Skip to content

Releases: cloudfoundry/bosh-linux-stemcell-builder

ubuntu jammy v1.1183

21 Apr 21:18
@bosh-admin-bot bosh-admin-bot
ubuntu-jammy/v1.1183
b46041e

Choose a tag to compare

View all tags
ubuntu jammy v1.1183 Latest
Latest

Metadata:

BOSH Agent Version: 2.838.0
Kernel Version: 5.15.0.176.161

USNs:

Title: USN-8147-1 -- libarchive vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8147-1
Priorities: low,medium,negligible
Description:
It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 14.04 LTS. (CVE-2019-19221) It was discovered that libarchive incorrectly handled certain RAR archive files. If a user or automated system were tricked into processing a specially crafted RAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2024-20696) It was discovered that libarchive incorrectly handled certain RAR archive files. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5914) It was discovered that libarchive incorrectly handled certain WARC archive files. If a user or automated system were tricked into processing a specially crafted WARC archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5916) It was discovered that libarchive incorrectly handled certain file names when handling prefixes and suffixes. An attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-5917) It was discovered that libarchive could read past the end of file streams when processing input to bsdtar. An attacker could possibly use this issue to cause memory corruption or a denial of service. (CVE-2025-5918) It was discovered that libarchive incorrectly handled certain TAR archive files. If a user or automated system were tricked into processing a specially crafted TAR archive, an attacker could possibly use this issue to cause libarchive to crash, resulting in a denial of service, or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2025-25724) HyungJung Joo discovered that libarchive did not properly limit memory allocation when processing substitution rules in bsdtar. An attacker could possibly use this issue to cause excessive memory consumption, leading to a denial of service. (CVE-2025-60753) Elhanan Haenel discovered that libarchive could enter an infinite loop when processing crafted RAR5 archives. An attacker could possibly use this issue to cause excessive CPU consumption, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-4111) Update Instructions: Run sudo pro fix USN-8147-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libarchive-dev - 3.6.0-1ubuntu1.6 libarchive-tools - 3.6.0-1ubuntu1.6 libarchive13 - 3.6.0-1ubuntu1.6 No subscription required
CVEs:

Title: USN-8155-1 -- OpenSSL vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8155-1
Priorities: low,medium
Description:
Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected preferred key exchange group when used as a TLS 1.3 server. This could result in a less preferred key exchange being used, contrary to expectations. This issue only affected Ubuntu 25.10. (CVE-2026-2673) Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory operations when used as a DANE client. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-28387) Igor Morgenstern discovered that OpenSSL incorrectly handled certain memory operations when processing a delta CRL. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-28388) Nathan Sportsman, Daniel Rhea, and Jaeho Nam discovered that OpenSSL incorrectly handled certain memory operations when processing a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-28389) Muhammad Daffa, Joshua Rogers, and Chanho Kim discovered that OpenSSL incorrectly handled processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2026-28390) Quoc Tran discovered that OpenSSL incorrectly handled hexadecimal conversion on 32-bit platforms. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-31789) Simo Sorce discovered that OpenSSL incorrectly handled failures in RSA KEM RSASVE Encapsulation. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-31790) Update Instructions: Run sudo pro fix USN-8155-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssl-dev - 3.0.2-0ubuntu1.23 libssl-doc - 3.0.2-0ubuntu1.23 libssl3 - 3.0.2-0ubuntu1.23 openssl - 3.0.2-0ubuntu1.23 No subscription required
CVEs:

Title: USN-8159-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8159-1
Priorities: high,medium
Description:
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - Netfilter; - Network traffic control; (CVE-2025-37849, CVE-2026-23060, CVE-2026-23074, CVE-2026-23111) Update Instructions: Run sudo pro fix USN-8159-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-buildinfo-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-headers-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-headers-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-image-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-image-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-image-uc-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-image-uc-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-image-unsigned-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-image-unsigned-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-modules-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-modules-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 linux-modules-extra-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-nvidia-tegra-igx-headers-5.15.0-1045 - 5.15.0-1045.45 linux-nvidia-tegra-igx-tools-5.15.0-1045 - 5.15.0-1045.45 linux-tools-5.15.0-1045-nvidia-tegra-igx - 5.15.0-1045.45 linux-tools-5.15.0-1045-nvidia-tegra-igx-rt - 5.15.0-1045.45 No subscription required linux-buildinfo-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-buildinfo-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 linux-headers-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-headers-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 linux-image-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-image-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 linux-image-unsigned-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-image-unsigned-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 linux-modules-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-modules-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 linux-modules-extra-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-nvidia-tegra-headers-5.15.0-1056 - 5.15.0-1056.56 linux-nvidia-tegra-tools-5.15.0-1056 - 5.15.0-1056.56 linux-tools-5.15.0-1056-nvidia-tegra - 5.15.0-1056.56 linux-tools-5.15.0-1056-nvidia-tegra-rt - 5.15.0-1056.56 No subscription required linux-buildinfo-5.15.0-1068-xilinx-zynqmp - 5.15.0-1068.72 linux-headers-5.15.0-1068-xilinx-zynqmp - 5.15.0-1068.72 linux-image-5.15.0-1068-xilinx-zynqmp - 5.15.0-1068.72 linux-modules-5.15.0-1068-xilinx-zynqmp - 5.15.0-1068.72 linux-tools-5.15.0-1068-xilinx-zynqmp - 5.15.0-1068.72 linux-xilinx-zynqmp-headers-5.15.0-1068 - 5.15.0-1068.72 linux-xilinx-zynqmp-tools-5.15.0-1068 - 5.15.0-1068.72 No subscription required linux-buildinfo-5.15.0-1087-gkeop - 5.15.0-1087.95 linux-cloud-tools-5.15.0-1087-gkeop - 5.15.0-1087.95 linux-gkeop-cloud-tools-5.15.0-1087 - 5.15.0-1087.95 linux-gkeop-headers-5.15.0-1087 - 5.15.0-1087.95 linux-gkeop-tools-5.15.0-1087 - 5.15.0-1087.95 linux-headers-5.15.0-1087-gkeop - 5.15.0-1087.95 linux-image-5.15.0-1087-gkeop - 5.15.0-1087.95 linux-image-unsigned-5.15.0-1087-gkeop - 5.15.0-1087.95 linux-modules-5.15.0-1087-gkeop - 5...

Read more
Assets 2
Loading

ubuntu jammy v1.1143

09 Apr 15:31
@bosh-admin-bot bosh-admin-bot
ubuntu-jammy/v1.1143
28d7f6a

Choose a tag to compare

View all tags
ubuntu jammy v1.1143

Known Issues:

  • The Warden CPI is unable to create VMs when using the bosh-warden-boshlite-ubuntu-jammy-go_agent variety of this stemcell. It will fail deploys with timeouts when pinging the VM. See #562 for more details.

