid3 squidclient libssl-dev libssl-doc libssl1.1 openssl ctdb libnss-winbind libpam-winbind libparse-pidl-perl libsmbclient libsmbclient-dev libwbclient-dev libwbclient0 python-samba registry-tools samba samba-common samba-common-bin samba-dev samba-dsdb-modules samba-libs samba-testsuite samba-vfs-modules smbclient winbind linux-buildinfo-4.15.0-221-tuxcare.els9-generic linux-buildinfo-4.15.0-221-tuxcare.els9-lowlatency linux-cloud-tools-4.15.0-221-tuxcare.els9 linux-cloud-tools-4.15.0-221-tuxcare.els9-generic linux-cloud-tools-4.15.0-221-tuxcare.els9-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-221-tuxcare.els9 linux-headers-4.15.0-221-tuxcare.els9-generic linux-headers-4.15.0-221-tuxcare.els9-lowlatency linux-image-unsigned-4.15.0-221-tuxcare.els9-generic linux-image-unsigned-4.15.0-221-tuxcare.els9-lowlatency linux-libc-dev linux-modules-4.15.0-221-tuxcare.els9-generic linux-modules-4.15.0-221-tuxcare.els9-lowlatency linux-modules-extra-4.15.0-221-tuxcare.els9-generic linux-source-4.15.0 linux-tools-4.15.0-221-tuxcare.els9 linux-tools-4.15.0-221-tuxcare.els9-generic linux-tools-4.15.0-221-tuxcare.els9-lowlatency linux-tools-common linux-tools-host libprocps-dev libprocps6 procps idle-python3.6 libpython3.6 libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib libpython3.6-testsuite python3.6 python3.6-dev python3.6-doc python3.6-examples python3.6-minimal python3.6-venv idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal intel-microcode squid squid-cgi squid-common squid-purge squid3 squidclient libmysqlclient-dev libmysqlclient20 libmysqld-dev mysql-client mysql-client-5.7 mysql-client-core-5.7 mysql-server mysql-server-5.7 mysql-server-core-5.7 mysql-source-5.7 mysql-testsuite mysql-testsuite-5.7 idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal ctdb libnss-winbind libpam-winbind libparse-pidl-perl libsmbclient libsmbclient-dev libwbclient-dev libwbclient0 python-samba registry-tools samba samba-common samba-common-bin samba-dev samba-dsdb-modules samba-libs samba-testsuite samba-vfs-modules smbclient winbind squid squid-cgi squid-common squid-purge squid3 squidclient libecpg-compat3 libecpg-dev libecpg6 libpgtypes3 libpq-dev libpq5 postgresql-10 postgresql-client-10 postgresql-doc-10 postgresql-plperl-10 postgresql-plpython-10 postgresql-plpython3-10 postgresql-pltcl-10 postgresql-server-dev-10 openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openjdk-8-demo openjdk-8-doc openjdk-8-jdk openjdk-8-jdk-headless openjdk-8-jre openjdk-8-jre-headless openjdk-8-jre-zero openjdk-8-source haproxy haproxy-doc vim-haproxy libtomcat8-embed-java libtomcat8-java tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-examples tomcat8-user linux-buildinfo-4.15.0-222-tuxcare.els10-generic linux-buildinfo-4.15.0-222-tuxcare.els10-lowlatency linux-cloud-tools-4.15.0-222-tuxcare.els10 linux-cloud-tools-4.15.0-222-tuxcare.els10-generic linux-cloud-tools-4.15.0-222-tuxcare.els10-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-222-tuxcare.els10 linux-headers-4.15.0-222-tuxcare.els10-generic linux-headers-4.15.0-222-tuxcare.els10-lowlatency linux-image-unsigned-4.15.0-222-tuxcare.els10-generic linux-image-unsigned-4.15.0-222-tuxcare.els10-lowlatency linux-libc-dev linux-modules-4.15.0-222-tuxcare.els10-generic linux-modules-4.15.0-222-tuxcare.els10-lowlatency linux-modules-extra-4.15.0-222-tuxcare.els10-generic linux-source-4.15.0 linux-tools-4.15.0-222-tuxcare.els10 linux-tools-4.15.0-222-tuxcare.els10-generic linux-tools-4.15.0-222-tuxcare.els10-lowlatency linux-tools-common linux-tools-host squid squid-cgi squid-common squid-purge squid3 squidclient lemon libsqlite3-0 libsqlite3-dev libsqlite3-tcl sqlite3 sqlite3-doc linux-buildinfo-4.15.0-223-tuxcare.els11-generic linux-buildinfo-4.15.0-223-tuxcare.els11-lowlatency linux-cloud-tools-4.15.0-223-tuxcare.els11 linux-cloud-tools-4.15.0-223-tuxcare.els11-generic linux-cloud-tools-4.15.0-223-tuxcare.els11-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-223-tuxcare.els11 linux-headers-4.15.0-223-tuxcare.els11-generic linux-headers-4.15.0-223-tuxcare.els11-lowlatency linux-image-unsigned-4.15.0-223-tuxcare.els11-generic linux-image-unsigned-4.15.0-223-tuxcare.els11-lowlatency linux-libc-dev linux-modules-4.15.0-223-tuxcare.els11-generic linux-modules-4.15.0-223-tuxcare.els11-lowlatency linux-modules-extra-4.15.0-223-tuxcare.els11-generic linux-source-4.15.0 linux-tools-4.15.0-223-tuxcare.els11 linux-tools-4.15.0-223-tuxcare.els11-generic linux-tools-4.15.0-223-tuxcare.els11-lowlatency linux-tools-common linux-tools-host openjdk-11-demo openjdk-11-doc openjdk-11-jdk openjdk-11-jdk-headless openjdk-11-jre openjdk-11-jre-headless openjdk-11-jre-zero openjdk-11-source gnutls-bin gnutls-doc libgnutls-dane0 libgnutls-openssl27 libgnutls28-dev libgnutls30 libgnutlsxx28 openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome libtomcat9-embed-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples tomcat9-user libecpg-compat3 libecpg-dev libecpg6 libpgtypes3 libpq-dev libpq5 postgresql-10 postgresql-client-10 postgresql-doc-10 postgresql-plperl-10 postgresql-plpython-10 postgresql-plpython3-10 postgresql-pltcl-10 postgresql-server-dev-10 linux-buildinfo-4.15.0-224-tuxcare.els12-generic linux-buildinfo-4.15.0-224-tuxcare.els12-lowlatency linux-cloud-tools-4.15.0-224-tuxcare.els12 linux-cloud-tools-4.15.0-224-tuxcare.els12-generic linux-cloud-tools-4.15.0-224-tuxcare.els12-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-224-tuxcare.els12 linux-headers-4.15.0-224-tuxcare.els12-generic linux-headers-4.15.0-224-tuxcare.els12-lowlatency linux-image-unsigned-4.15.0-224-tuxcare.els12-generic linux-image-unsigned-4.15.0-224-tuxcare.els12-lowlatency linux-libc-dev linux-modules-4.15.0-224-tuxcare.els12-generic linux-modules-4.15.0-224-tuxcare.els12-lowlatency linux-modules-extra-4.15.0-224-tuxcare.els12-generic linux-source-4.15.0 linux-tools-4.15.0-224-tuxcare.els12 linux-tools-4.15.0-224-tuxcare.els12-generic linux-tools-4.15.0-224-tuxcare.els12-lowlatency linux-tools-common linux-tools-host libxml2 libxml2-dev libxml2-doc libxml2-utils python-libxml2 python3-libxml2 glibc-doc glibc-source libc-bin libc-dev-bin libc6 libc6-dev libc6-dev-i386 libc6-dev-x32 libc6-i386 libc6-pic libc6-x32 locales locales-all multiarch-support nscd libssl-dev libssl-doc libssl1.1 openssl bind9 bind9-doc bind9-host bind9utils dnsutils libbind-dev libbind-export-dev libbind9-160 libdns-export1100 libdns1100 libirs-export160 libirs160 libisc-export169 libisc169 libisccc-export160 libisccc160 libisccfg-export160 libisccfg160 liblwres160 exim4 exim4-base exim4-config exim4-daemon-heavy exim4-daemon-light exim4-dev eximon4 libssh-4 libssh-dev libssh-doc libssh-gcrypt-4 libssh-gcrypt-dev imagemagick imagemagick-6-common imagemagick-6-doc imagemagick-6.q16 imagemagick-6.q16hdri imagemagick-common imagemagick-doc libimage-magick-perl libimage-magick-q16-perl libimage-magick-q16hdri-perl libmagick++-6-headers libmagick++-6.q16-7 libmagick++-6.q16-dev libmagick++-6.q16hdri-7 libmagick++-6.q16hdri-dev libmagick++-dev libmagickcore-6-arch-config libmagickcore-6-headers libmagickcore-6.q16-3 libmagickcore-6.q16-3-extra libmagickcore-6.q16-dev libmagickcore-6.q16hdri-3 libmagickcore-6.q16hdri-3-extra libmagickcore-6.q16hdri-dev libmagickcore-dev libmagickwand-6-headers libmagickwand-6.q16-3 libmagickwand-6.q16-dev libmagickwand-6.q16hdri-3 libmagickwand-6.q16hdri-dev libmagickwand-dev perlmagick libssl-dev libssl-doc libssl1.1 openssl curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-doc libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev tar tar-scripts squid squid-cgi squid-common squid-purge squid3 squidclient openjdk-11-demo openjdk-11-doc openjdk-11-jdk openjdk-11-jdk-headless openjdk-11-jre openjdk-11-jre-headless openjdk-11-jre-zero openjdk-11-source linux-buildinfo-4.15.0-225-tuxcare.els13-generic linux-buildinfo-4.15.0-225-tuxcare.els13-lowlatency linux-cloud-tools-4.15.0-225-tuxcare.els13 linux-cloud-tools-4.15.0-225-tuxcare.els13-generic linux-cloud-tools-4.15.0-225-tuxcare.els13-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-225-tuxcare.els13 linux-headers-4.15.0-225-tuxcare.els13-generic linux-headers-4.15.0-225-tuxcare.els13-lowlatency linux-image-unsigned-4.15.0-225-tuxcare.els13-generic linux-image-unsigned-4.15.0-225-tuxcare.els13-lowlatency linux-libc-dev linux-modules-4.15.0-225-tuxcare.els13-generic linux-modules-4.15.0-225-tuxcare.els13-lowlatency linux-modules-extra-4.15.0-225-tuxcare.els13-generic linux-source-4.15.0 linux-tools-4.15.0-225-tuxcare.els13 linux-tools-4.15.0-225-tuxcare.els13-generic linux-tools-4.15.0-225-tuxcare.els13-lowlatency linux-tools-common linux-tools-host openjdk-8-demo openjdk-8-doc openjdk-8-jdk openjdk-8-jdk-headless openjdk-8-jre openjdk-8-jre-headless openjdk-8-jre-zero openjdk-8-source curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-doc libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev libpam-cracklib libpam-doc libpam-modules libpam-modules-bin libpam-runtime libpam0g libpam0g-dev linux-buildinfo-4.15.0-226-tuxcare.els14-generic linux-buildinfo-4.15.0-226-tuxcare.els14-lowlatency linux-cloud-tools-4.15.0-226-tuxcare.els14 linux-cloud-tools-4.15.0-226-tuxcare.els14-generic linux-cloud-tools-4.15.0-226-tuxcare.els14-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-226-tuxcare.els14 linux-headers-4.15.0-226-tuxcare.els14-generic linux-headers-4.15.0-226-tuxcare.els14-lowlatency linux-image-unsigned-4.15.0-226-tuxcare.els14-generic linux-image-unsigned-4.15.0-226-tuxcare.els14-lowlatency linux-libc-dev linux-modules-4.15.0-226-tuxcare.els14-generic linux-modules-4.15.0-226-tuxcare.els14-lowlatency linux-modules-extra-4.15.0-226-tuxcare.els14-generic linux-source-4.15.0 linux-tools-4.15.0-226-tuxcare.els14 linux-tools-4.15.0-226-tuxcare.els14-generic linux-tools-4.15.0-226-tuxcare.els14-lowlatency linux-tools-common linux-tools-host linux-buildinfo-4.15.0-227-tuxcare.els15-generic linux-buildinfo-4.15.0-227-tuxcare.els15-lowlatency linux-cloud-tools-4.15.0-227-tuxcare.els15 linux-cloud-tools-4.15.0-227-tuxcare.els15-generic linux-cloud-tools-4.15.0-227-tuxcare.els15-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-227-tuxcare.els15 linux-headers-4.15.0-227-tuxcare.els15-generic linux-headers-4.15.0-227-tuxcare.els15-lowlatency linux-image-unsigned-4.15.0-227-tuxcare.els15-generic linux-image-unsigned-4.15.0-227-tuxcare.els15-lowlatency linux-libc-dev linux-modules-4.15.0-227-tuxcare.els15-generic linux-modules-4.15.0-227-tuxcare.els15-lowlatency linux-modules-extra-4.15.0-227-tuxcare.els15-generic linux-source-4.15.0 linux-tools-4.15.0-227-tuxcare.els15 linux-tools-4.15.0-227-tuxcare.els15-generic linux-tools-4.15.0-227-tuxcare.els15-lowlatency linux-tools-common linux-tools-host less libapache2-mod-php7.2 libphp7.2-embed php7.2 php7.2-bcmath php7.2-bz2 php7.2-cgi php7.2-cli php7.2-common php7.2-curl php7.2-dba php7.2-dev php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-interbase php7.2-intl php7.2-json php7.2-ldap php7.2-mbstring php7.2-mysql php7.2-odbc php7.2-opcache php7.2-pgsql php7.2-phpdbg php7.2-pspell php7.2-readline php7.2-recode php7.2-snmp php7.2-soap php7.2-sqlite3 php7.2-sybase php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip squid squid-cgi squid-common squid-purge squid3 squidclient libodbc1 odbcinst odbcinst1debian2 unixodbc unixodbc-dev libapache2-mod-php7.2 libphp7.2-embed php7.2 php7.2-bcmath php7.2-bz2 php7.2-cgi php7.2-cli php7.2-common php7.2-curl php7.2-dba php7.2-dev php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-interbase php7.2-intl php7.2-json php7.2-ldap php7.2-mbstring php7.2-mysql php7.2-odbc php7.2-opcache php7.2-pgsql php7.2-phpdbg php7.2-pspell php7.2-readline php7.2-recode php7.2-snmp php7.2-soap php7.2-sqlite3 php7.2-sybase php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip less linux-buildinfo-4.15.0-228-tuxcare.els16-generic linux-buildinfo-4.15.0-228-tuxcare.els16-lowlatency linux-cloud-tools-4.15.0-228-tuxcare.els16 linux-cloud-tools-4.15.0-228-tuxcare.els16-generic linux-cloud-tools-4.15.0-228-tuxcare.els16-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-228-tuxcare.els16 linux-headers-4.15.0-228-tuxcare.els16-generic linux-headers-4.15.0-228-tuxcare.els16-lowlatency linux-image-unsigned-4.15.0-228-tuxcare.els16-generic linux-image-unsigned-4.15.0-228-tuxcare.els16-lowlatency linux-libc-dev linux-modules-4.15.0-228-tuxcare.els16-generic linux-modules-4.15.0-228-tuxcare.els16-lowlatency linux-modules-extra-4.15.0-228-tuxcare.els16-generic linux-source-4.15.0 linux-tools-4.15.0-228-tuxcare.els16 linux-tools-4.15.0-228-tuxcare.els16-generic linux-tools-4.15.0-228-tuxcare.els16-lowlatency linux-tools-common linux-tools-host ansible lib32z1 lib32z1-dev libx32z1 libx32z1-dev zlib1g zlib1g-dev linux-buildinfo-4.15.0-229-tuxcare.els17-generic linux-buildinfo-4.15.0-229-tuxcare.els17-lowlatency linux-cloud-tools-4.15.0-229-tuxcare.els17 linux-cloud-tools-4.15.0-229-tuxcare.els17-generic linux-cloud-tools-4.15.0-229-tuxcare.els17-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-229-tuxcare.els17 linux-headers-4.15.0-229-tuxcare.els17-generic linux-headers-4.15.0-229-tuxcare.els17-lowlatency linux-image-unsigned-4.15.0-229-tuxcare.els17-generic linux-image-unsigned-4.15.0-229-tuxcare.els17-lowlatency linux-libc-dev linux-modules-4.15.0-229-tuxcare.els17-generic linux-modules-4.15.0-229-tuxcare.els17-lowlatency linux-modules-extra-4.15.0-229-tuxcare.els17-generic linux-source-4.15.0 linux-tools-4.15.0-229-tuxcare.els17 linux-tools-4.15.0-229-tuxcare.els17-generic linux-tools-4.15.0-229-tuxcare.els17-lowlatency linux-tools-common linux-tools-host libprocps-dev libprocps6 procps libapache2-mod-php7.2 libphp7.2-embed php7.2 php7.2-bcmath php7.2-bz2 php7.2-cgi php7.2-cli php7.2-common php7.2-curl php7.2-dba php7.2-dev php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-interbase php7.2-intl php7.2-json php7.2-ldap php7.2-mbstring php7.2-mysql php7.2-odbc php7.2-opcache php7.2-pgsql php7.2-phpdbg php7.2-pspell php7.2-readline php7.2-recode php7.2-snmp php7.2-soap php7.2-sqlite3 php7.2-sybase php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip linux-buildinfo-4.15.0-230-tuxcare.els18-generic linux-buildinfo-4.15.0-230-tuxcare.els18-lowlatency linux-cloud-tools-4.15.0-230-tuxcare.els18 linux-cloud-tools-4.15.0-230-tuxcare.els18-generic linux-cloud-tools-4.15.0-230-tuxcare.els18-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-230-tuxcare.els18 linux-headers-4.15.0-230-tuxcare.els18-generic linux-headers-4.15.0-230-tuxcare.els18-lowlatency linux-image-unsigned-4.15.0-230-tuxcare.els18-generic linux-image-unsigned-4.15.0-230-tuxcare.els18-lowlatency linux-libc-dev linux-modules-4.15.0-230-tuxcare.els18-generic linux-modules-4.15.0-230-tuxcare.els18-lowlatency linux-modules-extra-4.15.0-230-tuxcare.els18-generic linux-source-4.15.0 linux-tools-4.15.0-230-tuxcare.els18 linux-tools-4.15.0-230-tuxcare.els18-generic linux-tools-4.15.0-230-tuxcare.els18-lowlatency linux-tools-common linux-tools-host linux-buildinfo-4.15.0-231-tuxcare.els19-generic linux-buildinfo-4.15.0-231-tuxcare.els19-lowlatency linux-cloud-tools-4.15.0-231-tuxcare.els19 linux-cloud-tools-4.15.0-231-tuxcare.els19-generic linux-cloud-tools-4.15.0-231-tuxcare.els19-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-231-tuxcare.els19 linux-headers-4.15.0-231-tuxcare.els19-generic linux-headers-4.15.0-231-tuxcare.els19-lowlatency linux-image-unsigned-4.15.0-231-tuxcare.els19-generic linux-image-unsigned-4.15.0-231-tuxcare.els19-lowlatency linux-libc-dev linux-modules-4.15.0-231-tuxcare.els19-generic linux-modules-4.15.0-231-tuxcare.els19-lowlatency linux-modules-extra-4.15.0-231-tuxcare.els19-generic linux-source-4.15.0 linux-tools-4.15.0-231-tuxcare.els19 linux-tools-4.15.0-231-tuxcare.els19-generic linux-tools-4.15.0-231-tuxcare.els19-lowlatency linux-tools-common linux-tools-host glibc-doc glibc-source libc-bin libc-dev-bin libc6 libc6-dev libc6-dev-i386 libc6-dev-x32 libc6-i386 libc6-pic libc6-x32 locales locales-all multiarch-support nscd git git-all git-cvs git-daemon-run git-daemon-sysvinit git-doc git-el git-email git-gui git-man git-mediawiki git-svn gitk gitweb intel-microcode idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal linux-buildinfo-4.15.0-232-tuxcare.els20-generic linux-buildinfo-4.15.0-232-tuxcare.els20-lowlatency linux-cloud-tools-4.15.0-232-tuxcare.els20 linux-cloud-tools-4.15.0-232-tuxcare.els20-generic linux-cloud-tools-4.15.0-232-tuxcare.els20-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-232-tuxcare.els20 linux-headers-4.15.0-232-tuxcare.els20-generic linux-headers-4.15.0-232-tuxcare.els20-lowlatency linux-image-unsigned-4.15.0-232-tuxcare.els20-generic linux-image-unsigned-4.15.0-232-tuxcare.els20-lowlatency linux-libc-dev linux-modules-4.15.0-232-tuxcare.els20-generic linux-modules-4.15.0-232-tuxcare.els20-lowlatency linux-modules-extra-4.15.0-232-tuxcare.els20-generic linux-source-4.15.0 linux-tools-4.15.0-232-tuxcare.els20 linux-tools-4.15.0-232-tuxcare.els20-generic linux-tools-4.15.0-232-tuxcare.els20-lowlatency linux-tools-common linux-tools-host gdb gdb-doc gdb-multiarch gdb-source gdbserver linux-buildinfo-4.15.0-233-tuxcare.els21-generic linux-buildinfo-4.15.0-233-tuxcare.els21-lowlatency linux-cloud-tools-4.15.0-233-tuxcare.els21 linux-cloud-tools-4.15.0-233-tuxcare.els21-generic linux-cloud-tools-4.15.0-233-tuxcare.els21-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-233-tuxcare.els21 linux-headers-4.15.0-233-tuxcare.els21-generic linux-headers-4.15.0-233-tuxcare.els21-lowlatency linux-image-unsigned-4.15.0-233-tuxcare.els21-generic linux-image-unsigned-4.15.0-233-tuxcare.els21-lowlatency linux-libc-dev linux-modules-4.15.0-233-tuxcare.els21-generic linux-modules-4.15.0-233-tuxcare.els21-lowlatency linux-modules-extra-4.15.0-233-tuxcare.els21-generic linux-source-4.15.0 linux-tools-4.15.0-233-tuxcare.els21 linux-tools-4.15.0-233-tuxcare.els21-generic linux-tools-4.15.0-233-tuxcare.els21-lowlatency linux-tools-common linux-tools-host idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal wget linux-buildinfo-4.15.0-234-tuxcare.els22-generic linux-buildinfo-4.15.0-234-tuxcare.els22-lowlatency linux-cloud-tools-4.15.0-234-tuxcare.els22 linux-cloud-tools-4.15.0-234-tuxcare.els22-generic linux-cloud-tools-4.15.0-234-tuxcare.els22-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-234-tuxcare.els22 