Metadata:

BOSH Agent Version: 2.836.0
Kernel Version: 5.15.0.174.162

USNs:

Title: USN-8124-1 -- Bind vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8124-1
Priorities: medium
Description:
Samy Medjahed discovered that Bind incorrectly handled insecure delegation validation. A remote attacker could possibly use this issue to cause excessive NSEC3 iterations, consuming CPU resources, and leading to a denial of service. (CVE-2026-1519) Vitaly Simonovich discovered that Bind incorrectly handled memory when preparing DNSSEC proofs of non-existence. A remote attacker could possibly use this issue to cause memory consumption, leading to a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-3104) Vitaly Simonovich discovered that Bind incorrectly handled authenticated queries containing TKEY records. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. (CVE-2026-3119) It was discovered that Bind incorrectly handled DNS queries signed with SIG(0). A remote attacker could possibly use this issue to bypass ACLs. This issue only affected Ubuntu 25.10. (CVE-2026-3591) Update Instructions: Run sudo pro fix USN-8124-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: bind9 - 1:9.18.39-0ubuntu0.22.04.3 bind9-dev - 1:9.18.39-0ubuntu0.22.04.3 bind9-dnsutils - 1:9.18.39-0ubuntu0.22.04.3 bind9-doc - 1:9.18.39-0ubuntu0.22.04.3 bind9-host - 1:9.18.39-0ubuntu0.22.04.3 bind9-libs - 1:9.18.39-0ubuntu0.22.04.3 bind9-utils - 1:9.18.39-0ubuntu0.22.04.3 bind9utils - 1:9.18.39-0ubuntu0.22.04.3 dnsutils - 1:9.18.39-0ubuntu0.22.04.3 No subscription required
CVEs:

Title: USN-8129-1 -- pyasn1 vulnerability
URL: https://ubuntu.com/security/notices/USN-8129-1
Priorities: medium
Description:
It was discovered that pyasn1 incorrectly handled recursion when decoding ASN.1 data. An attacker could use this issue to cause pyasn1 to consume resources, leading to a denial of service. Update Instructions: Run sudo pro fix USN-8129-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: pypy-pyasn1 - 0.4.8-1ubuntu0.2 python-pyasn1-doc - 0.4.8-1ubuntu0.2 python3-pyasn1 - 0.4.8-1ubuntu0.2 No subscription required
CVEs:

Title: USN-8133-1 -- PyJWT vulnerability
URL: https://ubuntu.com/security/notices/USN-8133-1
Priorities: medium
Description:
It was discovered that PyJWT did not validate the critical header parameter, contrary to the RFC specification expectations. A remote attacker could possibly use this issue to bypass certain authentication checks and restrictions. Update Instructions: Run sudo pro fix USN-8133-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python3-jwt - 2.3.0-1ubuntu0.3 No subscription required
CVEs:

What's Changed

Full Changelog: ubuntu-jammy/v1.1123...ubuntu-jammy/v1.1143

Contributors

aramprice, mkocher, and julian-hj
Loading

ubuntu noble v1.305

26 Mar 22:22
@bosh-admin-bot bosh-admin-bot
ubuntu-noble/v1.305
5922752

Choose a tag to compare

View all tags
ubuntu noble v1.305

Metadata:

BOSH Agent Version: 2.835.0
Kernel Version: 6.8.0-106.106

USNs:

Title: USN-8084-1 -- curl vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8084-1
Priorities: low,medium
Description:
Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate-authenticated HTTP or HTTPS requests. This could result in the use of credentials from a different connection, contrary to expectations. (CVE-2026-1965) It was discovered that curl incorrectly leaked OAuth2 bearer tokens when following a redirect. This could result in tokens being sent to the wrong host, contrary to expectations. (CVE-2026-3783) Muhamad Arga Reksapati discovered that curl incorrectly reused existing HTTP proxy connections even if the request used different credentials. This could result in the use of incorrect credentials, contrary to expectations. (CVE-2026-3784) Daniel Wade discovered that curl incorrectly handled certain memory operations when doing a second SMB request to the same host. An attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 25.10. (CVE-2026-3805) Yihang Zhou discovered that curl incorrectly reused .netrc file credentials when following redirects. This could result in the use of credentials for a different host, contrary to expectations. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-0167) Update Instructions: Run sudo pro fix USN-8084-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 8.5.0-2ubuntu10.8 libcurl3t64-gnutls - 8.5.0-2ubuntu10.8 libcurl4-doc - 8.5.0-2ubuntu10.8 libcurl4-gnutls-dev - 8.5.0-2ubuntu10.8 libcurl4-openssl-dev - 8.5.0-2ubuntu10.8 libcurl4t64 - 8.5.0-2ubuntu10.8 No subscription required
CVEs:

Title: USN-8086-1 -- FreeType vulnerability
URL: https://ubuntu.com/security/notices/USN-8086-1
Priorities: medium
Description:
It was discovered that FreeType did not correctly handle certain integer arithmetic. An attacker could possibly use this issue to leak sensitive information. Update Instructions: Run sudo pro fix USN-8086-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: freetype2-demos - 2.13.2+dfsg-1ubuntu0.1 freetype2-doc - 2.13.2+dfsg-1ubuntu0.1 libfreetype-dev - 2.13.2+dfsg-1ubuntu0.1 libfreetype6 - 2.13.2+dfsg-1ubuntu0.1 No subscription required
CVEs:

Title: USN-8087-1 -- python-cryptography vulnerability
URL: https://ubuntu.com/security/notices/USN-8087-1
Priorities: medium
Description:
It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys. Update Instructions: Run sudo pro fix USN-8087-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-cryptography-doc - 41.0.7-4ubuntu0.3 python3-cryptography - 41.0.7-4ubuntu0.3 No subscription required
CVEs:

Title: USN-8090-1 -- OpenSSH vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8090-1
Priorities: low,medium
Description:
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-3497) David Leadbeater discovered that OpenSSH incorrectly handled certain control characters in usernames. When untrusted usernames and the ProxyCommand are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61984) David Leadbeater discovered that OpenSSH incorrectly handled NULL characters in ssh:// URIs. When the ProxyCommand is being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61985) Update Instructions: Run sudo pro fix USN-8090-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:9.6p1-3ubuntu13.15 openssh-server - 1:9.6p1-3ubuntu13.15 openssh-sftp-server - 1:9.6p1-3ubuntu13.15 openssh-tests - 1:9.6p1-3ubuntu13.15 ssh - 1:9.6p1-3ubuntu13.15 ssh-askpass-gnome - 1:9.6p1-3ubuntu13.15 No subscription required
CVEs:

Title: USN-8095-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8095-1
Priorities: low,medium
Description:
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - Nios II architecture; - PA-RISC architecture; - RISC-V architecture; - S390 architecture; - Sun Sparc architecture; - User-Mode Linux (UML); - x86 architecture; - Xtensa architecture; - Block layer subsystem; - Cryptographic API; - Compute Acceleration Framework; - ACPI drivers; - ATM drivers; - Drivers core; - Block device driver; - Network block device driver; - Bluetooth drivers; - Bus devices; - Hardware random number generator core; - Character device driver; - Data acquisition framework and drivers; - CPU frequency scaling framework; - Hardware crypto device drivers; - Device frequency scaling framework; - DMA engine subsystem; - ARM SCMI message protocol; - EFI core; - Intel Stratix 10 firmware drivers; - GPU drivers; - HID subsystem; - CoreSight HW tracing drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - Input Device (Miscellaneous) drivers; - Input Device (Tablet) drivers; - IOMMU subsystem; - ISDN/mISDN subsystem; - Mailbox framework; - Multiple devices driver; - Media drivers; - Fastrpc Driver; - MOST (Media Oriented Systems Transport) drivers; - MTD block device drivers; - Ethernet bonding driver; - Network drivers; - Mellanox network drivers; - STMicroelectronics network drivers; - Texas Instruments network drivers; - Ethernet team driver; - NVME drivers; - PCI subsystem; - PCCARD (PCMCIA/CardBus) bus subsystem; - Performance monitor drivers; - Pin controllers subsystem; - x86 platform drivers; - ARM PM domains; - PPS (Pulse Per Second) driver; - PTP clock framework; - PWM drivers; - Remote Processor subsystem; - S/390 drivers; - SCSI subsystem; - Texas Instruments SoC drivers; - TCM subsystem; - Trusted Execution Environment drivers; - TTY drivers; - Userspace I/O drivers; - Cadence USB3 driver; - DesignWare USB3 driver; - USB Gadget drivers; - USB Host Controller drivers; - Renesas USBHS Controller drivers; - USB Mass Storage drivers; - Virtio Host (VHOST) subsystem; - Framebuffer layer; - Xen hypervisor drivers; - AFS file system; - BTRFS file system; - Ceph distributed file system; - File systems infrastructure; - EFI Variable file system; - exFAT file system; - Ext4 file system; - F2FS file system; - FUSE (File system in Userspace); - GFS2 file system; - HFS file system; - HFS+ file system; - HugeTLB file system; - JFS file system; - KERNFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - File system notification infrastructure; - NTFS3 file system; - OCFS2 file system; - OrangeFS file system; - Proc file system; - Diskquota system; - SMB network file system; - SquashFS file system; - UDF file system; - XFS file system; - Asynchronous Transfer Mode (ATM) subsystem; - BPF subsystem; - Mellanox drivers; - NFS page cache wrapper; - Memory management; - Memory Management; - Media input infrastructure; - Bluetooth subsystem; - IP tunnels definitions; - Network traffic control; - Rose network layer; - Network sockets; - io_uring subsystem; - Control group (cgroup); - Kernel crash support code; - Kernel futex primitives; - PID allocator; - Scheduler infrastructure; - Syscalls implementation; - Timer subsystem; - Tracing infrastructure; - 9P file system network protocol; - Amateur Radio drivers; - B.A.T.M.A.N. meshing protocol; - Ethernet bridge; - Ceph Core library; - Networking core; - Devlink API; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - NFC subsystem; - Open vSwitch; - RF switch subsystem; - SCTP protocol; - SMC sockets; - Sun RPC protocol; - TIPC protocol; - TLS protocol; - VMware vSockets driver; - Wireless networking; - eXpress Data Path; - XFRM subsystem; - Integrity Measurement Architecture(IMA) framework; - Intel ASoC drivers; - QCOM ASoC drivers; - USB sound devices; (CVE-2025-21833, CVE-2025-22103, CVE-2025-22105, CVE-2025-22106, CVE-2025-22107, CVE-2025-22113, CVE-2025-22121, CVE-2025-22124, CVE-2025-22125, CVE-2025-23129, CVE-2025-23130, CVE-2025-23133, CVE-2025-23143, CVE-2025-37860, CVE-2025-38105, CVE-2025-38502, CVE-2025-38556, CVE-2025-38627, CVE-2025-38643, CVE-2025-38709, CVE-2025-...

Read more
Loading

ubuntu jammy v1.1123

26 Mar 22:22
@bosh-admin-bot bosh-admin-bot
ubuntu-jammy/v1.1123
0eadfae

Choose a tag to compare

View all tags
ubuntu jammy v1.1123

Metadata:

BOSH Agent Version: 2.835.0
Kernel Version: 5.15.0.173.161

USNs:

Title: USN-8084-1 -- curl vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8084-1
Priorities: low,medium
Description:
Zhicheng Chen discovered that curl could incorrectly reuse the wrong connection for Negotiate-authenticated HTTP or HTTPS requests. This could result in the use of credentials from a different connection, contrary to expectations. (CVE-2026-1965) It was discovered that curl incorrectly leaked OAuth2 bearer tokens when following a redirect. This could result in tokens being sent to the wrong host, contrary to expectations. (CVE-2026-3783) Muhamad Arga Reksapati discovered that curl incorrectly reused existing HTTP proxy connections even if the request used different credentials. This could result in the use of incorrect credentials, contrary to expectations. (CVE-2026-3784) Daniel Wade discovered that curl incorrectly handled certain memory operations when doing a second SMB request to the same host. An attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 25.10. (CVE-2026-3805) Yihang Zhou discovered that curl incorrectly reused .netrc file credentials when following redirects. This could result in the use of credentials for a different host, contrary to expectations. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2025-0167) Update Instructions: Run sudo pro fix USN-8084-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: curl - 7.81.0-1ubuntu1.23 libcurl3-gnutls - 7.81.0-1ubuntu1.23 libcurl3-nss - 7.81.0-1ubuntu1.23 libcurl4 - 7.81.0-1ubuntu1.23 libcurl4-doc - 7.81.0-1ubuntu1.23 libcurl4-gnutls-dev - 7.81.0-1ubuntu1.23 libcurl4-nss-dev - 7.81.0-1ubuntu1.23 libcurl4-openssl-dev - 7.81.0-1ubuntu1.23 No subscription required
CVEs:

Title: USN-8087-1 -- python-cryptography vulnerability
URL: https://ubuntu.com/security/notices/USN-8087-1
Priorities: medium
Description:
It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remote attacker could use this issue to perform a subgroup attack and possibly recover the least significant bits of private keys. Update Instructions: Run sudo pro fix USN-8087-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: python-cryptography-doc - 3.4.8-1ubuntu2.3 python3-cryptography - 3.4.8-1ubuntu2.3 No subscription required
CVEs:

Title: USN-8090-1 -- OpenSSH vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8090-1
Priorities: low,medium
Description:
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly handled disconnecting clients. In non-default configurations where the GSSAPIKeyExchange setting is enabled, a remote attacker could use this issue to cause OpenSSH to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-3497) David Leadbeater discovered that OpenSSH incorrectly handled certain control characters in usernames. When untrusted usernames and the ProxyCommand are being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61984) David Leadbeater discovered that OpenSSH incorrectly handled NULL characters in ssh:// URIs. When the ProxyCommand is being used, an attacker could possibly use this issue to execute arbitrary code. (CVE-2025-61985) Update Instructions: Run sudo pro fix USN-8090-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: openssh-client - 1:8.9p1-3ubuntu0.14 openssh-server - 1:8.9p1-3ubuntu0.14 openssh-sftp-server - 1:8.9p1-3ubuntu0.14 openssh-tests - 1:8.9p1-3ubuntu0.14 ssh - 1:8.9p1-3ubuntu0.14 ssh-askpass-gnome - 1:8.9p1-3ubuntu0.14 No subscription required
CVEs:

Title: USN-8096-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8096-1
Priorities: low,medium
Description:
Qualys discovered that several vulnerabilities existed in the AppArmor Linux kernel Security Module (LSM). An unprivileged local attacker could use these issues to load, replace, and remove arbitrary AppArmor profiles causing denial of service, exposure of sensitive information (kernel memory), local privilege escalation, or possibly escape a container. (LP: #2143853) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACPI drivers; - ATM drivers; - Drivers core; - Network block device driver; - Bluetooth drivers; - Character device driver; - TPM device driver; - Data acquisition framework and drivers; - Counter interface drivers; - CPU frequency scaling framework; - Intel Stratix 10 firmware drivers; - GPU drivers; - HID subsystem; - Hardware monitoring drivers; - IIO subsystem; - InfiniBand drivers; - Input Device core drivers; - Input Device (Tablet) drivers; - ISDN/mISDN subsystem; - Macintosh device drivers; - Media drivers; - MOST (Media Oriented Systems Transport) drivers; - MTD block device drivers; - Network drivers; - Mellanox network drivers; - Texas Instruments network drivers; - Ethernet team driver; - MediaTek network drivers; - NVME drivers; - PA-RISC drivers; - PCI subsystem; - Chrome hardware platform drivers; - x86 platform drivers; - ARM PM domains; - Voltage and Current Regulator drivers; - S/390 drivers; - SCSI subsystem; - Texas Instruments SoC drivers; - SPI subsystem; - Realtek RTL8723BS SDIO drivers; - TCM subsystem; - Cadence USB3 driver; - DesignWare USB3 driver; - USB Gadget drivers; - USB Host Controller drivers; - Renesas USBHS Controller drivers; - USB Mass Storage drivers; - USB Type-C Connector System Software Interface driver; - Backlight driver; - Framebuffer layer; - Watchdog drivers; - BFS file system; - BTRFS file system; - Ext4 file system; - F2FS file system; - FUSE (File system in Userspace); - HFS+ file system; - Journaling layer for block devices (JBD2); - JFS file system; - Network file system (NFS) client; - Network file system (NFS) server daemon; - File system notification infrastructure; - NTFS3 file system; - OCFS2 file system; - OrangeFS file system; - Proc file system; - SMB network file system; - XFS file system; - BPF subsystem; - Ethernet bridge; - Memory management; - Network traffic control; - io_uring subsystem; - Locking primitives; - Scheduler infrastructure; - Shadow Call Stack mechanism; - Tracing infrastructure; - Bluetooth subsystem; - CAIF protocol; - CAN network layer; - Ceph Core library; - Networking core; - Ethtool driver; - HSR network protocol; - IPv4 networking; - IPv6 networking; - MAC80211 subsystem; - Multipath TCP; - Netfilter; - NET/ROM layer; - NFC subsystem; - Open vSwitch; - Rose network layer; - SCTP protocol; - Network sockets; - Sun RPC protocol; - TIPC protocol; - VMware vSockets driver; - Wireless networking; - Rust bindings mechanism; - Integrity Measurement Architecture(IMA) framework; - Key management; - Simplified Mandatory Access Control Kernel framework; - FireWire sound drivers; - Turtle Beach Wavefront ALSA driver; - STMicroelectronics SoC drivers; - USB sound devices; (CVE-2022-49465, CVE-2024-36903, CVE-2024-36927, CVE-2024-37354, CVE-2024-41014, CVE-2024-46830, CVE-2024-47666, CVE-2024-49968, CVE-2025-22022, CVE-2025-22111, CVE-2025-22121, CVE-2025-38022, CVE-2025-38129, CVE-2025-38556, CVE-2025-40040, CVE-2025-40083, CVE-2025-40110, CVE-2025-40211, CVE-2025-40248, CVE-2025-40252, CVE-2025-40253, CVE-2025-40254, CVE-2025-40257, CVE-2025-40258, CVE-2025-40259, CVE-2025-40261, CVE-2025-40262, CVE-2025-40263, CVE-2025-40264, CVE-2025-40269, CVE-2025-40271, CVE-2025-40272, CVE-2025-40273, CVE-2025-40275, CVE-2025-40277, CVE-2025-40278, CVE-2025-40279, CVE-2025-40280, CVE-2025-40281, CVE-2025-40282, CVE-2025-40283, CVE-2025-40304, CVE-2025-40306, CVE-2025-40308, CVE-2025-40309, CVE-2025-40312, CVE-2025-40313, CVE-2025-40314, CVE-2025-40315, CVE-2025-40317, CVE-2025-40319, CVE-2025-40321, CVE-2025-40322, CVE-2025-40324, CVE-2025-40331, CVE-2025-40342, CVE-2025-40343, CVE-2025-40345, CVE-2025-40360, CVE-2025-40363, CVE-2025-68168, CVE-2025-68176, CVE-2025-68177, CVE-2025-68185, CVE-2025-68191, CVE-2025-68192, CVE-2025-68194, CVE-2025-68200, CVE-2025-68204, CVE-2025-68217, CVE-2025-68220, CVE-2025-68227, CVE-2025-68229, CVE-2025-68238, CVE-2025-68241, CVE-2025-68244, CVE-2025-68245, CVE-2025-68254, CVE-2025-68255, CVE-2025-68257, CVE-2025-68258, CVE-2025-68261, CVE-2025-68264, CVE-2025-68266, CVE-2025-68282, CVE-2025-68284, CVE-2025-68285, CVE-2025-68286, CVE-2025-68287, CVE-2025-68288, CVE-2025-68289, CVE-2025-68290, CVE-2025-68295, CVE-2025-68301, CVE-2025-68302, CVE-2025-68303, CVE-2025-68308, CVE-2025-68312, CVE-2025-68321, CVE-2025-68325, CVE-2025-68327, CVE-2025-68328, CVE-2025-68330, CVE-2025-68331, CVE-2025-68332, CVE-2025-68335, CVE-2025-68336, CVE-2025-68337, CVE-2025-68339, CVE-2025-68344, CVE-2025-68346, CVE-2025-68349, CVE-2025-68354, CVE-2025-68362, CVE-2025-68364, CVE-2025-68366, CVE-2025-68367, CVE-2025-68372, CVE-2025-68724, CVE-2025-68727, CVE-2025-68728, CVE-2025-68732, CVE-2025-68733, CVE-2025-68734, CVE-2025-68740, CVE-2025-68746, CVE-202...