linux-headers-4.15.0-234-tuxcare.els22-generic linux-headers-4.15.0-234-tuxcare.els22-lowlatency linux-image-unsigned-4.15.0-234-tuxcare.els22-generic linux-image-unsigned-4.15.0-234-tuxcare.els22-lowlatency linux-libc-dev linux-modules-4.15.0-234-tuxcare.els22-generic linux-modules-4.15.0-234-tuxcare.els22-lowlatency linux-modules-extra-4.15.0-234-tuxcare.els22-generic linux-source-4.15.0 linux-tools-4.15.0-234-tuxcare.els22 linux-tools-4.15.0-234-tuxcare.els22-generic linux-tools-4.15.0-234-tuxcare.els22-lowlatency linux-tools-common linux-tools-host linux-buildinfo-4.15.0-235-tuxcare.els23-generic linux-buildinfo-4.15.0-235-tuxcare.els23-lowlatency linux-cloud-tools-4.15.0-235-tuxcare.els23 linux-cloud-tools-4.15.0-235-tuxcare.els23-generic linux-cloud-tools-4.15.0-235-tuxcare.els23-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-235-tuxcare.els23 linux-headers-4.15.0-235-tuxcare.els23-generic linux-headers-4.15.0-235-tuxcare.els23-lowlatency linux-image-unsigned-4.15.0-235-tuxcare.els23-generic linux-image-unsigned-4.15.0-235-tuxcare.els23-lowlatency linux-libc-dev linux-modules-4.15.0-235-tuxcare.els23-generic linux-modules-4.15.0-235-tuxcare.els23-lowlatency linux-modules-extra-4.15.0-235-tuxcare.els23-generic linux-source-4.15.0 linux-tools-4.15.0-235-tuxcare.els23 linux-tools-4.15.0-235-tuxcare.els23-generic linux-tools-4.15.0-235-tuxcare.els23-lowlatency linux-tools-common linux-tools-host idle-python3.6 libpython3.6 libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib libpython3.6-testsuite python3.6 python3.6-dev python3.6-doc python3.6-examples python3.6-minimal python3.6-venv bind9 bind9-doc bind9-host bind9utils dnsutils libbind-dev libbind-export-dev libbind9-160 libdns-export1100 libdns1100 libirs-export160 libirs160 libisc-export169 libisc169 libisccc-export160 libisccc160 libisccfg-export160 libisccfg160 liblwres160 linux-buildinfo-4.15.0-236-tuxcare.els24-generic linux-buildinfo-4.15.0-236-tuxcare.els24-lowlatency linux-cloud-tools-4.15.0-236-tuxcare.els24 linux-cloud-tools-4.15.0-236-tuxcare.els24-generic linux-cloud-tools-4.15.0-236-tuxcare.els24-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-236-tuxcare.els24 linux-headers-4.15.0-236-tuxcare.els24-generic linux-headers-4.15.0-236-tuxcare.els24-lowlatency linux-image-unsigned-4.15.0-236-tuxcare.els24-generic linux-image-unsigned-4.15.0-236-tuxcare.els24-lowlatency linux-libc-dev linux-modules-4.15.0-236-tuxcare.els24-generic linux-modules-4.15.0-236-tuxcare.els24-lowlatency linux-modules-extra-4.15.0-236-tuxcare.els24-generic linux-source-4.15.0 linux-tools-4.15.0-236-tuxcare.els24 linux-tools-4.15.0-236-tuxcare.els24-generic linux-tools-4.15.0-236-tuxcare.els24-lowlatency linux-tools-common linux-tools-host apache2 apache2-bin apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils apache2 apache2-bin apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils squid squid-cgi squid-common squid-purge squid3 squidclient libtomcat9-embed-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples tomcat9-user bind9 bind9-doc bind9-host bind9utils dnsutils libbind-dev libbind-export-dev libbind9-160 libdns-export1100 libdns1100 libirs-export160 libirs160 libisc-export169 libisc169 libisccc-export160 libisccc160 libisccfg-export160 libisccfg160 liblwres160 expat libexpat1 libexpat1-dev curl libcurl3-gnutls libcurl3-nss libcurl4 libcurl4-doc libcurl4-gnutls-dev libcurl4-nss-dev libcurl4-openssl-dev openjdk-11-demo openjdk-11-doc openjdk-11-jdk openjdk-11-jdk-headless openjdk-11-jre openjdk-11-jre-headless openjdk-11-jre-zero openjdk-11-source openjdk-8-demo openjdk-8-doc openjdk-8-jdk openjdk-8-jdk-headless openjdk-8-jre openjdk-8-jre-headless openjdk-8-jre-zero openjdk-8-source krb5-admin-server krb5-doc krb5-gss-samples krb5-k5tls krb5-kdc krb5-kdc-ldap krb5-kpropd krb5-locales krb5-multidev krb5-otp krb5-pkinit krb5-user libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit11 libkadm5srv-mit11 libkdb5-9 libkrad-dev libkrad0 libkrb5-3 libkrb5-dev libkrb5support0 libecpg-compat3 libecpg-dev libecpg6 libpgtypes3 libpq-dev libpq5 postgresql-10 postgresql-client-10 postgresql-doc-10 postgresql-plperl-10 postgresql-plpython-10 postgresql-plpython3-10 postgresql-pltcl-10 postgresql-server-dev-10 git git-all git-cvs git-daemon-run git-daemon-sysvinit git-doc git-el git-email git-gui git-man git-mediawiki git-svn gitk gitweb linux-buildinfo-4.15.0-237-tuxcare.els25-generic linux-buildinfo-4.15.0-237-tuxcare.els25-lowlatency linux-cloud-tools-4.15.0-237-tuxcare.els25 linux-cloud-tools-4.15.0-237-tuxcare.els25-generic linux-cloud-tools-4.15.0-237-tuxcare.els25-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-237-tuxcare.els25 linux-headers-4.15.0-237-tuxcare.els25-generic linux-headers-4.15.0-237-tuxcare.els25-lowlatency linux-image-unsigned-4.15.0-237-tuxcare.els25-generic linux-image-unsigned-4.15.0-237-tuxcare.els25-lowlatency linux-libc-dev linux-modules-4.15.0-237-tuxcare.els25-generic linux-modules-4.15.0-237-tuxcare.els25-lowlatency linux-modules-extra-4.15.0-237-tuxcare.els25-generic linux-source-4.15.0 linux-tools-4.15.0-237-tuxcare.els25 linux-tools-4.15.0-237-tuxcare.els25-generic linux-tools-4.15.0-237-tuxcare.els25-lowlatency linux-tools-common linux-tools-host idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal git git-all git-cvs git-daemon-run git-daemon-sysvinit git-doc git-el git-email git-gui git-man git-mediawiki git-svn gitk gitweb amd64-microcode apache2 apache2-bin apache2-data apache2-dev apache2-doc apache2-ssl-dev apache2-suexec-custom apache2-suexec-pristine apache2-utils intel-microcode linux-buildinfo-4.15.0-238-tuxcare.els26-generic linux-buildinfo-4.15.0-238-tuxcare.els26-lowlatency linux-cloud-tools-4.15.0-238-tuxcare.els26 linux-cloud-tools-4.15.0-238-tuxcare.els26-generic linux-cloud-tools-4.15.0-238-tuxcare.els26-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-238-tuxcare.els26 linux-headers-4.15.0-238-tuxcare.els26-generic linux-headers-4.15.0-238-tuxcare.els26-lowlatency linux-image-unsigned-4.15.0-238-tuxcare.els26-generic linux-image-unsigned-4.15.0-238-tuxcare.els26-lowlatency linux-libc-dev linux-modules-4.15.0-238-tuxcare.els26-generic linux-modules-4.15.0-238-tuxcare.els26-lowlatency linux-modules-extra-4.15.0-238-tuxcare.els26-generic linux-source-4.15.0 linux-tools-4.15.0-238-tuxcare.els26 linux-tools-4.15.0-238-tuxcare.els26-generic linux-tools-4.15.0-238-tuxcare.els26-lowlatency linux-tools-common linux-tools-host intel-microcode linux-buildinfo-4.15.0-239-tuxcare.els27-generic linux-buildinfo-4.15.0-239-tuxcare.els27-lowlatency linux-cloud-tools-4.15.0-239-tuxcare.els27 linux-cloud-tools-4.15.0-239-tuxcare.els27-generic linux-cloud-tools-4.15.0-239-tuxcare.els27-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-239-tuxcare.els27 linux-headers-4.15.0-239-tuxcare.els27-generic linux-headers-4.15.0-239-tuxcare.els27-lowlatency linux-image-unsigned-4.15.0-239-tuxcare.els27-generic linux-image-unsigned-4.15.0-239-tuxcare.els27-lowlatency linux-libc-dev linux-modules-4.15.0-239-tuxcare.els27-generic linux-modules-4.15.0-239-tuxcare.els27-lowlatency linux-modules-extra-4.15.0-239-tuxcare.els27-generic linux-source-4.15.0 linux-tools-4.15.0-239-tuxcare.els27 linux-tools-4.15.0-239-tuxcare.els27-generic linux-tools-4.15.0-239-tuxcare.els27-lowlatency linux-tools-common linux-tools-host libapache2-mod-php7.2 libphp7.2-embed php7.2 php7.2-bcmath php7.2-bz2 php7.2-cgi php7.2-cli php7.2-common php7.2-curl php7.2-dba php7.2-dev php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-interbase php7.2-intl php7.2-json php7.2-ldap php7.2-mbstring php7.2-mysql php7.2-odbc php7.2-opcache php7.2-pgsql php7.2-phpdbg php7.2-pspell php7.2-readline php7.2-recode php7.2-snmp php7.2-soap php7.2-sqlite3 php7.2-sybase php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip idle-python3.6 libpython3.6 libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib libpython3.6-testsuite python3.6 python3.6-dev python3.6-doc python3.6-examples python3.6-minimal python3.6-venv idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal libapache2-mod-php7.2 libphp7.2-embed php7.2 php7.2-bcmath php7.2-bz2 php7.2-cgi php7.2-cli php7.2-common php7.2-curl php7.2-dba php7.2-dev php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-interbase php7.2-intl php7.2-json php7.2-ldap php7.2-mbstring php7.2-mysql php7.2-odbc php7.2-opcache php7.2-pgsql php7.2-phpdbg php7.2-pspell php7.2-readline php7.2-recode php7.2-snmp php7.2-soap php7.2-sqlite3 php7.2-sybase php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip git git-all git-cvs git-daemon-run git-daemon-sysvinit git-doc git-el git-email git-gui git-man git-mediawiki git-svn gitk gitweb libnginx-mod-http-auth-pam libnginx-mod-http-cache-purge libnginx-mod-http-dav-ext libnginx-mod-http-echo libnginx-mod-http-fancyindex libnginx-mod-http-geoip libnginx-mod-http-headers-more-filter libnginx-mod-http-image-filter libnginx-mod-http-lua libnginx-mod-http-ndk libnginx-mod-http-perl libnginx-mod-http-subs-filter libnginx-mod-http-uploadprogress libnginx-mod-http-upstream-fair libnginx-mod-http-xslt-filter libnginx-mod-mail libnginx-mod-nchan libnginx-mod-rtmp libnginx-mod-stream nginx nginx-common nginx-core nginx-doc nginx-extras nginx-full nginx-light git git-all git-cvs git-daemon-run git-daemon-sysvinit git-doc git-el git-email git-gui git-man git-mediawiki git-svn gitk gitweb bind9 bind9-doc bind9-host bind9utils dnsutils libbind-dev libbind-export-dev libbind9-160 libdns-export1100 libdns1100 libirs-export160 libirs160 libisc-export169 libisc169 libisccc-export160 libisccc160 libisccfg-export160 libisccfg160 liblwres160 linux-buildinfo-4.15.0-240-tuxcare.els28-generic linux-buildinfo-4.15.0-240-tuxcare.els28-lowlatency linux-cloud-tools-4.15.0-240-tuxcare.els28 linux-cloud-tools-4.15.0-240-tuxcare.els28-generic linux-cloud-tools-4.15.0-240-tuxcare.els28-lowlatency linux-cloud-tools-common linux-doc linux-headers-4.15.0-240-tuxcare.els28 linux-headers-4.15.0-240-tuxcare.els28-generic linux-headers-4.15.0-240-tuxcare.els28-lowlatency linux-image-unsigned-4.15.0-240-tuxcare.els28-generic linux-image-unsigned-4.15.0-240-tuxcare.els28-lowlatency linux-libc-dev linux-modules-4.15.0-240-tuxcare.els28-generic linux-modules-4.15.0-240-tuxcare.els28-lowlatency linux-modules-extra-4.15.0-240-tuxcare.els28-generic linux-source-4.15.0 linux-tools-4.15.0-240-tuxcare.els28 linux-tools-4.15.0-240-tuxcare.els28-generic linux-tools-4.15.0-240-tuxcare.els28-lowlatency linux-tools-common linux-tools-host openjdk-8-demo openjdk-8-doc openjdk-8-jdk openjdk-8-jdk-headless openjdk-8-jre openjdk-8-jre-headless openjdk-8-jre-zero openjdk-8-source libglib2.0-0 libglib2.0-bin libglib2.0-data libglib2.0-dev libglib2.0-dev-bin libglib2.0-doc libglib2.0-tests libtomcat9-embed-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples tomcat9-user squid squid-cgi squid-common squid-purge squid3 squidclient libtomcat8-embed-java libtomcat8-java tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-examples tomcat8-user needrestart needrestart linux-buildinfo-4.15.0-241-tuxcare.els29-generic linux-buildinfo-4.15.0-241-tuxcare.els29-lowlatency linux-cloud-tools-4.15.0-241-tuxcare.els29 linux-cloud-tools-4.15.0-241-tuxcare.els29-generic linux-cloud-tools-4.15.0-241-tuxcare.els29-lowlatency linux-cloud-tools-common linux-cloud-tools-generic linux-cloud-tools-lowlatency linux-crashdump linux-doc linux-generic linux-headers-4.15.0-241-tuxcare.els29 linux-headers-4.15.0-241-tuxcare.els29-generic linux-headers-4.15.0-241-tuxcare.els29-lowlatency linux-headers-generic linux-headers-lowlatency linux-image-generic linux-image-lowlatency linux-image-unsigned-4.15.0-241-tuxcare.els29-generic linux-image-unsigned-4.15.0-241-tuxcare.els29-lowlatency linux-libc-dev linux-lowlatency linux-modules-4.15.0-241-tuxcare.els29-generic linux-modules-4.15.0-241-tuxcare.els29-lowlatency linux-modules-extra-4.15.0-241-tuxcare.els29-generic linux-source linux-source-4.15.0 linux-tools-4.15.0-241-tuxcare.els29 linux-tools-4.15.0-241-tuxcare.els29-generic linux-tools-4.15.0-241-tuxcare.els29-lowlatency linux-tools-common linux-tools-generic linux-tools-host linux-tools-lowlatency quagga quagga-bgpd quagga-core quagga-doc quagga-isisd quagga-ospf6d quagga-ospfd quagga-pimd quagga-ripd quagga-ripngd linux-firmware idle-python3.6 libpython3.6 libpython3.6-dev libpython3.6-minimal libpython3.6-stdlib libpython3.6-testsuite python3.6 python3.6-dev python3.6-doc python3.6-examples python3.6-minimal python3.6-venv idle-python2.7 libpython2.7 libpython2.7-dev libpython2.7-minimal libpython2.7-stdlib libpython2.7-testsuite python2.7 python2.7-dev python2.7-doc python2.7-examples python2.7-minimal openjdk-11-demo openjdk-11-doc openjdk-11-jdk openjdk-11-jdk-headless openjdk-11-jre openjdk-11-jre-headless openjdk-11-jre-zero openjdk-11-source libapache2-mod-php7.2 libphp7.2-embed php7.2 php7.2-bcmath php7.2-bz2 php7.2-cgi php7.2-cli php7.2-common php7.2-curl php7.2-dba php7.2-dev php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-interbase php7.2-intl php7.2-json php7.2-ldap php7.2-mbstring php7.2-mysql php7.2-odbc php7.2-opcache php7.2-pgsql php7.2-phpdbg php7.2-pspell php7.2-readline php7.2-recode php7.2-snmp php7.2-soap php7.2-sqlite3 php7.2-sybase php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip libtomcat8-embed-java libtomcat8-java tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-examples tomcat8-user libtomcat9-embed-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples tomcat9-user libapache2-mod-php7.2 libphp7.2-embed php7.2 php7.2-bcmath php7.2-bz2 php7.2-cgi php7.2-cli php7.2-common php7.2-curl php7.2-dba php7.2-dev php7.2-enchant php7.2-fpm php7.2-gd php7.2-gmp php7.2-imap php7.2-interbase php7.2-intl php7.2-json php7.2-ldap php7.2-mbstring php7.2-mysql php7.2-odbc php7.2-opcache php7.2-pgsql php7.2-phpdbg php7.2-pspell php7.2-readline php7.2-recode php7.2-snmp php7.2-soap php7.2-sqlite3 php7.2-sybase php7.2-tidy php7.2-xml php7.2-xmlrpc php7.2-xsl php7.2-zip libtomcat8-embed-java libtomcat8-java tomcat8 tomcat8-admin tomcat8-common tomcat8-docs tomcat8-examples tomcat8-user expat libexpat1 libexpat1-dev linux-buildinfo-4.15.0-242-tuxcare.els30-generic linux-buildinfo-4.15.0-242-tuxcare.els30-lowlatency linux-cloud-tools-4.15.0-242-tuxcare.els30 linux-cloud-tools-4.15.0-242-tuxcare.els30-generic linux-cloud-tools-4.15.0-242-tuxcare.els30-lowlatency linux-cloud-tools-common linux-cloud-tools-generic linux-cloud-tools-lowlatency linux-crashdump linux-doc linux-generic linux-headers-4.15.0-242-tuxcare.els30 linux-headers-4.15.0-242-tuxcare.els30-generic linux-headers-4.15.0-242-tuxcare.els30-lowlatency linux-headers-generic linux-headers-lowlatency linux-image-generic linux-image-lowlatency linux-image-unsigned-4.15.0-242-tuxcare.els30-generic linux-image-unsigned-4.15.0-242-tuxcare.els30-lowlatency linux-libc-dev linux-lowlatency linux-modules-4.15.0-242-tuxcare.els30-generic linux-modules-4.15.0-242-tuxcare.els30-lowlatency linux-modules-extra-4.15.0-242-tuxcare.els30-generic linux-source linux-source-4.15.0 linux-tools-4.15.0-242-tuxcare.els30 linux-tools-4.15.0-242-tuxcare.els30-generic linux-tools-4.15.0-242-tuxcare.els30-lowlatency linux-tools-common linux-tools-generic linux-tools-host linux-tools-lowlatency intel-microcode libtomcat9-embed-java libtomcat9-java tomcat9 tomcat9-admin tomcat9-common tomcat9-docs tomcat9-examples tomcat9-user rsync linux-buildinfo-4.15.0-243-tuxcare.els31-generic linux-buildinfo-4.15.0-243-tuxcare.els31-lowlatency linux-cloud-tools-4.15.0-243-tuxcare.els31 linux-cloud-tools-4.15.0-243-tuxcare.els31-generic linux-cloud-tools-4.15.0-243-tuxcare.els31-lowlatency linux-headers-4.15.0-243-tuxcare.els31 linux-headers-4.15.0-243-tuxcare.els31-generic linux-headers-4.15.0-243-tuxcare.els31-lowlatency linux-image-unsigned-4.15.0-243-tuxcare.els31-generic linux-image-unsigned-4.15.0-243-tuxcare.els31-lowlatency linux-modules-4.15.0-243-tuxcare.els31-generic linux-modules-4.15.0-243-tuxcare.els31-lowlatency linux-modules-extra-4.15.0-243-tuxcare.els31-generic linux-tools-4.15.0-243-tuxcare.els31 linux-tools-4.15.0-243-tuxcare.els31-generic linux-tools-4.15.0-243-tuxcare.els31-lowlatency linux-buildinfo-4.15.0-244-tuxcare.els32-generic linux-buildinfo-4.15.0-244-tuxcare.els32-lowlatency linux-cloud-tools-4.15.0-244-tuxcare.els32 linux-cloud-tools-4.15.0-244-tuxcare.els32-generic linux-cloud-tools-4.15.0-244-tuxcare.els32-lowlatency linux-headers-4.15.0-244-tuxcare.els32 linux-headers-4.15.0-244-tuxcare.els32-generic linux-headers-4.15.0-244-tuxcare.els32-lowlatency linux-image-unsigned-4.15.0-244-tuxcare.els32-generic linux-image-unsigned-4.15.0-244-tuxcare.els32-lowlatency linux-modules-4.15.0-244-tuxcare.els32-generic linux-modules-4.15.0-244-tuxcare.els32-lowlatency linux-modules-extra-4.15.0-244-tuxcare.els32-generic linux-tools-4.15.0-244-tuxcare.els32 linux-tools-4.15.0-244-tuxcare.els32-generic linux-tools-4.15.0-244-tuxcare.els32-lowlatency linux-buildinfo-4.15.0-245-tuxcare.els33-generic linux-buildinfo-4.15.0-245-tuxcare.els33-lowlatency linux-cloud-tools-4.15.0-245-tuxcare.els33 linux-cloud-tools-4.15.0-245-tuxcare.els33-generic linux-cloud-tools-4.15.0-245-tuxcare.els33-lowlatency linux-headers-4.15.0-245-tuxcare.els33 linux-headers-4.15.0-245-tuxcare.els33-generic linux-headers-4.15.0-245-tuxcare.els33-lowlatency linux-image-unsigned-4.15.0-245-tuxcare.els33-generic linux-image-unsigned-4.15.0-245-tuxcare.els33-lowlatency linux-modules-4.15.0-245-tuxcare.els33-generic linux-modules-4.15.0-245-tuxcare.els33-lowlatency linux-modules-extra-4.15.0-245-tuxcare.els33-generic linux-tools-4.15.0-245-tuxcare.els33 linux-tools-4.15.0-245-tuxcare.els33-generic linux-tools-4.15.0-245-tuxcare.els33-lowlatency linux-buildinfo-4.15.0-246-tuxcare.els34-generic linux-buildinfo-4.15.0-246-tuxcare.els34-lowlatency linux-cloud-tools-4.15.0-246-tuxcare.els34 linux-cloud-tools-4.15.0-246-tuxcare.els34-generic linux-cloud-tools-4.15.0-246-tuxcare.els34-lowlatency linux-headers-4.15.0-246-tuxcare.els34 linux-headers-4.15.0-246-tuxcare.els34-generic linux-headers-4.15.0-246-tuxcare.els34-lowlatency linux-image-unsigned-4.15.0-246-tuxcare.els34-generic linux-image-unsigned-4.15.0-246-tuxcare.els34-lowlatency linux-modules-4.15.0-246-tuxcare.els34-generic linux-modules-4.15.0-246-tuxcare.els34-lowlatency linux-modules-extra-4.15.0-246-tuxcare.els34-generic linux-tools-4.15.0-246-tuxcare.els34 