Read more
Loading

ubuntu jammy v1.1107

13 Mar 20:28
@bosh-admin-bot bosh-admin-bot
ubuntu-jammy/v1.1107
9ebbbe2

Choose a tag to compare

View all tags
ubuntu jammy v1.1107

NOTE

This stemcell was NOT published to the me-central-1 AWS region due to outages in that datacenter.

Metadata:

BOSH Agent Version: 2.825.0
Kernel Version: 5.15.0.171.160

USNs:

What's Changed

  • Revert "Merge pull request #470 from rkoster/remove-monit-permit-access" by @selzoc in #487

Full Changelog: ubuntu-jammy/v1.1091...ubuntu-jammy/v1.1107

Contributors

selzoc
Loading

ubuntu noble v1.268

05 Mar 00:25
@bosh-admin-bot bosh-admin-bot
ubuntu-noble/v1.268
b12d9c0

Choose a tag to compare

View all tags
ubuntu noble v1.268

NOTE

This stemcell was NOT published to the me-central-1 AWS region due to outages in that datacenter.

Metadata:

BOSH Agent Version: 2.821.0
Kernel Version: 6.8.0-101.101

USNs:

Full Changelog: ubuntu-noble/v1.267...ubuntu-noble/v1.268

Loading

ubuntu jammy v1.1091

05 Mar 00:25
@bosh-admin-bot bosh-admin-bot
ubuntu-jammy/v1.1091
b0716fa

Choose a tag to compare

View all tags
ubuntu jammy v1.1091

NOTE

This stemcell was NOT published to the me-central-1 AWS region due to outages in that datacenter.

Metadata:

BOSH Agent Version: 2.821.0
Kernel Version: 5.15.0.171.160

USNs:

What's Changed

Full Changelog: ubuntu-jammy/v1.1089...ubuntu-jammy/v1.1091

Contributors

selzoc
Loading

ubuntu noble v1.267

03 Mar 21:24
@bosh-admin-bot bosh-admin-bot
ubuntu-noble/v1.267
e14cdaf

Choose a tag to compare

View all tags
ubuntu noble v1.267

⚠️ This stemcell will not work with diego-release prior to cloudfoundry/diego-release#1110 being merged. See cloudfoundry/diego-release#1109 (comment) for details ⚠️

NOTE

This stemcell was NOT published to the me-central-1 AWS region due to outages in that datacenter.

Metadata:

BOSH Agent Version: 2.820.0
Kernel Version: 6.8.0-101.101

USNs:

Full Changelog: ubuntu-noble/v1.261...ubuntu-noble/v1.267

Loading

ubuntu jammy v1.1089

03 Mar 21:12
@bosh-admin-bot bosh-admin-bot
ubuntu-jammy/v1.1089
8d1f564

Choose a tag to compare

View all tags
ubuntu jammy v1.1089

⚠️ This stemcell will not work with diego-release prior to cloudfoundry/diego-release#1110 being merged. See cloudfoundry/diego-release#1109 (comment) for details ⚠️

NOTE

This stemcell was NOT published to the me-central-1 AWS region due to outages in that datacenter.

Metadata:

BOSH Agent Version: 2.820.0
Kernel Version: 5.15.0.171.160

USNs:

Title: USN-8033-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8033-1
Priorities: low,medium
Description:
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux (UML); - x86 architecture; - Block layer subsystem; - Cryptographic API; - Drivers core; - Bus devices; - Hardware random number generator core; - Data acquisition framework and drivers; - CPU frequency scaling framework; - DMA engine subsystem; - GPU drivers; - HW tracing; - Input Device (Miscellaneous) drivers; - Multiple devices driver; - Media drivers; - MOST (Media Oriented Systems Transport) drivers; - MTD block device drivers; - Network drivers; - NVME drivers; - PCI subsystem; - Performance monitor drivers; - Pin controllers subsystem; - x86 platform drivers; - PPS (Pulse Per Second) driver; - PWM drivers; - SCSI subsystem; - TCM subsystem; - Userspace I/O drivers; - USB Gadget drivers; - USB Host Controller drivers; - Framebuffer layer; - BTRFS file system; - File systems infrastructure; - Ext4 file system; - Network file system (NFS) server daemon; - NTFS3 file system; - SMB network file system; - padata parallel execution mechanism; - IP tunnels definitions; - Network sockets; - XFRM subsystem; - Control group (cgroup); - Padata parallel execution mechanism; - PID allocator; - Tracing infrastructure; - Memory management; - 9P file system network protocol; - Ethernet bridge; - Ceph Core library; - Networking core; - IPv4 networking; - IPv6 networking; - NFC subsystem; - RF switch subsystem; - SCTP protocol; - Unix domain sockets; - VMware vSockets driver; - Intel ASoC drivers; - USB sound devices; (CVE-2024-53114, CVE-2024-56538, CVE-2024-58011, CVE-2025-21861, CVE-2025-22058, CVE-2025-23143, CVE-2025-38236, CVE-2025-38248, CVE-2025-38584, CVE-2025-39869, CVE-2025-39873, CVE-2025-39876, CVE-2025-39880, CVE-2025-39883, CVE-2025-39885, CVE-2025-39907, CVE-2025-39911, CVE-2025-39913, CVE-2025-39923, CVE-2025-39934, CVE-2025-39937, CVE-2025-39943, CVE-2025-39945, CVE-2025-39949, CVE-2025-39951, CVE-2025-39953, CVE-2025-39955, CVE-2025-39967, CVE-2025-39968, CVE-2025-39969, CVE-2025-39970, CVE-2025-39971, CVE-2025-39972, CVE-2025-39973, CVE-2025-39980, CVE-2025-39985, CVE-2025-39986, CVE-2025-39987, CVE-2025-39988, CVE-2025-39994, CVE-2025-39995, CVE-2025-39996, CVE-2025-39998, CVE-2025-40001, CVE-2025-40006, CVE-2025-40011, CVE-2025-40020, CVE-2025-40021, CVE-2025-40026, CVE-2025-40027, CVE-2025-40029, CVE-2025-40030, CVE-2025-40035, CVE-2025-40042, CVE-2025-40043, CVE-2025-40044, CVE-2025-40048, CVE-2025-40049, CVE-2025-40053, CVE-2025-40055, CVE-2025-40060, CVE-2025-40068, CVE-2025-40070, CVE-2025-40078, CVE-2025-40081, CVE-2025-40085, CVE-2025-40087, CVE-2025-40088, CVE-2025-40092, CVE-2025-40094, CVE-2025-40105, CVE-2025-40106, CVE-2025-40109, CVE-2025-40111, CVE-2025-40112, CVE-2025-40115, CVE-2025-40116, CVE-2025-40118, CVE-2025-40120, CVE-2025-40121, CVE-2025-40124, CVE-2025-40125, CVE-2025-40126, CVE-2025-40127, CVE-2025-40134, CVE-2025-40140, CVE-2025-40153, CVE-2025-40154, CVE-2025-40167, CVE-2025-40171, CVE-2025-40173, CVE-2025-40178, CVE-2025-40179, CVE-2025-40183, CVE-2025-40187, CVE-2025-40188, CVE-2025-40194, CVE-2025-40200, CVE-2025-40204, CVE-2025-40205, CVE-2025-40215, CVE-2025-40219, CVE-2025-40220, CVE-2025-40223, CVE-2025-40231, CVE-2025-40233, CVE-2025-40240, CVE-2025-40243, CVE-2025-40244, CVE-2025-40245, CVE-2025-40346, CVE-2025-40349, CVE-2025-40351, CVE-2025-68249) Update Instructions: Run sudo pro fix USN-8033-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-buildinfo-5.15.0-1083-gkeop - 5.15.0-1083.91 linux-cloud-tools-5.15.0-1083-gkeop - 5.15.0-1083.91 linux-gkeop-cloud-tools-5.15.0-1083 - 5.15.0-1083.91 linux-gkeop-headers-5.15.0-1083 - 5.15.0-1083.91 linux-gkeop-tools-5.15.0-1083 - 5.15.0-1083.91 linux-headers-5.15.0-1083-gkeop - 5.15.0-1083.91 linux-image-5.15.0-1083-gkeop - 5.15.0-1083.91 linux-image-unsigned-5.15.0-1083-gkeop - 5.15.0-1083.91 linux-modules-5.15.0-1083-gkeop - 5.15.0-1083.91 linux-modules-extra-5.15.0-1083-gkeop - 5.15.0-1083.91 linux-tools-5.15.0-1083-gkeop - 5.15.0-1083.91 No subscription required linux-buildinfo-5.15.0-1094-ibm - 5.15.0-1094.97 linux-headers-5.15.0-1094-ibm - 5.15.0-1094.97 linux-ibm-cloud-tools-common - 5.15.0-1094.97 linux-ibm-headers-5.15.0-1094 - 5.15.0-1094.97 linux-ibm-source-5.15.0 - 5.15.0-1094.97 linux-ibm-tools-5.15.0-1094 - 5.15.0-1094.97 linux-ibm-tools-common - 5.15.0-1094.97 linux-image-5.15.0-1094-ibm - 5.15.0-1094.97 linux-image-unsigned-5.15.0-1094-ibm - 5.15.0-1094.97 linux-modules-5.15.0-1094-ibm - 5.15.0-1094.97 linux-modules-extra-5.15.0-1094-ibm - 5.15.0-1094.97 linux-tools-5.15.0-1094-ibm - 5.15.0-1094.97 No subscription required linux-buildinfo-5.15.0-1096-gke - 5.15.0-1096.102 linux-gke-headers-5.15.0-1096 - 5.15.0-1096.102 linux-gke-tools-5.15.0-1096 - 5.15.0-1096.102 linux-headers-5.15.0-1096-gke - 5.15.0-1096.102 linux-image-5.15.0-1096-gke - 5.15.0-1096.102 linux-image-unsigned-5.15.0-1096-gke - 5.15.0-1096.102 linux-modules-5.15.0-1096-gke - 5.15.0-1096.102 linux-modules-extra-5.15.0-1096-gke - 5.15.0-1096.102 linux-tools-5.15.0-1096-gke - 5.15.0-1096.102 No subscription required linux-aws-cloud-tools-5.15.0-1100 - 5.15.0-1100.107 linux-aws-headers-5.15.0-1100 - 5.15.0-1100.107 linux-aws-tools-5.15.0-1100 - 5.15.0-1100.107 linux-buildinfo-5.15.0-1100-aws - 5.15.0-1100.107 linux-buildinfo-5.15.0-1100-aws-64k - 5.15.0-1100.107 linux-cloud-tools-5.15.0-1100-aws - 5.15.0-1100.107 linux-cloud-tools-5.15.0-1100-aws-64k - 5.15.0-1100.107 linux-headers-5.15.0-1100-aws - 5.15.0-1100.107 linux-headers-5.15.0-1100-aws-64k - 5.15.0-1100.107 linux-image-5.15.0-1100-aws - 5.15.0-1100.107 linux-image-5.15.0-1100-aws-64k - 5.15.0-1100.107 linux-image-unsigned-5.15.0-1100-aws - 5.15.0-1100.107 linux-image-unsigned-5.15.0-1100-aws-64k - 5.15.0-1100.107 linux-modules-5.15.0-1100-aws - 5.15.0-1100.107 linux-modules-5.15.0-1100-aws-64k - 5.15.0-1100.107 linux-modules-extra-5.15.0-1100-aws - 5.15.0-1100.107 linux-modules-extra-5.15.0-1100-aws-64k - 5.15.0-1100.107 linux-tools-5.15.0-1100-aws - 5.15.0-1100.107 linux-tools-5.15.0-1100-aws-64k - 5.15.0-1100.107 No subscription required linux-buildinfo-5.15.0-1100-gcp - 5.15.0-1100.109 linux-gcp-headers-5.15.0-1100 - 5.15.0-1100.109 linux-gcp-tools-5.15.0-1100 - 5.15.0-1100.109 linux-headers-5.15.0-1100-gcp - 5.15.0-1100.109 linux-image-5.15.0-1100-gcp - 5.15.0-1100.109 linux-image-unsigned-5.15.0-1100-gcp - 5.15.0-1100.109 linux-modules-5.15.0-1100-gcp - 5.15.0-1100.109 linux-modules-extra-5.15.0-1100-gcp - 5.15.0-1100.109 linux-tools-5.15.0-1100-gcp - 5.15.0-1100.109 No subscription required linux-buildinfo-5.15.0-170-generic - 5.15.0-170.180 linux-buildinfo-5.15.0-170-generic-64k - 5.15.0-170.180 linux-buildinfo-5.15.0-170-generic-lpae - 5.15.0-170.180 linux-buildinfo-5.15.0-170-lowlatency - 5.15.0-170.180 linux-buildinfo-5.15.0-170-lowlatency-64k - 5.15.0-170.180 linux-cloud-tools-5.15.0-170 - 5.15.0-170.180 linux-cloud-tools-5.15.0-170-generic - 5.15.0-170.180 linux-cloud-tools-5.15.0-170-lowlatency - 5.15.0-170.180 linux-cloud-tools-common - 5.15.0-170.180 linux-doc - 5.15.0-170.180 linux-headers-5.15.0-170 - 5.15.0-170.180 linux-headers-5.15.0-170-generic - 5.15.0-170.180 linux-headers-5.15.0-170-generic-64k - 5.15.0-170.180 linux-headers-5.15.0-170-generic-lpae - 5.15.0-170.180 linux-headers-5.15.0-170-lowlatency - 5.15.0-170.180 linux-headers-5.15.0-170-lowlatency-64k - 5.15.0-170.180 linux-image-5.15.0-170-generic - 5.15.0-170.180 linux-image-5.15.0-170-generic-64k - 5.15.0-170.180 linux-image-5.15.0-170-generic-lpae - 5.15.0-170.180 linux-image-5.15.0-170-lowlatency - 5.15.0-170.180 linux-image-5.15.0-170-lowlatency-64k - 5.15.0-170.180 linux-image-unsigned-5.15.0-170-generic - 5.15.0-170.180 linux-image-unsigned-5.15.0-170-generic-64k - 5.15.0-170.180 linux-image-unsigned-5.15.0-170-lowlatency - 5.15.0-170.180 linux-image-unsigned-5.15.0-170-lowlatency-64k - 5.15.0-170.180 linux-libc-dev - 5.15.0-170.180 linux-lowlatency-cloud-tools-5.15.0-170 - 5.15.0-170.180 linux-lowlatency-headers-5.15.0-170 - 5.15.0-170.180 linux-lowlatency-tools-5.15.0-170 - 5.15.0-170.180 linux-modules-5.15.0-170-generic - 5.15.0-170.180 linux-modules-5.15.0-170-generic-64k - 5.15.0-170.180 linux-modules-5.15.0-170-generic-lpae - 5.15.0-170.180 linux-modules-5.15.0-170-lowlatency - 5.15.0-170.180 linux-modules-5.15.0-170-lowlatency-64k - 5.15.0-170.180 linux-modules-extra-5.15.0-170-generic - 5.15.0-170.180 linux-modules-iwlwifi-5.15.0-170-generic - 5.15.0-170.180 linux-modules-iwlwifi-5.15.0-170-lowlatency - 5.15.0-170.180 linux-source-5.15.0 - 5.15.0-170.180 linux-tools-5.15.0-170 - 5.15.0-170.180 linux-tools-5.15.0-170-generic - 5.15.0-170.180 linux-tools-5.15.0-170-generic-64k - 5.15.0-170.180 linux-tools-5.15.0-170-generic-lpae - 5.15.0-170.180 linux-tools-5.15.0-170-lowlatency - 5.15.0-170.180 linux-tools-5.15.0-170-lowlatency-64k - 5.15.0-170.180 linux-tools-common - 5.15.0-170.180 linux-tools-host - 5.15.0-170.180 No subscription required linux-cloud-tools-gkeop - 5.15.0.1083.82 linux-cloud-tools-gkeop-5.15 - 5.15.0.1083.82 linux-gkeop - 5.15.0.1083.82 linux-gkeop-5.15 - 5.15.0.1083.82 linux-headers-gkeop - 5.15.0.1083.82 linux-headers-gkeop-5.15 - 5.15.0.1083.82 linux-imag...