linux-tools-4.15.0-246-tuxcare.els34-generic linux-tools-4.15.0-246-tuxcare.els34-lowlatency openvpn linux-buildinfo-4.15.0-247-tuxcare.els35-generic linux-buildinfo-4.15.0-247-tuxcare.els35-lowlatency linux-cloud-tools-4.15.0-247-tuxcare.els35 linux-cloud-tools-4.15.0-247-tuxcare.els35-generic linux-cloud-tools-4.15.0-247-tuxcare.els35-lowlatency linux-headers-4.15.0-247-tuxcare.els35 linux-headers-4.15.0-247-tuxcare.els35-generic linux-headers-4.15.0-247-tuxcare.els35-lowlatency linux-image-unsigned-4.15.0-247-tuxcare.els35-generic linux-image-unsigned-4.15.0-247-tuxcare.els35-lowlatency linux-modules-4.15.0-247-tuxcare.els35-generic linux-modules-4.15.0-247-tuxcare.els35-lowlatency linux-modules-extra-4.15.0-247-tuxcare.els35-generic linux-tools-4.15.0-247-tuxcare.els35 linux-tools-4.15.0-247-tuxcare.els35-generic linux-tools-4.15.0-247-tuxcare.els35-lowlatency linux-buildinfo-4.15.0-248-tuxcare.els36-generic linux-buildinfo-4.15.0-248-tuxcare.els36-lowlatency linux-cloud-tools-4.15.0-248-tuxcare.els36 linux-cloud-tools-4.15.0-248-tuxcare.els36-generic linux-cloud-tools-4.15.0-248-tuxcare.els36-lowlatency linux-headers-4.15.0-248-tuxcare.els36 linux-headers-4.15.0-248-tuxcare.els36-generic linux-headers-4.15.0-248-tuxcare.els36-lowlatency linux-image-unsigned-4.15.0-248-tuxcare.els36-generic linux-image-unsigned-4.15.0-248-tuxcare.els36-lowlatency linux-modules-4.15.0-248-tuxcare.els36-generic linux-modules-4.15.0-248-tuxcare.els36-lowlatency linux-modules-extra-4.15.0-248-tuxcare.els36-generic linux-tools-4.15.0-248-tuxcare.els36 linux-tools-4.15.0-248-tuxcare.els36-generic linux-tools-4.15.0-248-tuxcare.els36-lowlatency linux-buildinfo-4.15.0-249-tuxcare.els37-generic linux-headers-4.15.0-249-tuxcare.els37-generic linux-image-unsigned-4.15.0-249-tuxcare.els37-generic linux-image-unsigned-4.15.0-249-tuxcare.els37-lowlatency linux-modules-4.15.0-249-tuxcare.els37-lowlatency linux-modules-extra-4.15.0-249-tuxcare.els37-generic linux-tools-4.15.0-249-tuxcare.els37-lowlatency linux-buildinfo-4.15.0-250-tuxcare.els38-generic linux-buildinfo-4.15.0-250-tuxcare.els38-lowlatency linux-cloud-tools-4.15.0-250-tuxcare.els38 linux-cloud-tools-4.15.0-250-tuxcare.els38-generic linux-cloud-tools-4.15.0-250-tuxcare.els38-lowlatency linux-headers-4.15.0-250-tuxcare.els38 linux-headers-4.15.0-250-tuxcare.els38-generic linux-headers-4.15.0-250-tuxcare.els38-lowlatency linux-image-unsigned-4.15.0-250-tuxcare.els38-generic linux-image-unsigned-4.15.0-250-tuxcare.els38-lowlatency linux-modules-4.15.0-250-tuxcare.els38-generic linux-modules-4.15.0-250-tuxcare.els38-lowlatency linux-modules-extra-4.15.0-250-tuxcare.els38-generic linux-tools-4.15.0-250-tuxcare.els38 linux-tools-4.15.0-250-tuxcare.els38-generic linux-tools-4.15.0-250-tuxcare.els38-lowlatency libapache2-mod-svn libsvn-dev libsvn-doc libsvn-java libsvn-perl libsvn1 python-subversion ruby-svn subversion subversion-tools linux-buildinfo-4.15.0-251-tuxcare.els39-generic linux-buildinfo-4.15.0-251-tuxcare.els39-lowlatency linux-cloud-tools-4.15.0-251-tuxcare.els39 linux-cloud-tools-4.15.0-251-tuxcare.els39-generic linux-cloud-tools-4.15.0-251-tuxcare.els39-lowlatency linux-headers-4.15.0-251-tuxcare.els39 linux-headers-4.15.0-251-tuxcare.els39-generic linux-headers-4.15.0-251-tuxcare.els39-lowlatency linux-image-unsigned-4.15.0-251-tuxcare.els39-generic linux-image-unsigned-4.15.0-251-tuxcare.els39-lowlatency linux-modules-4.15.0-251-tuxcare.els39-generic linux-modules-4.15.0-251-tuxcare.els39-lowlatency linux-modules-extra-4.15.0-251-tuxcare.els39-generic linux-tools-4.15.0-251-tuxcare.els39 linux-tools-4.15.0-251-tuxcare.els39-generic linux-tools-4.15.0-251-tuxcare.els39-lowlatency dmidecode dpkg dpkg-dev dselect libdpkg-dev libdpkg-perl linux-buildinfo-4.15.0-252-tuxcare.els40-generic linux-buildinfo-4.15.0-252-tuxcare.els40-lowlatency linux-cloud-tools-4.15.0-252-tuxcare.els40 linux-cloud-tools-4.15.0-252-tuxcare.els40-generic linux-cloud-tools-4.15.0-252-tuxcare.els40-lowlatency linux-headers-4.15.0-252-tuxcare.els40 linux-headers-4.15.0-252-tuxcare.els40-generic linux-headers-4.15.0-252-tuxcare.els40-lowlatency linux-image-unsigned-4.15.0-252-tuxcare.els40-generic linux-image-unsigned-4.15.0-252-tuxcare.els40-lowlatency linux-modules-4.15.0-252-tuxcare.els40-generic linux-modules-4.15.0-252-tuxcare.els40-lowlatency linux-modules-extra-4.15.0-252-tuxcare.els40-generic linux-tools-4.15.0-252-tuxcare.els40 linux-tools-4.15.0-252-tuxcare.els40-generic linux-tools-4.15.0-252-tuxcare.els40-lowlatency linux-buildinfo-4.15.0-253-tuxcare.els41-generic linux-buildinfo-4.15.0-253-tuxcare.els41-lowlatency linux-cloud-tools-4.15.0-253-tuxcare.els41 linux-cloud-tools-4.15.0-253-tuxcare.els41-generic linux-cloud-tools-4.15.0-253-tuxcare.els41-lowlatency linux-headers-4.15.0-253-tuxcare.els41 linux-headers-4.15.0-253-tuxcare.els41-generic linux-headers-4.15.0-253-tuxcare.els41-lowlatency linux-image-unsigned-4.15.0-253-tuxcare.els41-generic linux-image-unsigned-4.15.0-253-tuxcare.els41-lowlatency linux-modules-4.15.0-253-tuxcare.els41-generic linux-modules-4.15.0-253-tuxcare.els41-lowlatency linux-modules-extra-4.15.0-253-tuxcare.els41-generic linux-tools-4.15.0-253-tuxcare.els41 linux-tools-4.15.0-253-tuxcare.els41-generic linux-tools-4.15.0-253-tuxcare.els41-lowlatency dirmngr gnupg gnupg-agent gnupg-l10n gnupg-utils gnupg2 gpg gpg-agent gpg-wks-client gpg-wks-server gpgconf gpgsm gpgv gpgv-static gpgv-win32 gpgv2 scdaemon mongodb mongodb-clients mongodb-server mongodb-server-core linux-buildinfo-4.15.0-254-tuxcare.els42-generic linux-buildinfo-4.15.0-254-tuxcare.els42-lowlatency linux-cloud-tools-4.15.0-254-tuxcare.els42 linux-cloud-tools-4.15.0-254-tuxcare.els42-generic linux-cloud-tools-4.15.0-254-tuxcare.els42-lowlatency linux-headers-4.15.0-254-tuxcare.els42 linux-headers-4.15.0-254-tuxcare.els42-generic linux-headers-4.15.0-254-tuxcare.els42-lowlatency linux-image-unsigned-4.15.0-254-tuxcare.els42-generic linux-image-unsigned-4.15.0-254-tuxcare.els42-lowlatency linux-modules-4.15.0-254-tuxcare.els42-generic linux-modules-4.15.0-254-tuxcare.els42-lowlatency linux-modules-extra-4.15.0-254-tuxcare.els42-generic linux-tools-4.15.0-254-tuxcare.els42 linux-tools-4.15.0-254-tuxcare.els42-generic linux-tools-4.15.0-254-tuxcare.els42-lowlatency amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els1 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els1 0:8.5.39-1ubuntu1~18.04.3+tuxcare.els1 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els1 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els1 amd64 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els1 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els1 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els1 0:11.6.1-1ubuntu0.2+tuxcare.els1 amd64 0:11.6.1-1ubuntu0.2+tuxcare.els1 0:8.5.39-1ubuntu1~18.04.3+tuxcare.els2 0:4.90.1-1ubuntu1.10+tuxcare.els1 amd64 0:4.90.1-1ubuntu1.10+tuxcare.els1 amd64 1:1.27.2-2ubuntu3.4+tuxcare.els1 1:1.27.2-2ubuntu3.4+tuxcare.els1 amd64 0:7.58.0-2ubuntu3.24+tuxcare.els1 0:7.58.0-2ubuntu3.24+tuxcare.els1 amd64 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els1 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els1 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els1 0:2.30-21ubuntu1~18.04.9+tuxcare.els1 0:2.5.10-3ubuntu1.1+tuxcare.els1 amd64 0:2.5.10-3ubuntu1.1+tuxcare.els1 amd64 1:2.25-1.2+tuxcare.els1 amd64 0:2.4.45+dfsg-1ubuntu1.11+tuxcare.els1 0:2.4.45+dfsg-1ubuntu1.11+tuxcare.els1 amd64 1:7.6p1-4ubuntu0.7+tuxcare.els1 1:7.6p1-4ubuntu0.7+tuxcare.els1 amd64 0:1.8.21p2-3ubuntu1.6+tuxcare.els1 amd64 0:237-3ubuntu10.57+tuxcare.els1 amd64 0:2.2.5-4ubuntu0.5+tuxcare.els1 0:8.5.39-1ubuntu1~18.04.3+tuxcare.els3 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els2 amd64 0:2.2.7-1ubuntu2.10+tuxcare.els1 0:2.2.7-1ubuntu2.10+tuxcare.els1 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els1 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els1 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els2 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els2 amd64 0:5.26.1-6ubuntu0.7+tuxcare.els1 0:5.26.1-6ubuntu0.7+tuxcare.els1 amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els2 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els2 amd64 3:5.44-1ubuntu3+tuxcare.els1 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els2 amd64 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els2 0:2.5.1+dfsg-1ubuntu0.1+tuxcare.els1 0:8.5.39-1ubuntu1~18.04.3+tuxcare.els4 amd64 1:7.6p1-4ubuntu0.7+tuxcare.els2 1:7.6p1-4ubuntu0.7+tuxcare.els2 amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els3 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els3 amd64 0:3.20230719.1ubuntu0.18.04.1+tuxcare.els1 amd64 1:3.5.1-1ubuntu0.3+tuxcare.els1 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els1 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els1 amd64 0:3.20230808.0ubuntu0.18.04.1+tuxcare.els1 amd64 0:1.1.1-1ubuntu2.1~18.04.23+tuxcare.els1 0:1.1.1-1ubuntu2.1~18.04.23+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[2-9][0-9]|21[4-9])\-tuxcare\.els(\d{2,}|[2-9])(\-\w*)?$) amd64 0:4.15.0-214.225 0:4.15.0-214.225 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[2-9][0-9]|21[5-9])\-tuxcare\.els(\d{2,}|[3-9])(\-\w*)?$) amd64 0:4.15.0-215.226 0:4.15.0-215.226 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[2-9][0-9]|21[6-9])\-tuxcare\.els(\d{2,}|[4-9])(\-\w*)?$) amd64 0:4.15.0-216.227 0:4.15.0-216.227 amd64 1:1.27.2-2ubuntu3.4+tuxcare.els2 1:1.27.2-2ubuntu3.4+tuxcare.els2 amd64 0:3.20230808.1ubuntu0.18.04.1+tuxcare.els1 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els3 0:2.30-21ubuntu1~18.04.9+tuxcare.els3 amd64 0:8u372-ga~us1-0ubuntu1~18.04+tuxcare.els1 0:8u372-ga~us1-0ubuntu1~18.04+tuxcare.els1 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els3 amd64 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els3 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els3 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els3 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[2-9][0-9]|21[7-9])\-tuxcare\.els(\d{2,}|[5-9])(\-\w*)?$) amd64 0:4.15.0-217.228 0:4.15.0-217.228 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els4 0:2.30-21ubuntu1~18.04.9+tuxcare.els4 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[2-9][0-9]|21[8-9])\-tuxcare\.els(\d{2,}|[6-9])(\-\w*)?$) amd64 0:4.15.0-218.229 0:4.15.0-218.229 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els5 0:2.30-21ubuntu1~18.04.9+tuxcare.els5 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els3 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els3 amd64 0:1.5.6-0ubuntu1.2+tuxcare.els1 amd64 0:10.23-0ubuntu0.18.04.2+tuxcare.els1 0:10.23-0ubuntu0.18.04.2+tuxcare.els1 0:4.90.1-1ubuntu1.10+tuxcare.els2 amd64 0:4.90.1-1ubuntu1.10+tuxcare.els2 amd64 0:0.6.1-2ubuntu0.18.04.2.tuxcare.els1 amd64 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els2 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els2 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els4 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els4 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els4 amd64 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els4 amd64 0:7.58.0-2ubuntu3.24+tuxcare.els2 0:7.58.0-2ubuntu3.24+tuxcare.els2 amd64 0:2.2.7-1ubuntu2.10+tuxcare.els2 0:2.2.7-1ubuntu2.10+tuxcare.els2 amd64 0:2.56.4-0ubuntu0.18.04.9+tuxcare.els1 0:2.56.4-0ubuntu0.18.04.9+tuxcare.els1 amd64 0:1.14.0-0ubuntu1.11+tuxcare.els1 0:1.14.0-0ubuntu1.11+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[2-9][0-9]|219)\-tuxcare\.els(\d{2,}|[7-9])(\-\w*)?$) amd64 0:4.15.0-219.230 0:4.15.0-219.230 amd64 0:1.2.4-1+tuxcare.els1 0:1.2.4-1+tuxcare.els1 amd64 0:11.0.20+8-0ubuntu1~18.04.1+tuxcare.els1 0:11.0.20+8-0ubuntu1~18.04.1+tuxcare.els1 amd64 1:1.2.11.dfsg-0ubuntu2.2+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[3-9][0-9]|22[0-9])\-tuxcare\.els(\d{2,}|[8-9])(\-\w*)?$) amd64 0:4.15.0-220.231 0:4.15.0-220.231 amd64 0:1.8.8-1ubuntu0.13.tuxcare.els1 0:1.8.8-1ubuntu0.13.tuxcare.els1 0:8.5.39-1ubuntu1~18.04.3+tuxcare.els5 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els3 amd64 0:2.4.29-1ubuntu4.27+tuxcare.els1 0:2.4.29-1ubuntu4.27+tuxcare.els1 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els6 0:2.30-21ubuntu1~18.04.9+tuxcare.els6 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els7 0:2.30-21ubuntu1~18.04.9+tuxcare.els7 0:4.90.1-1ubuntu1.10+tuxcare.els3 amd64 0:4.90.1-1ubuntu1.10+tuxcare.els3 amd64 1:4.2.8p10+dfsg-5ubuntu7.3+tuxcare.els1 1:4.2.8p10+dfsg-5ubuntu7.3+tuxcare.els1 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els5 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els5 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els2 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els2 amd64 0:2.2.7-1ubuntu2.10+tuxcare.els3 0:2.2.7-1ubuntu2.10+tuxcare.els3 0:4.90.1-1ubuntu1.10+tuxcare.els4 amd64 0:4.90.1-1ubuntu1.10+tuxcare.els4 amd64 0:1.16-2ubuntu0.4+tuxcare.els1 0:1.16-2ubuntu0.4+tuxcare.els1 amd64 0:3.5.27-1ubuntu1.14+tuxcare.els1 0:3.5.27-1ubuntu1.14+tuxcare.els1 amd64 0:1.1.1-1ubuntu2.1~18.04.23+tuxcare.els2 0:1.1.1-1ubuntu2.1~18.04.23+tuxcare.els2 amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els4 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els4 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[3-9][0-9]|22[1-9])\-tuxcare\.els(\d{2,}|9)(\-\w*)?$) amd64 0:4.15.0-221.232 0:4.15.0-221.232 amd64 2:3.3.12-3ubuntu1.2+tuxcare.els1 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els6 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els6 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els5 amd64 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els5 amd64 0:3.20231114.0ubuntu0.18.04.1+tuxcare.els1 amd64 0:3.5.27-1ubuntu1.14+tuxcare.els2 0:3.5.27-1ubuntu1.14+tuxcare.els2 amd64 0:5.7.44-0ubuntu0.18.04.1+tuxcare.els1 0:5.7.44-0ubuntu0.18.04.1+tuxcare.els1 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els6 amd64 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els6 amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els5 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els5 amd64 0:3.5.27-1ubuntu1.14+tuxcare.els3 0:3.5.27-1ubuntu1.14+tuxcare.els3 amd64 0:10.23-0ubuntu0.18.04.2+tuxcare.els2 0:10.23-0ubuntu0.18.04.2+tuxcare.els2 amd64 1:7.6p1-4ubuntu0.7+tuxcare.els4 1:7.6p1-4ubuntu0.7+tuxcare.els4 amd64 0:8u392-ga~us1-0ubuntu1~18.04+tuxcare.els1 0:8u392-ga~us1-0ubuntu1~18.04+tuxcare.els1 amd64 0:1.8.8-1ubuntu0.13.tuxcare.els2 0:1.8.8-1ubuntu0.13.tuxcare.els2 0:8.5.39-1ubuntu1~18.04.3+tuxcare.els6 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[3-9][0-9]|22[2-9])\-tuxcare\.els(\d{2,})(\-\w*)?$) amd64 0:4.15.0-222.233 0:4.15.0-222.233 amd64 0:3.5.27-1ubuntu1.14+tuxcare.els4 0:3.5.27-1ubuntu1.14+tuxcare.els4 amd64 0:3.22.0-1ubuntu0.7+tuxcare.els1 0:3.22.0-1ubuntu0.7+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[3-9][0-9]|22[3-9])\-tuxcare\.els(\d{3,}|[2-9][0-9]|1[1-9])(\-\w*)?$) amd64 0:4.15.0-223.234 0:4.15.0-223.234 amd64 0:11.0.21+9-0ubuntu1~18.04.1+tuxcare.els1 0:11.0.21+9-0ubuntu1~18.04.1+tuxcare.els1 amd64 0:3.5.18-1ubuntu1.6+tuxcare.els1 0:3.5.18-1ubuntu1.6+tuxcare.els1 amd64 1:7.6p1-4ubuntu0.7+tuxcare.els5 1:7.6p1-4ubuntu0.7+tuxcare.els5 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els4 amd64 0:10.23-0ubuntu0.18.04.2+tuxcare.els3 0:10.23-0ubuntu0.18.04.2+tuxcare.els3 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[3-9][0-9]|22[4-9])\-tuxcare\.els(\d{3,}|[2-9][0-9]|1[2-9])(\-\w*)?$) amd64 0:4.15.0-224.235 0:4.15.0-224.235 amd64 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els1 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els1 0:2.27-3ubuntu1.6+tuxcare.els1 amd64 0:2.27-3ubuntu1.6+tuxcare.els1 amd64 0:1.1.1-1ubuntu2.1~18.04.23+tuxcare.els3 0:1.1.1-1ubuntu2.1~18.04.23+tuxcare.els3 amd64 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els3 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els3 0:4.90.1-1ubuntu1.10+tuxcare.els5 amd64 0:4.90.1-1ubuntu1.10+tuxcare.els5 amd64 0:0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els1 0:0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els1 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els4 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els4 amd64 0:1.1.1-1ubuntu2.1~18.04.23+tuxcare.els4 0:1.1.1-1ubuntu2.1~18.04.23+tuxcare.els4 amd64 0:7.58.0-2ubuntu3.24+tuxcare.els3 0:7.58.0-2ubuntu3.24+tuxcare.els3 amd64 0:1.29b-2ubuntu0.4+tuxcare.els1 amd64 0:3.5.27-1ubuntu1.14+tuxcare.els5 0:3.5.27-1ubuntu1.14+tuxcare.els5 amd64 0:11.0.22+7-0ubuntu1~18.04.1+tuxcare.els1 0:11.0.22+7-0ubuntu1~18.04.1+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[3-9][0-9]|22[5-9])\-tuxcare\.els(\d{3,}|[2-9][0-9]|1[3-9])(\-\w*)?$) amd64 0:4.15.0-225.236 0:4.15.0-225.236 amd64 0:8u402-ga-0ubuntu1~18.04+tuxcare.els1 0:8u402-ga-0ubuntu1~18.04+tuxcare.els1 amd64 0:7.58.0-2ubuntu3.24+tuxcare.els4 0:7.58.0-2ubuntu3.24+tuxcare.els4 amd64 0:1.1.8-3.6ubuntu2.18.04.6+tuxcare.els1 0:1.1.8-3.6ubuntu2.18.04.6+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[3-9][0-9]|22[6-9])\-tuxcare\.els(\d{3,}|[2-9][0-9]|1[4-9])(\-\w*)?$) amd64 0:4.15.0-226.237 0:4.15.0-226.237 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[3-9][0-9]|22[7-9])\-tuxcare\.els(\d{3,}|[2-9][0-9]|1[5-9])(\-\w*)?$) amd64 0:4.15.0-227.238 0:4.15.0-227.238 amd64 0:487-0.1+tuxcare.els1 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els3 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els3 amd64 0:3.5.27-1ubuntu1.14+tuxcare.els6 0:3.5.27-1ubuntu1.14+tuxcare.els6 amd64 0:2.3.4-1.1ubuntu3+tuxcare.els1 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els4 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els4 amd64 0:487-0.1+tuxcare.els2 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[3-9][0-9]|22[8-9])\-tuxcare\.els(\d{3,}|[2-9][0-9]|1[6-9])(\-\w*)?$) amd64 0:4.15.0-228.239 0:4.15.0-228.239 0:2.5.1+dfsg-1ubuntu0.1+tuxcare.els2 amd64 1:1.2.11.dfsg-0ubuntu2.2+tuxcare.els2 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[3-9][0-9]|229)\-tuxcare\.els(\d{3,}|[2-9][0-9]|1[7-9])(\-\w*)?$) amd64 0:4.15.0-229.240 0:4.15.0-229.240 amd64 2:3.3.12-3ubuntu1.2+tuxcare.els2 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els5 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els5 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[4-9][0-9]|23[0-9])\-tuxcare\.els(\d{3,}|[2-9][0-9]|1[8-9])(\-\w*)?