Read more

Contributors

mariash, abg, and 2 other contributors
Loading

ubuntu noble v1.261

27 Feb 19:28
@bosh-admin-bot bosh-admin-bot
ubuntu-noble/v1.261
b28d238

Choose a tag to compare

View all tags
ubuntu noble v1.261

Metadata:

BOSH Agent Version: 2.818.0
Kernel Version: 6.8.0-100.100

USNs:

Title: USN-8039-1 -- libpng vulnerability
URL: https://ubuntu.com/security/notices/USN-8039-1
Priorities: medium
Description:
It was discovered that the libpng simplified API incorrectly handled quantizing RGB images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause libpng to crash, resulting in a denial of service. Update Instructions: Run sudo pro fix USN-8039-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libpng-dev - 1.6.43-5ubuntu0.5 libpng-tools - 1.6.43-5ubuntu0.5 libpng16-16t64 - 1.6.43-5ubuntu0.5 No subscription required
CVEs:

Title: USN-8043-1 -- GnuTLS vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8043-1
Priorities: low,medium
Description:
Tim Scheckenbach discovered that GnuTLS incorrectly handled malicious certificates containing a large number of name constraints and subject alternative names. A remote attacker could possibly use this issue to cause GnuTLS to consume resources, resulting in a denial of service. (CVE-2025-14831) Luigino Camastra discovered that GnuTLS incorrectly handled certain PKCS11 token labels. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2025-9820) Update Instructions: Run sudo pro fix USN-8043-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: gnutls-bin - 3.8.3-1.1ubuntu3.5 gnutls-doc - 3.8.3-1.1ubuntu3.5 libgnutls-dane0t64 - 3.8.3-1.1ubuntu3.5 libgnutls-openssl27t64 - 3.8.3-1.1ubuntu3.5 libgnutls28-dev - 3.8.3-1.1ubuntu3.5 libgnutls30t64 - 3.8.3-1.1ubuntu3.5 No subscription required
CVEs:

Title: USN-8051-1 -- libssh vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8051-1
Priorities: low,medium
Description:
It was discovered that libssh clients incorrectly handled the key exchange process. A remote attacker could possibly use this issue to cause libssh clients to crash, resulting in a denial of service. (CVE-2025-8277) It was discovered that the libssh SCP client incorrectly sanitized paths received from servers. A remote attacker could use this issue to cause libssh SCP clients to overwrite files outside of the working directory and possibly execute arbitrary code. (CVE-2026-0964) It was discovered that libssh incorrectly handled parsing configuration files. A local attacker could possibly use this issue to cause libssh to access non-regular files, resulting in a denial of service. (CVE-2026-0965) It was discovered that libssh incorrectly handled the ssh_get_hexa() function. A remote attacker could possibly use this issue to cause libssh to crash, resulting in a denial of service. (CVE-2026-0966) It was discovered that libssh incorrectly handled certain regular expressions. A local attacker could possibly use this issue to cause libssh to consume resources, resulting in a denial of service. (CVE-2026-0967) It was discovered that the libssh SFTP client incorrectly handled certain malformed longname fields. A remote attacker could use this issue to cause libssh SFTP clients to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-0968) Update Instructions: Run sudo pro fix USN-8051-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: libssh-4 - 0.10.6-2ubuntu0.3 libssh-dev - 0.10.6-2ubuntu0.3 libssh-doc - 0.10.6-2ubuntu0.3 libssh-gcrypt-4 - 0.10.6-2ubuntu0.3 libssh-gcrypt-dev - 0.10.6-2ubuntu0.3 No subscription required
CVEs:

Title: USN-8059-1 -- Linux kernel vulnerabilities
URL: https://ubuntu.com/security/notices/USN-8059-1
Priorities: high,medium
Description:
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - SMB network file system; (CVE-2025-22037, CVE-2025-37899) Update Instructions: Run sudo pro fix USN-8059-1 to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: linux-bpf-dev - 6.8.0-101.101 linux-buildinfo-6.8.0-101-generic - 6.8.0-101.101 linux-buildinfo-6.8.0-101-generic-64k - 6.8.0-101.101 linux-cloud-tools-6.8.0-101 - 6.8.0-101.101 linux-cloud-tools-6.8.0-101-generic - 6.8.0-101.101 linux-cloud-tools-common - 6.8.0-101.101 linux-cloud-tools-generic - 6.8.0-101.101 linux-cloud-tools-generic-6.8 - 6.8.0-101.101 linux-cloud-tools-virtual - 6.8.0-101.101 linux-cloud-tools-virtual-6.8 - 6.8.0-101.101 linux-crashdump - 6.8.0-101.101 linux-doc - 6.8.0-101.101 linux-generic - 6.8.0-101.101 linux-generic-6.8 - 6.8.0-101.101 linux-generic-64k - 6.8.0-101.101 linux-generic-64k-6.8 - 6.8.0-101.101 linux-generic-lpae - 6.8.0-101.101 linux-headers-6.8.0-101 - 6.8.0-101.101 linux-headers-6.8.0-101-generic - 6.8.0-101.101 linux-headers-6.8.0-101-generic-64k - 6.8.0-101.101 linux-headers-generic - 6.8.0-101.101 linux-headers-generic-6.8 - 6.8.0-101.101 linux-headers-generic-64k - 6.8.0-101.101 linux-headers-generic-64k-6.8 - 6.8.0-101.101 linux-headers-generic-lpae - 6.8.0-101.101 linux-headers-intel-iotg - 6.8.0-101.101 linux-headers-kvm - 6.8.0-101.101 linux-headers-laptop-23.10 - 6.8.0-101.101 linux-headers-oem-20.04 - 6.8.0-101.101 linux-headers-oem-20.04b - 6.8.0-101.101 linux-headers-oem-20.04c - 6.8.0-101.101 linux-headers-oem-20.04d - 6.8.0-101.101 linux-headers-oem-22.04 - 6.8.0-101.101 linux-headers-virtual - 6.8.0-101.101 linux-headers-virtual-6.8 - 6.8.0-101.101 linux-image-6.8.0-101-generic - 6.8.0-101.101 linux-image-6.8.0-101-generic-64k - 6.8.0-101.101 linux-image-extra-virtual - 6.8.0-101.101 linux-image-extra-virtual-6.8 - 6.8.0-101.101 linux-image-generic - 6.8.0-101.101 linux-image-generic-6.8 - 6.8.0-101.101 linux-image-generic-64k - 6.8.0-101.101 linux-image-generic-64k-6.8 - 6.8.0-101.101 linux-image-generic-lpae - 6.8.0-101.101 linux-image-intel-iotg - 6.8.0-101.101 linux-image-kvm - 6.8.0-101.101 linux-image-laptop-23.10 - 6.8.0-101.101 linux-image-oem-20.04 - 6.8.0-101.101 linux-image-oem-20.04b - 6.8.0-101.101 linux-image-oem-20.04c - 6.8.0-101.101 linux-image-oem-20.04d - 6.8.0-101.101 linux-image-oem-22.04 - 6.8.0-101.101 linux-image-uc-6.8.0-101-generic - 6.8.0-101.101 linux-image-uc-6.8.0-101-generic-64k - 6.8.0-101.101 linux-image-uc-generic - 6.8.0-101.101 linux-image-uc-generic-6.8 - 6.8.0-101.101 linux-image-unsigned-6.8.0-101-generic - 6.8.0-101.101 linux-image-unsigned-6.8.0-101-generic-64k - 6.8.0-101.101 linux-image-virtual - 6.8.0-101.101 linux-image-virtual-6.8 - 6.8.0-101.101 linux-intel-iotg - 6.8.0-101.101 linux-kvm - 6.8.0-101.101 linux-laptop-23.10 - 6.8.0-101.101 linux-lib-rust-6.8.0-101-generic - 6.8.0-101.101 linux-libc-dev - 6.8.0-101.101 linux-modules-6.8.0-101-generic - 6.8.0-101.101 linux-modules-6.8.0-101-generic-64k - 6.8.0-101.101 linux-modules-extra-6.8.0-101-generic - 6.8.0-101.101 linux-modules-ipu6-6.8.0-101-generic - 6.8.0-101.101 linux-modules-ipu6-generic - 6.8.0-101.101 linux-modules-ipu6-generic-6.8 - 6.8.0-101.101 linux-modules-iwlwifi-6.8.0-101-generic - 6.8.0-101.101 linux-modules-iwlwifi-generic - 6.8.0-101.101 linux-modules-iwlwifi-generic-6.8 - 6.8.0-101.101 linux-modules-iwlwifi-oem-20.04 - 6.8.0-101.101 linux-modules-iwlwifi-oem-20.04d - 6.8.0-101.101 linux-modules-iwlwifi-oem-22.04 - 6.8.0-101.101 linux-modules-usbio-6.8.0-101-generic - 6.8.0-101.101 linux-modules-usbio-generic - 6.8.0-101.101 linux-modules-usbio-generic-6.8 - 6.8.0-101.101 linux-oem-20.04 - 6.8.0-101.101 linux-oem-20.04b - 6.8.0-101.101 linux-oem-20.04c - 6.8.0-101.101 linux-oem-20.04d - 6.8.0-101.101 linux-oem-22.04 - 6.8.0-101.101 linux-source - 6.8.0-101.101 linux-source-6.8.0 - 6.8.0-101.101 linux-tools-6.8.0-101 - 6.8.0-101.101 linux-tools-6.8.0-101-generic - 6.8.0-101.101 linux-tools-6.8.0-101-generic-64k - 6.8.0-101.101 linux-tools-common - 6.8.0-101.101 linux-tools-generic - 6.8.0-101.101 linux-tools-generic-6.8 - 6.8.0-101.101 linux-tools-generic-64k - 6.8.0-101.101 linux-tools-generic-64k-6.8 - 6.8.0-101.101 linux-tools-generic-lpae - 6.8.0-101.101 linux-tools-host - 6.8.0-101.101 linux-tools-intel-iotg - 6.8.0-101.101 linux-tools-kvm - 6.8.0-101.101 linux-tools-laptop-23.10 - 6.8.0-101.101 linux-tools-oem-20.04 - 6.8.0-101.101 linux-tools-oem-20.04b - 6.8.0-101.101 linux-tools-oem-20.04c - 6.8.0-101.101 linux-tools-oem-20.04d - 6.8.0-101.101 linux-tools-oem-22.04 - 6.8.0-101.101 linux-tools-virtual - 6.8.0-101.101 linux-tools-virtual-6.8 - 6.8.0-101.101 linux-virtual - 6.8.0-101.101 linux-virtual-6.8 - 6.8.0-101.101 No subscription required linux-buildinfo-6.8.0-101-lowlatency - 6.8.0-101.101.1 linux-buildinfo-6.8.0-101-lowlatency-64k - 6.8.0-101.101.1 linux-cloud-tools-6.8.0-101-lowlatency - 6.8.0-101.101.1 linux-cloud-tools-lowlatency - 6.8.0-101.101.1 linux-cloud-tools-lowlatency-6.8 - 6.8.0-101.101.1 linux-cloud-tools-lowlatency-hwe-20.04 - 6.8.0-101.101.1 linux-cloud-tools-lowlatency-hwe-20.04-edge - 6.8.0-101.101.1 linux-headers-6.8.0-101-lowlatency - 6.8.0-101.101.1 linux-headers-6.8.0-101-lowlatency-64k - 6.8.0-101.101.1 linux-headers-lowlatency - 6.8.0-101.101.1 linux-headers-low...

Read more

Contributors

mariash, rkoster, and s4heid
Loading