$) amd64 0:4.15.0-230.241 0:4.15.0-230.241 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[4-9][0-9]|23[1-9])\-tuxcare\.els(\d{3,}|[2-9][0-9]|19)(\-\w*)?$) amd64 0:4.15.0-231.242 0:4.15.0-231.242 0:2.27-3ubuntu1.6+tuxcare.els2 amd64 0:2.27-3ubuntu1.6+tuxcare.els2 amd64 1:2.17.1-1ubuntu0.18+tuxcare.els1 1:2.17.1-1ubuntu0.18+tuxcare.els1 amd64 0:3.20240514.0ubuntu0.18.04.1+tuxcare.els1 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els7 amd64 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els7 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[4-9][0-9]|23[2-9])\-tuxcare\.els(\d{3,}|[3-9][0-9]|2[0-9])(\-\w*)?$) amd64 0:4.15.0-232.243 0:4.15.0-232.243 amd64 0:8.1.1-0ubuntu1+tuxcare.els1 0:8.1.1-0ubuntu1+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[4-9][0-9]|23[3-9])\-tuxcare\.els(\d{3,}|[3-9][0-9]|2[1-9])(\-\w*)?$) amd64 0:4.15.0-233.244 0:4.15.0-233.244 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els8 amd64 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els8 amd64 0:1.19.4-1ubuntu2.2+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[4-9][0-9]|23[4-9])\-tuxcare\.els(\d{3,}|[3-9][0-9]|2[2-9])(\-\w*)?$) amd64 0:4.15.0-234.245 0:4.15.0-234.245 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[4-9][0-9]|23[5-9])\-tuxcare\.els(\d{3,}|[3-9][0-9]|2[3-9])(\-\w*)?$) amd64 0:4.15.0-235.246 0:4.15.0-235.246 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els7 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els7 amd64 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els4 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els4 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[4-9][0-9]|23[6-9])\-tuxcare\.els(\d{3,}|[3-9][0-9]|2[4-9])(\-\w*)?$) amd64 0:4.15.0-236.247 0:4.15.0-236.247 amd64 0:2.4.29-1ubuntu4.27+tuxcare.els2 0:2.4.29-1ubuntu4.27+tuxcare.els2 amd64 0:2.4.29-1ubuntu4.27+tuxcare.els3 0:2.4.29-1ubuntu4.27+tuxcare.els3 amd64 0:3.5.27-1ubuntu1.14+tuxcare.els7 0:3.5.27-1ubuntu1.14+tuxcare.els7 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els5 amd64 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els5 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els5 amd64 0:2.2.5-3ubuntu0.9+tuxcare.els2 amd64 0:7.58.0-2ubuntu3.24+tuxcare.els6 0:7.58.0-2ubuntu3.24+tuxcare.els6 amd64 0:11.0.22+7-0ubuntu1~18.04.1+tuxcare.els2 0:11.0.22+7-0ubuntu1~18.04.1+tuxcare.els2 amd64 0:8u402-ga-0ubuntu1~18.04+tuxcare.els2 0:8u402-ga-0ubuntu1~18.04+tuxcare.els2 amd64 0:1.16-2ubuntu0.4+tuxcare.els2 0:1.16-2ubuntu0.4+tuxcare.els2 amd64 0:10.23-0ubuntu0.18.04.2+tuxcare.els4 0:10.23-0ubuntu0.18.04.2+tuxcare.els4 amd64 1:2.17.1-1ubuntu0.18+tuxcare.els2 1:2.17.1-1ubuntu0.18+tuxcare.els2 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[4-9][0-9]|23[7-9])\-tuxcare\.els(\d{3,}|[3-9][0-9]|2[5-9])(\-\w*)?$) amd64 0:4.15.0-237.248 0:4.15.0-237.248 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els9 amd64 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els9 amd64 1:2.17.1-1ubuntu0.18+tuxcare.els3 1:2.17.1-1ubuntu0.18+tuxcare.els3 amd64 0:3.20240811.1ubuntu0.18.04.1+tuxcare.els1 amd64 0:2.4.29-1ubuntu4.27+tuxcare.els4 0:2.4.29-1ubuntu4.27+tuxcare.els4 amd64 0:3.20240813.0ubuntu0.18.04.1+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[4-9][0-9]|23[8-9])\-tuxcare\.els(\d{3,}|[3-9][0-9]|2[6-9])(\-\w*)?$) amd64 0:4.15.0-238.249 0:4.15.0-238.249 amd64 0:3.20240910.0ubuntu0.18.04.1+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[4-9][0-9]|239)\-tuxcare\.els(\d{3,}|[3-9][0-9]|2[7-9])(\-\w*)?$) amd64 0:4.15.0-239.250 0:4.15.0-239.250 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els6 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els6 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els8 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els8 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els10 amd64 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els10 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els7 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els7 amd64 1:2.17.1-1ubuntu0.18+tuxcare.els4 1:2.17.1-1ubuntu0.18+tuxcare.els4 amd64 0:1.14.0-0ubuntu1.11+tuxcare.els2 0:1.14.0-0ubuntu1.11+tuxcare.els2 amd64 1:2.17.1-1ubuntu0.18+tuxcare.els5 1:2.17.1-1ubuntu0.18+tuxcare.els5 amd64 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els6 1:9.11.3+dfsg-1ubuntu1.18+tuxcare.els6 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[5-9][0-9]|24[0-9])\-tuxcare\.els(\d{3,}|[3-9][0-9]|2[8-9])(\-\w*)?$) amd64 0:4.15.0-240.251 0:4.15.0-240.251 amd64 0:8u432-ga-0ubuntu1~18.04+tuxcare.els1 0:8u432-ga-0ubuntu1~18.04+tuxcare.els1 amd64 0:2.56.4-0ubuntu0.18.04.9+tuxcare.els2 0:2.56.4-0ubuntu0.18.04.9+tuxcare.els2 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els6 amd64 0:3.5.27-1ubuntu1.14+tuxcare.els8 0:3.5.27-1ubuntu1.14+tuxcare.els8 0:8.5.39-1ubuntu1~18.04.3+tuxcare.els7 0:3.1-1ubuntu0.1+tuxcare.els3 0:3.1-1ubuntu0.1+tuxcare.els4 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[5-9][0-9]|24[1-9])\-tuxcare\.els(\d{3,}|[3-9][0-9]|29)(\-\w*)?$) amd64 0:4.15.0-241.252 0:4.15.0-241.252 amd64 0:4.15.0.241.252 0:4.15.0.241.252 amd64 0:1.2.4-1+tuxcare.els2 0:1.2.4-1+tuxcare.els2 0:1.173.21+tuxcare.els1 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els9 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els9 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els11 amd64 0:2.7.17-1~18.04ubuntu1.11+tuxcare.els11 amd64 0:11.0.25+9-0ubuntu1~18.04.1+tuxcare.els1 0:11.0.25+9-0ubuntu1~18.04.1+tuxcare.els1 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els8 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els8 0:8.5.39-1ubuntu1~18.04.3+tuxcare.els8 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els7 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els9 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els9 0:8.5.39-1ubuntu1~18.04.3+tuxcare.els9 amd64 0:2.2.5-3ubuntu0.9+tuxcare.els3 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[5-9][0-9]|24[2-9])\-tuxcare\.els(\d{3,}|[4-9][0-9]|3[0-9])(\-\w*)?$) amd64 0:4.15.0-242.253 0:4.15.0-242.253 amd64 0:4.15.0.242.253 0:4.15.0.242.253 amd64 0:3.20241112.0ubuntu0.18.04.1+tuxcare.els1 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els8 amd64 0:3.1.2-2.1ubuntu1.6+tuxcare.els1 0:8.5.39-1ubuntu1~18.04.3+tuxcare.els10 0:2.5.10-3ubuntu1.1+tuxcare.els2 amd64 0:2.5.10-3ubuntu1.1+tuxcare.els2 amd64 0:1.2.4-1+tuxcare.els3 0:1.2.4-1+tuxcare.els3 amd64 0:3.1.2-2.1ubuntu1.6+tuxcare.els3 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[5-9][0-9]|24[3-9])\-tuxcare\.els(\d{3,}|[4-9][0-9]|3[1-9])(\-\w*)?$) amd64 0:4.15.0-243.254 0:4.15.0-243.254 amd64 0:4.15.0.243.254 0:4.15.0.243.254 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[5-9][0-9]|24[4-9])\-tuxcare\.els(\d{3,}|[4-9][0-9]|3[2-9])(\-\w*)?$) amd64 0:4.15.0-244.255 0:4.15.0-244.255 amd64 0:4.15.0.244.255 0:4.15.0.244.255 amd64 0:1.16-2ubuntu0.4+tuxcare.els3 0:1.16-2ubuntu0.4+tuxcare.els3 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els10 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els10 amd64 0:3.1.2-2.1ubuntu1.6+tuxcare.els5 0:2.27-3ubuntu1.6+tuxcare.els5 amd64 0:2.27-3ubuntu1.6+tuxcare.els5 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els11 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els11 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els10 amd64 0:2.2.7-1ubuntu2.10+tuxcare.els4 0:2.2.7-1ubuntu2.10+tuxcare.els4 amd64 0:3.20250211.0ubuntu0.18.04.1+tuxcare.els1 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els11 amd64 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els2 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els2 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els8 0:2.30-21ubuntu1~18.04.9+tuxcare.els8 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[5-9][0-9]|24[5-9])\-tuxcare\.els(\d{3,}|[4-9][0-9]|3[3-9])(\-\w*)?$) amd64 0:4.15.0-245.256 0:4.15.0-245.256 amd64 0:4.15.0.245.256 0:4.15.0.245.256 amd64 0:10.23-0ubuntu0.18.04.2+tuxcare.els5 0:10.23-0ubuntu0.18.04.2+tuxcare.els5 amd64 1:7.6p1-4ubuntu0.7+tuxcare.els6 1:7.6p1-4ubuntu0.7+tuxcare.els6 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els12 (^4\.15\.0\-(\d{4,}|[3-9][0-9][0-9]|2[5-9][0-9]|24[6-9])\-tuxcare\.els(\d{3,}|[4-9][0-9]|3[4-9])(\-\w*)?$) amd64 0:4.15.0-246.257 0:4.15.0-246.257 amd64 0:4.15.0.246.257 0:4.15.0.246.257 0:2.5.1+dfsg-1ubuntu0.1+tuxcare.els6 amd64 0:2.4.4-2ubuntu1.7+tuxcare.els1 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els12 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els12 0:2.5.1+dfsg-1ubuntu0.1+tuxcare.els7 (^4\.15\.0\-(\d{4,}|[3-9]\d{2}|2[5-9]\d|24[7-9])\-tuxcare\.els(\d{3,}|[4-9]\d|3[5-9])(\-\w*)?$) amd64 0:4.15.0-247.258 0:4.15.0-247.258 amd64 0:4.15.0.247.258 0:4.15.0.247.258 amd64 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els3 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els3 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els13 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els13 0:8.5.100-1ubuntu1~18.04.1+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9]\d{2}|2[5-9]\d|24[8-9])\-tuxcare\.els(\d{3,}|[4-9]\d|3[6-9])(\-\w*)?$) amd64 0:4.15.0-248.259 0:4.15.0-248.259 0:8.5.100-1ubuntu1~18.04.1+tuxcare.els2 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els14 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els14 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els13 0:2.27-3ubuntu1.6+tuxcare.els6 amd64 0:2.27-3ubuntu1.6+tuxcare.els6 amd64 1:7.6p1-4ubuntu0.7+tuxcare.els7 1:7.6p1-4ubuntu0.7+tuxcare.els7 amd64 0:8u452-ga-0ubuntu1~18.04+tuxcare.els1 0:8u452-ga-0ubuntu1~18.04+tuxcare.els1 amd64 0:11.0.27+6-0ubuntu1~18.04.1+tuxcare.els1 0:11.0.27+6-0ubuntu1~18.04.1+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9]\d{2}|2[5-9]\d|249)\-tuxcare\.els(\d{3,}|[4-9]\d|3[7-9])(\-\w*)?$) amd64 0:4.15.0-249.260 0:4.15.0-249.260 1:2.17.1-1ubuntu0.18+tuxcare.els6 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els15 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els15 amd64 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els4 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els4 amd64 0:1.8.21p2-3ubuntu1.6+tuxcare.els2 (^4\.15\.0\-(\d{4,}|[3-9]\d{2}|2[6-9]\d|25[0-9])\-tuxcare\.els(\d{3,}|[4-9]\d|3[8-9])(\-\w*)?$) amd64 0:4.15.0-250.261 0:4.15.0-250.261 amd64 0:3.22.0-1ubuntu0.7+tuxcare.els2 0:3.22.0-1ubuntu0.7+tuxcare.els2 amd64 0:3.20250512.0ubuntu0.18.04.1+tuxcare.els1 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els9 0:2.30-21ubuntu1~18.04.9+tuxcare.els9 amd64 0:11.0.28+6-0ubuntu1~18.04.1+tuxcare.els1 0:11.0.28+6-0ubuntu1~18.04.1+tuxcare.els1 amd64 1:2.17.1-1ubuntu0.18+tuxcare.els7 1:2.17.1-1ubuntu0.18+tuxcare.els7 amd64 0:1.9.7-4ubuntu1.1+tuxcare.els1 0:1.9.7-4ubuntu1.1+tuxcare.els1 amd64 0:8u462-ga-0ubuntu1~18.04+tuxcare.els1 0:8u462-ga-0ubuntu1~18.04+tuxcare.els1 amd64 0:3.22.0-1ubuntu0.7+tuxcare.els3 0:3.22.0-1ubuntu0.7+tuxcare.els3 amd64 1:2.17.1-1ubuntu0.18+tuxcare.els8 1:2.17.1-1ubuntu0.18+tuxcare.els8 amd64 0:1.16-2ubuntu0.4+tuxcare.els5 0:1.16-2ubuntu0.4+tuxcare.els5 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els16 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els16 amd64 0:2.4.29-1ubuntu4.27+tuxcare.els5 0:2.4.29-1ubuntu4.27+tuxcare.els5 amd64 0:2.4.29-1ubuntu4.27+tuxcare.els7 0:2.4.29-1ubuntu4.27+tuxcare.els7 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els10 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els10 amd64 0:2.4.29-1ubuntu4.27+tuxcare.els8 0:2.4.29-1ubuntu4.27+tuxcare.els8 amd64 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els5 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els5 amd64 0:3.5.27-1ubuntu1.14+tuxcare.els9 0:3.5.27-1ubuntu1.14+tuxcare.els9 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els5 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els5 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els11 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els11 amd64 0:0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els2 0:0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els2 (^4\.15\.0\-(\d{4,}|[3-9]\d{2}|2[6-9]\d|25[1-9])\-tuxcare\.els(\d{3,}|[4-9]\d|39)(\-\w*)?$) amd64 0:4.15.0-251.262 0:4.15.0-251.262 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els17 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els17 amd64 0:3.1-1ubuntu0.1+tuxcare.els1 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els6 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els6 amd64 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els6 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els6 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els7 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els7 amd64 0:3.5.18-1ubuntu1.6+tuxcare.els2 0:3.5.18-1ubuntu1.6+tuxcare.els2 amd64 0:2.2.7-1ubuntu2.10+tuxcare.els6 0:2.2.7-1ubuntu2.10+tuxcare.els6 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els8 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els8 amd64 0:2.2.7-1ubuntu2.10+tuxcare.els7 0:2.2.7-1ubuntu2.10+tuxcare.els7 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els9 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els9 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els10 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els10 amd64 0:1.1.8-3.6ubuntu2.18.04.6+tuxcare.els2 0:1.1.8-3.6ubuntu2.18.04.6+tuxcare.els2 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els12 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els12 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els12 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els12 amd64 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els7 0:2.9.4+dfsg1-6.1ubuntu1.9+tuxcare.els7 amd64 0:1.19.0.5ubuntu2.4+tuxcare.els1 0:1.19.0.5ubuntu2.4+tuxcare.els1 (^4\.15\.0\-(\d{4,}|[3-9]\d{2}|2[6-9]\d|25[2-9])\-tuxcare\.els(\d{3,}|[5-9]\d|4[0-9])(\-\w*)?$) amd64 0:4.15.0-252.263 0:4.15.0-252.263 amd64 0:4.15.0.252.263 0:4.15.0.252.263 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els13 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els13 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els14 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els14 amd64 0:3.5.27-1ubuntu1.14+tuxcare.els10 0:3.5.27-1ubuntu1.14+tuxcare.els10 (^4\.15\.0\-(\d{4,}|[3-9]\d{2}|2[6-9]\d|25[3-9])\-tuxcare\.els(\d{3,}|[5-9]\d|4[1-9])(\-\w*)?$) amd64 0:4.15.0-253.264 0:4.15.0-253.264 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els15 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els15 amd64 0:8u472-ga-0ubuntu1~18.04+tuxcare.els1 0:8u472-ga-0ubuntu1~18.04+tuxcare.els1 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els11 0:2.30-21ubuntu1~18.04.9+tuxcare.els11 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els13 0:2.30-21ubuntu1~18.04.9+tuxcare.els13 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els14 0:2.30-21ubuntu1~18.04.9+tuxcare.els14 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els15 0:2.30-21ubuntu1~18.04.9+tuxcare.els15 amd64 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els13 0:7.2.24-0ubuntu0.18.04.17+tuxcare.els13 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els16 0:2.30-21ubuntu1~18.04.9+tuxcare.els16 amd64 0:2.2.7-1ubuntu2.10+tuxcare.els8 0:2.2.7-1ubuntu2.10+tuxcare.els8 amd64 1:2.17.1-1ubuntu0.18+tuxcare.els9 1:2.17.1-1ubuntu0.18+tuxcare.els9 amd64 0:2.30-21ubuntu1~18.04.9+tuxcare.els17 0:2.30-21ubuntu1~18.04.9+tuxcare.els17 amd64 0:2.2.4-1ubuntu1.6+tuxcare.els1 0:2.2.4-1ubuntu1.6+tuxcare.els1 amd64 1:2.17.1-1ubuntu0.18+tuxcare.els10 1:2.17.1-1ubuntu0.18+tuxcare.els10 amd64 0:2.2.5-3ubuntu0.9+tuxcare.els4 amd64 0:1.1.1-1ubuntu2.1~18.04.23+tuxcare.els7 0:1.1.1-1ubuntu2.1~18.04.23+tuxcare.els7 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els17 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els17 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els18 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els18 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els18 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els18 amd64 0:8u482-ga~us1-0ubuntu1~18.04+tuxcare.els1 0:8u482-ga~us1-0ubuntu1~18.04+tuxcare.els1 amd64 0:2.56.4-0ubuntu0.18.04.9+tuxcare.els4 0:2.56.4-0ubuntu0.18.04.9+tuxcare.els4 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els19 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els19 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els19 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els19 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els20 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els20 amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els6 2:4.7.6+dfsg~ubuntu-0ubuntu2.29+tuxcare.els6 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els20 amd64 0:3.6.9-1~18.04ubuntu1.12+tuxcare.els20 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els21 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els21 amd64 0:7.58.0-2ubuntu3.24+tuxcare.els7 0:7.58.0-2ubuntu3.24+tuxcare.els7 amd64 0:7.58.0-2ubuntu3.24+tuxcare.els8 0:7.58.0-2ubuntu3.24+tuxcare.els8 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els22 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els22 amd64 1:3.6.3-0ubuntu1.4+tuxcare.els1 1:3.6.3-0ubuntu1.4+tuxcare.els1 (^4\.15\.0\-(?:\d{4,}|[3-9]\d{2}|2[6-9]\d|25[4-9])\-tuxcare\.els(?:\d{3,}|[5-9]\d|4[2-9])(\-\w*)?$) amd64 0:4.15.0-254.265 0:4.15.0-254.265 amd64 0:0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els3 0:0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els3 amd64 0:2.2.5-3ubuntu0.9+tuxcare.els5 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els23 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els26 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els26 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els27 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els27 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els28 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els28 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els29 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els29 0:9.0.16-3ubuntu0.18.04.2+tuxcare.els14 amd64 0:11.0.30+7-0ubuntu1~18.04.1+tuxcare.els1 0:11.0.30+7-0ubuntu1~18.04.1+tuxcare.els1 amd64 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els30 8:6.9.7.4+dfsg-16ubuntu6.15+tuxcare.els30 amd64 0:3.5.27-1ubuntu1.14+tuxcare.els11 0:3.5.27-1ubuntu1.14+tuxcare.els11 amd64 0:0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els4 0:0.8.0~20170825.94fa1e38-1ubuntu0.7+tuxcare.els4